Re: SE alert

On 07/19/15 11:26, inode0 wrote: > sa1 appears to be the culprit. It is normally run from a cronjob > typically every 10 minutes. See my other message [root@meimei ~]# systemctl is-enabled sysstat-collect.timer enabled [root@meimei ~]# systemctl is-enabled sysstat.service enabled If they are

Re: SE alert

On Sat, Jul 18, 2015 at 10:02 PM, jd1008 wrote: > > > On 07/18/2015 08:46 PM, Ed Greshko wrote: >> >> On 07/19/15 10:17, jd1008 wrote: >>> >>> The original I posted says: >>> >>> type=SYSCALL msg=audit(1437267001.953:644): arch=x86_64 syscall=openat >>> success=no exit=EACCES a0=ff9c a

Re: SE alert

On 07/19/15 11:12, Ed Greshko wrote: > If they are enabled, disable them for the time being and check to see if the > sealerts cease. I should have said "stop" and "disable" them. -- If I wanted a blog or social media I'd go elsewhere -- users mailing list users@lists.fedoraproject.org To unsu

Re: SE alert

On 07/19/15 10:57, jd1008 wrote: > It is gosh darned fast > Like every 2 minutes. > > $ sudo systemctl -l | grep sysstat > sysstat.service loaded active exitedResets System Activity Logs Sorry I wasn't explicit [root@meimei ~]# systemctl is-enabled sysstat-collect.timer enabled [roo

Re: SE alert

On 07/18/2015 08:02 PM, jd1008 wrote: egid=0 sgid=0 fsgid=0 ses=37 tty=(none) comm=sa1 exe=/usr/bin/sh subj=system_u:system_r:sysstat_t:s0-s0:c0.c1023 Right there's you're answer: /usr/bin/sh, AKA bash. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription op

Re: SE alert

On 07/18/2015 08:46 PM, Ed Greshko wrote: On 07/19/15 10:17, jd1008 wrote: The original I posted says: type=SYSCALL msg=audit(1437267001.953:644): arch=x86_64 syscall=openat success=no exit=EACCES a0=ff9c a1=4fcb93 a2=80800 a3=0 items=0 ppid=6474 pid=6476 auid=0 uid=0 gid=0 euid

Re: SE alert

On 07/18/2015 08:46 PM, Ed Greshko wrote: On 07/19/15 10:17, jd1008 wrote: The original I posted says: type=SYSCALL msg=audit(1437267001.953:644): arch=x86_64 syscall=openat success=no exit=EACCES a0=ff9c a1=4fcb93 a2=80800 a3=0 items=0 ppid=6474 pid=6476 auid=0 uid=0 gid=0 euid

Re: Silencing auditd in fedora22

On 07/18/2015 06:08 PM, Alex wrote: Hi, Since upgrading from fedora22, auditd is drowning /var/log/messages with useless information such as this: Jul 18 19:02:19 orion audit: pid=6002 uid=0 auid=4294967295 ses=4294967295 msg='op=destroy kind=server fp=SHA256:b5:7b:76:df:38:16:f3:f5:cd:2f:67:54

Re: SE alert

On 07/19/15 10:17, jd1008 wrote: > The original I posted says: > > type=SYSCALL msg=audit(1437267001.953:644): arch=x86_64 syscall=openat > success=no exit=EACCES a0=ff9c a1=4fcb93 a2=80800 a3=0 items=0 > ppid=6474 pid=6476 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 > fsg

Re: SE alert

On 07/18/2015 08:20 PM, Ed Greshko wrote: On 07/19/15 10:15, jd1008 wrote: Well, now, this is interesting: $ sudo ls -l -i -R /root | grep 47972353< Produced no output $ sudo ls -l -d -i -R /root | grep 47972353 << adding the -d option, however: 47972353 dr-xr-x---. 9 root root 4

Re: SE alert

On 07/19/15 10:15, jd1008 wrote: > Well, now, this is interesting: > > $ sudo ls -l -i -R /root | grep 47972353< Produced no output > $ sudo ls -l -d -i -R /root | grep 47972353 << adding the -d option, > however: > 47972353 dr-xr-x---. 9 root root 4096 Jul 2 14:03 /root > $ > > I rea

