SELinux Policy(AVC) - CentOS 6 and Plesk 11.0.9

Questions related to Policy / AVC / SYSCALL / Boolean to be Appoved or Denied

Moderator: xeont

SELinux Policy(AVC) - CentOS 6 and Plesk 11.0.9

Postby xeont » Wed Jun 26, 2013 4:39 am

Hi,

I just want to know, is it safe to Allow this,

Code: Select all
type=AVC msg=audit(1371040560.733:21059): avc: denied { connectto } for pid=9890 comm="sshd" path="/var/lib/mysql/mysql.sock" scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:mysqld_t:s0 tclass=unix_stream_socket


Please advise.

Regards,
Xeont
xeont
 
Posts: 13
Joined: Wed Jun 26, 2013 4:13 am

Re: SELinux Policy(AVC) - CentOS 6 and Plesk 11.0.9

Postby rhatdan » Tue Jul 02, 2013 10:44 am

The risk here is a bug in sshd that allowed a hacker to get limited control, would allow them to attempt to communicate with your mysql database.

Of course if you have a hacked sshd, this might be the least of your worries.

What is plesk? Is this some kind of authorization database that sshd is using? If yes we might want to add a boolean to allow sshd to communicate with mysql databases.
rhatdan
 
Posts: 6
Joined: Tue Jul 02, 2013 10:10 am

Re: SELinux Policy(AVC) - CentOS 6 and Plesk 11.0.9

Postby major » Tue Jul 02, 2013 11:18 am

rhatdan wrote:What is plesk? Is this some kind of authorization database that sshd is using? If yes we might want to add a boolean to allow sshd to communicate with mysql databases.


Plesk is a hosting control panel.

    http://www.parallels.com/products/plesk/
major
 
Posts: 1
Joined: Tue Jul 02, 2013 11:15 am

Re: SELinux Policy(AVC) - CentOS 6 and Plesk 11.0.9

Postby rhatdan » Tue Jul 02, 2013 11:45 am

Then why would this trigger sshd to connect to mysql port, or is this a red herring?
rhatdan
 
Posts: 6
Joined: Tue Jul 02, 2013 10:10 am

Re: SELinux Policy(AVC) - CentOS 6 and Plesk 11.0.9

Postby tric » Tue Jul 02, 2013 4:50 pm

yeah i have the same in my audit log.. should we allow this?
tric
 
Posts: 5
Joined: Tue Jul 02, 2013 4:44 pm

Re: SELinux Policy(AVC) - CentOS 6 and Plesk 11.0.9

Postby rhatdan » Tue Jul 02, 2013 5:37 pm

Did plesk add some kind of pam module in /etc/pam.d?
rhatdan
 
Posts: 6
Joined: Tue Jul 02, 2013 10:10 am

Re: SELinux Policy(AVC) - CentOS 6 and Plesk 11.0.9

Postby tric » Tue Jul 02, 2013 6:06 pm

rhatdan wrote:Did plesk add some kind of pam module in /etc/pam.d?


thank you for your reply,

not sure what is pam modele is

plesk really dont support selinux, answer would be disable it.

please let me know how safe to allow this. i have many same entries in my audit.log

just curious if this is a safe process to alow

many thanks
tricS
tric
 
Posts: 5
Joined: Tue Jul 02, 2013 4:44 pm

Re: SELinux Policy(AVC) - CentOS 6 and Plesk 11.0.9

Postby rose61 » Fri Mar 13, 2015 5:15 am

Of course if you have a hacked sshd, this might be the least of your worries. What is plesk?






_______________________________________
rose61
 
Posts: 1
Joined: Fri Mar 13, 2015 4:52 am

Re: SELinux Policy(AVC) - CentOS 6 and Plesk 11.0.9

Postby abeha » Fri Mar 27, 2015 10:12 am

The risk here is a bug in sshd that allowed a hacker to get limited control, would allow them to attempt to communicate with your mysql database.


emma
abeha
 
Posts: 1
Joined: Fri Mar 27, 2015 10:07 am


Return to Policy / AVC / SYSCALL / Boolean to Appove or Deny

Who is online

Users browsing this forum: No registered users and 1 guest