Remote Syslog Fails With SELinux Enabled

Support for security such as Firewalls and securing linux
Post Reply
Posts: 2
Joined: 2007/03/06 21:27:42

Remote Syslog Fails With SELinux Enabled

Post by mbytnar » 2007/03/07 18:19:48

Running a stock Centos 4.4 DVD install with -all- packages installed.

The default SELinux policy for syslog prevents syslog from opening port 514.
Any suggestions how to resolve this?

The following enables the SELinux policies (current scope is 'targeted'), then restarts syslog, then checks whether port 514 (syslog) was opened.

setenforce 1 ; service syslog restart ; netstat -an|grep 514 || echo Sorry, syslog not running on port 514.

The result: "Sorry, syslog not running on port 514." It appears one of the SELinux policies denies syslog from opening port 514, as seen in /var/log/messages.

Mar 6 11:49:53 centos4 kernel: audit(1173203393.332:38): avc: denied { write } for pid=5652 comm="minilogd" name="log" dev=tmpfs ino=16343 scontext=root:system_r:syslogd_t tcontext=root:object_r:device_t tclass=sock_file

When I change to "setenforce 0" (disabling SELinux policies), syslog opens port 514.

I google'd and searched this forum, and found no similar issue, should this be reported as a bug?

Any suggestions how to correct/fix the syslog policy?


Posts: 1015
Joined: 2006/06/10 18:27:44
Location: 32 4′N 34 47′E

Remote Syslog Fails With SELinux Enabled

Post by yyagol » 2007/04/10 16:14:24

run as root :
# getsebool syslogd_disable_trans

if you get [code]# syslogd_disable_trans --> active[/code]

then run :[code]# setsebool syslogd_disable_trans 0[/code]

Post Reply

Return to “CentOS 4 - Security Support”