Re: SE alert

On 07/18/2015 08:09 PM, Ed Greshko wrote: On 07/19/15 09:57, jd1008 wrote: On 07/18/2015 07:53 PM, Ed Greshko wrote: On 07/19/15 09:17, jd1008 wrote: debugfs -R 'ncheck 47972353' /dev/sda3 2>/dev/null Inode Pathname 47972353//root So, why is it trying to do that? I am not logged

Re: SE alert

On 07/18/2015 08:07 PM, Ed Greshko wrote: On 07/19/15 09:55, jd1008 wrote: Ooops, Sorry. Here it is: $ sudo ls -l -i /* | grep 47972353 OK How about sudo ls -l -i -R /root | grep 47972353 Well, now, this is interesting: $ sudo ls -l -i -R /root | grep 47972353< Produced no ou

Re: SE alert

On 07/19/15 09:57, jd1008 wrote: > > > On 07/18/2015 07:53 PM, Ed Greshko wrote: >> On 07/19/15 09:17, jd1008 wrote: >>> debugfs -R 'ncheck 47972353' /dev/sda3 2>/dev/null >>> Inode Pathname >>> 47972353//root >>> >>> So, why is it trying to do that? >>> I am not logged in as root. >>> >>

Re: SE alert

On 07/19/15 09:55, jd1008 wrote: > Ooops, Sorry. Here it is: > $ sudo ls -l -i /* | grep 47972353 OK How about sudo ls -l -i -R /root | grep 47972353 -- If I wanted a blog or social media I'd go elsewhere -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscr

Re: SE alert

On 07/18/2015 07:53 PM, Ed Greshko wrote: On 07/19/15 09:17, jd1008 wrote: debugfs -R 'ncheck 47972353' /dev/sda3 2>/dev/null Inode Pathname 47972353//root So, why is it trying to do that? I am not logged in as root. How can I find out the process(es) that spawned sh to access /roo

Re: SE alert

On 07/18/2015 07:53 PM, Ed Greshko wrote: On 07/19/15 09:51, jd1008 wrote: On 07/18/2015 07:46 PM, Ed Greshko wrote: sudo ls -l -i /* | grep 47972353 $ ls -l -i /* | grep 47972353 $ Nop! And why did you not use "sudo" as shown? Ooops, Sorry. Here it is: $ sudo ls -l -i /* | grep 4797235

Re: SE alert

On 07/19/15 09:17, jd1008 wrote: > debugfs -R 'ncheck 47972353' /dev/sda3 2>/dev/null > Inode Pathname > 47972353//root > > So, why is it trying to do that? > I am not logged in as root. > > How can I find out the process(es) that spawned sh > to access /root? OK, so you have determined

Re: SE alert

On 07/19/15 09:51, jd1008 wrote: > > > On 07/18/2015 07:46 PM, Ed Greshko wrote: >> sudo ls -l -i /* | grep 47972353 > $ ls -l -i /* | grep 47972353 > $ > > Nop! And why did you not use "sudo" as shown? -- If I wanted a blog or social media I'd go elsewhere -- users mailing list users@lists.fed

Re: SE alert

On 07/18/2015 07:46 PM, Ed Greshko wrote: sudo ls -l -i /* | grep 47972353 $ ls -l -i /* | grep 47972353 $ Nop! -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: htt

Re: SE alert

On 07/19/15 09:20, jd1008 wrote: > Also, /dev/sda3 has no dir named root: > > $ ls /sda3/root > /bin/ls: cannot access /sda3/root: No such file or directory Of course not, since there probably is no /sda3 directory. Does sudo ls -l -i /* | grep 47972353 return a filename? -- If I wanted a

Re: SE alert

On 07/18/2015 07:10 PM, Ed Greshko wrote: On 07/19/15 09:00, jd1008 wrote: The sealert below does not tell me exactly which dir that the shell tried to access. I have run the suggested commands (below) but they did not do any good. The alerts keep popping up. SELinux is preventing /usr/bin/

Re: SE alert

On 07/18/2015 07:10 PM, Ed Greshko wrote: sudo debugfs -R 'ncheck 47972353' /dev/sda3 2>/dev/null debugfs -R 'ncheck 47972353' /dev/sda3 2>/dev/null Inode Pathname 47972353//root So, why is it trying to do that? I am not logged in as root. How can I find out the process(es) that sp

