Page 1 of 1

kernel audit messages avc

Posted: 2007/03/12 16:49:16
by brianstorm
Hi,

I have repeated entries in my /var/log/messages and I am unsure as to what they represent... if anyone can advise me I'd be greatful... here is a sample of three diffrenent messages:

Mar 12 16:03:05 serverxxxxxx kernel: audit(1173715385.367:3743): avc: denied { read write } for pid=21082 comm="named" name="sessiondb.dir" dev=hda1 ino=379635 scontext=root:system_r:named_t tcontext=root:object_r:var_t tclass=file

Mar 12 15:47:52 serverxxxxxx kernel: audit(1173714472.155:3735): avc: denied { read write } for pid=20749 comm="nscd" name="sessiondb.dir" dev=hda1 ino=379635 scontext=root:system_r:nscd_t tcontext=root:object_r:var_t tclass=file

Mar 12 15:47:52 serverxxxxxx kernel: audit(1173714472.044:3728): avc: denied { read write } for pid=20743 comm="nscd" name="sessiondb.pag" dev=hda1 ino=379630 scontext=root:system_r:nscd_t tcontext=root:object_r:var_t tclass=file


I am concerned as to whether there is a security risk, or a config error. And I am wondering if there is a GUI based tool for analysing these messages (I am running a webserver)


Thanks

Brian