Hi,

I just want to know, is it safe to Allow this,

Code: Select all

type=AVC msg=audit(1371040560.733:21059): avc: denied { connectto } for pid=9890 comm="sshd" path="/var/lib/mysql/mysql.sock" scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:mysqld_t:s0 tclass=unix_stream_socket

Please advise.

Regards,
Xeont

The risk here is a bug in sshd that allowed a hacker to get limited control, would allow them to attempt to communicate with your mysql database.

Of course if you have a hacked sshd, this might be the least of your worries.

What is plesk? Is this some kind of authorization database that sshd is using? If yes we might want to add a boolean to allow sshd to communicate with mysql databases.

rhatdan wrote:What is plesk? Is this some kind of authorization database that sshd is using? If yes we might want to add a boolean to allow sshd to communicate with mysql databases.

Plesk is a hosting control panel.

http://www.parallels.com/products/plesk/

Then why would this trigger sshd to connect to mysql port, or is this a red herring?

yeah i have the same in my audit log.. should we allow this?

Did plesk add some kind of pam module in /etc/pam.d?

rhatdan wrote:Did plesk add some kind of pam module in /etc/pam.d?

thank you for your reply,

not sure what is pam modele is

plesk really dont support selinux, answer would be disable it.

please let me know how safe to allow this. i have many same entries in my audit.log

just curious if this is a safe process to alow

many thanks
tricS

Of course if you have a hacked sshd, this might be the least of your worries. What is plesk?






_______________________________________

The risk here is a bug in sshd that allowed a hacker to get limited control, would allow them to attempt to communicate with your mysql database.


emma