Re: SE alert

On 07/19/15 09:00, jd1008 wrote: > The sealert below does not tell me exactly which dir > that the shell tried to access. > I have run the suggested commands (below) > but they did not do any good. > The alerts keep popping up. > > > > SELinux is preventing /usr/bin/sh from read access on the direc

SE alert

The sealert below does not tell me exactly which dir that the shell tried to access. I have run the suggested commands (below) but they did not do any good. The alerts keep popping up. SELinux is preventing /usr/bin/sh from read access on the directory . * Plugin catchall (100. confidence

Re: Printing CD labels

On Sat, Jul 18, 2015 at 06:45:02PM -0600, jd1008 wrote: > > > On 07/18/2015 06:39 PM, Fred Smith wrote: > >On Sat, Jul 18, 2015 at 06:05:13PM -0600, jd1008 wrote: > >> > > > >>I wonder if the templates support the > >>Neato Style CLP-192301 > >>CD/DVD labels. > >>I can get them very cheap, as com

Re: Printing CD labels

On 07/18/2015 06:39 PM, Fred Smith wrote: On Sat, Jul 18, 2015 at 06:05:13PM -0600, jd1008 wrote: I wonder if the templates support the Neato Style CLP-192301 CD/DVD labels. I can get them very cheap, as compared with other brands. Most off-brand labels I've seen indicate the Avery label

Re: Printing CD labels

On Sat, Jul 18, 2015 at 06:05:13PM -0600, jd1008 wrote: > > > > > I wonder if the templates support the > Neato Style CLP-192301 > CD/DVD labels. > I can get them very cheap, as compared with other brands. Most off-brand labels I've seen indicate the Avery label number to which they are equival

Re: Silencing auditd in fedora22

On Sat, 18 Jul 2015 19:08:20 -0400 Alex wrote: > I've enabled rsyslog because the logs are so much easier to access, > but I'm not using auditd so would like to just turn it off. stick audit=0 on the kernel command line options in grub.cfg, disable the auditd service (or uninstall it). That's wor

Re: Excessive verbosity

On 07/19/15 05:26, David A. De Graaf wrote: > I can only hope that this attempt > to complain constructively will be heeded FWIW, complaining on a mailing list, such as this one, is probably not the best way to get your message "heeded". You should probably focus on filing bugzilla's and RFE.

Re: Printing CD labels

On 07/18/2015 05:42 PM, Zoltan Hoppar wrote: Yeah, Glabels. Fine app. Z 2015-07-19 1:40 GMT+02:00 jd1008 >: I have downloaded libmediaart and libmediaart-devel. However, I have no idea how to edit and print a CD/DVD label. On windows, it is made

Re: Printing CD labels

On 07/18/2015 05:42 PM, Zoltan Hoppar wrote: Yeah, Glabels. Fine app. Z 2015-07-19 1:40 GMT+02:00 jd1008 >: I have downloaded libmediaart and libmediaart-devel. However, I have no idea how to edit and print a CD/DVD label. On windows, it is made

Re: Printing CD labels

Yeah, Glabels. Fine app. Z 2015-07-19 1:40 GMT+02:00 jd1008 : > I have downloaded libmediaart and libmediaart-devel. > > However, I have no idea how to edit and print a CD/DVD > label. > > On windows, it is made easy by Avery's apps. > > Are there such apps for linux in general and/or specific

Printing CD labels

I have downloaded libmediaart and libmediaart-devel. However, I have no idea how to edit and print a CD/DVD label. On windows, it is made easy by Avery's apps. Are there such apps for linux in general and/or specifically for Fedora? -- users mailing list users@lists.fedoraproject.org To unsubs

Building/loading dahdi from asterisk

Hi, I'm really stuck with getting asterisk started. I've built and install the dahdi asterisk modules, but they don't load automatically on boot. The asterisk-dahdi package includes /etc/rc.d/init.d/dahdi which runs "/bin/systemctl start dahdi.service" but it fails to load the modules. My questi

Silencing auditd in fedora22

Hi, Since upgrading from fedora22, auditd is drowning /var/log/messages with useless information such as this: Jul 18 19:02:19 orion audit: pid=6002 uid=0 auid=4294967295 ses=4294967295 msg='op=destroy kind=server fp=SHA256:b5:7b:76:df:38:16:f3:f5:cd:2f:67:54:9a:2e:68:15:ae:9c:40:50:4f:6d:81:43:0

