On Wed, May 19, 2010 at 3:06 PM, Adi Pane <[email protected]> wrote:
> sudah mas, hasil nya ini:
>
> Summary:
>
> SELinux is preventing the squid (squid_t) from executing wrapzap.
>
> Detailed Description:
>
> SELinux has denied the squid from executing wrapzap. If squid is supposed to
> be
> able to execute wrapzap, this could be a labeling problem. Most confined
> domains
> are allowed to execute files labeled bin_t. So you could change the labeling
> on
> this file to bin_t and retry the application. If this squid is not supposed to
> execute wrapzap, this could signal a intrusion attempt.
>
> Allowing Access:
>
> If you want to allow squid to execute wrapzap: chcon -t bin_t 'wrapzap' If
> this
> fix works, please update the file context on disk, with the following command:
> semanage fcontext -a -t bin_t 'wrapzap' Please specify the full path to the
> executable, Please file a bug report
> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this
> selinux-policy
> to make sure this becomes the default labeling.
>
jalankan ini
chcon -t bin_t 'wrapzap'
> Additional Information:
>
> Source Context unconfined_u:system_r:squid_t:s0
> Target Context unconfined_u:object_r:usr_t:s0
> Target Objects wrapzap [ file ]
> Source squid
> Source Path /usr/sbin/squid
> Port <Unknown>
> Host localhost
> Source RPM Packages squid-3.0.STABLE13-1.fc11
> Target RPM Packages
> Policy RPM selinux-policy-3.6.12-39.fc11
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name execute
> Host Name localhost
> Platform Linux localhost 2.6.29.4-167.fc11.i686.PAE #1 SMP
> Wed May 27 17:28:22 EDT 2009 i686 i686
> Alert Count 155
> First Seen Wed May 19 08:37:50 2010
> Last Seen Wed May 19 09:13:07 2010
> Local ID 5584bdec-a033-4766-993d-3d562a04a4e4
> Line Numbers
>
> Raw Audit Messages
>
> node=localhost type=AVC msg=audit(1274235187.82:25439): avc: denied { execute
> } for pid=8528 comm="squid" name="wrapzap" dev=sda6 ino=94245
> scontext=unconfined_u:system_r:squid_t:s0
> tcontext=unconfined_u:object_r:usr_t:s0 tclass=file
>
> node=localhost type=SYSCALL msg=audit(1274235187.82:25439): arch=40000003
> syscall=11 success=no exit=-13 a0=2c666e0 a1=bffbe0e8 a2=2d36b88 a3=4000
> items=0 ppid=8523 pid=8528 auid=0 uid=23 gid=23 euid=23 suid=23 fsuid=23
> egid=23 sgid=23 fsgid=23 tty=(none) ses=1 comm="squid" exe="/usr/sbin/squid"
> subj=unconfined_u:system_r:squid_t:s0 key=(null)
>
> end
>
>
> kalo selinux nya di disabled apa pengaruh nya mas?
> cara men disabled selinux gmana mas??
>
ini tentang selinux dari wiki
http://en.wikipedia.org/wiki/Security-Enhanced_Linux
cara disabled nya edit file konfigurasinya di /etc/sysconfig/selinux
pada bagian
SELINUX=enforcing
rubah menjadi disabled
trus restart mesinnya agar berubah..
bisa juga langsung tapi cuma permissive, jalankan perintah
setenforce 0
tapi ketika mesin restart, selinux nya akan berubah lagi sesuai dengan
konfigurasi yang ada di /etc/sysconfig/selinux
> maaf, masih baru nyoba..
> thank, bwt info nya mas
>
> ----- Original Message -----
> From: "aditya hilman" <[email protected]>
> To: [email protected]
> Sent: Wednesday, May 19, 2010 2:54:05 PM GMT +07:00 Bangkok, Hanoi, Jakarta
> Subject: Re: [tanya-jawab] squish on fedora 11
>
> 2010/5/19 Adi Pane <[email protected]>:
>> ada yang punya tutorial untuk menerapkan penggunaan squish pada fedora 11?
>>
>> saya sudah coba dengan cara seperti ini:
>>
>> [r...@master root]# tar xzvf adzap-20080508.tar.gz –C /usr/local/squid
>> [r...@master root]# cd /usr/local/squid/adzap
>> [r...@master root]# cd scripts
>> [r...@master root]# vi wrapzap
>> Ubah parameter
>> zapper=/usr/local/squid/adzap/scripts/squid_redirect
>> [r...@master root]# cd /usr/local/squid/etc
>> [r...@master root]# vi squid.conf
>> tambahkan parameter dibawah ini
>> redirect_program /usr/local/squid/adzap/scripts/wrapzap
>> [r...@master root]# /usr/local/squid/sbin/squid –k reconfigure
>>
>>
>> tapi tetap aja gak bisa.
>> errornya:
>> #tail /var/log/messages
>> May 19 09:13:00 localhost setroubleshoot: SELinux is preventing the squid
>> (squid_t) from executing wrapzap. For complete SELinux messages. run sealert
>> -l 5584bdec-a033-4766-993d-3d562a04a4e4
>> May 19 09:13:00 localhost setroubleshoot: SELinux is preventing the squid
>> (squid_t) from executing wrapzap. For complete SELinux messages. run sealert
>> -l 5584bdec-a033-4766-993d-3d562a04a4e4
>> May 19 09:13:03 localhost squid[8422]: Squid Parent: child process 8509
>> started
>> May 19 09:13:03 localhost (squid): The redirector helpers are crashing too
>> rapidly, need help!
>>
>>
>> trus yang command "# /usr/local/squid/sbin/squid –k reconfigure" gak bisa
>> dijalankan
>> karena foldernya gak ada..
>> apa dibuat manual?
>>
>>
>> help pliss....
>>
>>
>>
>>
>>
>> --
>> Adi Pane
>> [email protected]
>>
>>
>> --
>> FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab
>> Unsubscribe: kirim email ke [email protected]
>> Arsip dan info milis selengkapnya di http://linux.or.id/milis
>>
>>
>
> sudah jalankan ini ?
> sealert -l 5584bdec-a033-4766-993d-3d562a04a4e4
>
> nanti dikasih liat disuruh menjalankan apa..
>
> Kalau selinux nya tidak ingin digunakan di disabled saja.
> --
> Regards,
> Adit
> http://simplyaddo.web.id
> ym : science2rule
> hp : 08561749716
>
> --
> FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab
> Unsubscribe: kirim email ke [email protected]
> Arsip dan info milis selengkapnya di http://linux.or.id/milis
>
>
>
> --
> Adi Pane
> [email protected]
>
>
> --
> FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab
> Unsubscribe: kirim email ke [email protected]
> Arsip dan info milis selengkapnya di http://linux.or.id/milis
>
>
--
Regards,
Adit
http://simplyaddo.web.id
ym : science2rule
hp : 08561749716
--
FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab
Unsubscribe: kirim email ke [email protected]
Arsip dan info milis selengkapnya di http://linux.or.id/milis