Thank God for yum-deprecated :-)

I see that dnf, in its infinite wisdom, has classified ignoring packages it can't find as a bug, therefore if you say dnf install `cat f22-missing.txt` to install as much stuff as possible in your new f22 as you used to have in f20, it will find the very first missing rpm (and ONLY the first), te

Excessive verbosity

The verbosity of systemd and its associated logging functions is out of control. It drives me crazy, and I can only hope that this attempt to complain constructively will be heeded. After recovering from the disaster of filling my root filesystem while away from home, I'm attempting to bring back

Re: dnf seems to be broken after the most recent updates, including updates-testing

On Sat, Jul 18, 2015 at 19:47:43 +0200, Joachim Backes wrote: downgrading dnf-langpacks to version 0.10.0-1 (using yum-deprecated) helps. You can also use the --disbleplugin=langpacks option instead of using yum-deprecated. -- users mailing list users@lists.fedoraproject.org To unsubscrib

Re: Tracer crashing on 'dnf update'

On Thu, 2015-07-16 at 17:46 -0600, Kevin Fenzi wrote: > On Thu, 16 Jul 2015 11:08:06 +0100 > Patrick O'Callaghan wrote: > > > This just started happening today when I ran 'dnf update': > > > > Tracer: > > Program 'tracer' crashed with following error: > > > > /usr/lib/python2.7/si

Re: dnf seems to be broken after the most recent updates, including updates-testing

On 18.07.2015 19:47, Joachim Backes wrote: > On 18.07.2015 19:36, Michael Schwendt wrote: >> On Sat, 18 Jul 2015 19:25:01 +0200, Joachim Backes wrote: >> >>> Hi all F22 users, >>> >>> it seems dnf is broken after the most recent updates (including >>> updates-testing): >> >>> ConfigParser.NoOptionE

Re: dnf seems to be broken after the most recent updates, including updates-testing

On 18.07.2015 19:36, Michael Schwendt wrote: > On Sat, 18 Jul 2015 19:25:01 +0200, Joachim Backes wrote: > >> Hi all F22 users, >> >> it seems dnf is broken after the most recent updates (including >> updates-testing): > >> ConfigParser.NoOptionError: No option u'langpack_locales' in section: >>

Re: dnf seems to be broken after the most recent updates, including updates-testing

On Sat, 18 Jul 2015 19:25:01 +0200, Joachim Backes wrote: > Hi all F22 users, > > it seems dnf is broken after the most recent updates (including > updates-testing): > ConfigParser.NoOptionError: No option u'langpack_locales' in section: > u'main' > --

dnf seems to be broken after the most recent updates, including updates-testing

Hi all F22 users, it seems dnf is broken after the most recent updates (including updates-testing): - sudo dnf update Traceback (most recent call last): File "/bin/dnf", line 36, in main.user_main(sys.argv[1:], exit_cod

Re: thunderbird+enigmail issue on fedora 21[SOLVED]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/18/15 19:23, François Patte wrote: > Yes. I install only the minimum at the beginning, then I complete the > install according to my needs, using yum groupinstall for some > sofwares, or a simple install of my favourite ones, counting on yum to

Re: thunderbird+enigmail issue on fedora 21[SOLVED]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Le 18/07/2015 12:57, Ed Greshko a écrit : > > On 07/18/15 18:39, François Patte wrote: >> Le 17/07/2015 16:13, Ed Greshko a écrit : >>> On 07/17/15 21:33, François Patte wrote: Did you try to disable selinux on your VM installl? I disabled s

Re: thunderbird+enigmail issue on fedora 21[SOLVED]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/18/15 18:39, François Patte wrote: > Le 17/07/2015 16:13, Ed Greshko a écrit : > > On 07/17/15 21:33, François Patte wrote: > >> Did you try to disable selinux on your VM installl? I disabled > >> selinux by the way of /etc/selinux/config file.

Re: thunderbird+enigmail issue on fedora 21[SOLVED]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Le 17/07/2015 16:13, Ed Greshko a écrit : > On 07/17/15 21:33, François Patte wrote: >> Did you try to disable selinux on your VM installl? I disabled >> selinux by the way of /etc/selinux/config file. > > I just disabled selinux and I created a new