CiscoMike
Verified User
Clean install...had to because I shot myself in the foot, long story. 
CentOS 5.3 64-bit
cleaned out all the garbage/bloat that came with the PXE boot. Hardened the OS. SELinux was also working in permissive mode, targeted. Then I installed DA. I do another audit scan and notice the SELinux is disabled (it had been enabled through at least 3 or 4 other reboots). I re-enable it and keep it as permissive/targeted. I touch and reboot.
Apr 17 00:02:31 empire setroubleshoot: SELinux is preventing httpd (httpd_t) "execstack" to <Unknown> (httpd_t). For complete SELinux messages. run sealert -l 7c56e723-f8c6-41a3-a320-a8b11613acf3
Apr 17 00:02:31 empire setroubleshoot: SELinux prevented httpd executing access to http files. For complete SELinux messages. run sealert -l 9a9e95fc-e0ad-4901-9c17-b8f4f22178c2
Apr 17 00:02:32 empire setroubleshoot: SELinux is preventing the httpd from using potentially mislabeled files ./ssl_request_log (var_t). For complete SELinux messages. run sealert -l 855bad23-85d9-42de-b209-5542e8804e3d
Apr 17 00:02:33 empire setroubleshoot: SELinux prevented httpd reading and writing access to http files. For complete SELinux messages. run sealert -l efd7bbcf-76e2-4e02-be63-531969d6d355
Apr 17 00:02:33 empire proftpd[3239]: empire - ProFTPD 1.3.2 (stable) (built Thu Apr 16 18:38:20 CDT 2009) standalone mode STARTUP
Apr 17 00:02:33 empire setroubleshoot: SELinux is preventing proftpd (ftpd_t) "execstack" to <Unknown> (ftpd_t). For complete SELinux messages. run sealert -l aeb921e0-2d04-46b2-8879-634b235adeea
Apr 17 00:02:33 empire setroubleshoot: SELinux is preventing proftpd (ftpd_t) "ipc_lock" to <Unknown> (ftpd_t). For complete SELinux messages. run sealert -l d437bf51-9d7c-4b9b-8bfc-4a733c0066db
Apr 17 00:03:01 empire setroubleshoot: SELinux is preventing exim (system_mail_t) "read" to tmp (var_t). For complete SELinux messages. run sealert -l de9d3d82-1474-41ef-929c-0221bcfc8403
Apr 17 00:19:01 empire setroubleshoot: SELinux is preventing exim (system_mail_t) "read" to tmp (var_t). For complete SELinux messages. run sealert -l de9d3d82-1474-41ef-929c-0221bcfc8403
Now I know I'm going to have to create some exceptions here, that's part of the game but my question is why (and I'll almost put money it happens during the quote creation stage of the DA install) does DA need to disable SELinux? And does anyone have a custom ruleset that I can bum so I can be lazy?
CentOS 5.3 64-bit
cleaned out all the garbage/bloat that came with the PXE boot. Hardened the OS. SELinux was also working in permissive mode, targeted. Then I installed DA. I do another audit scan and notice the SELinux is disabled (it had been enabled through at least 3 or 4 other reboots). I re-enable it and keep it as permissive/targeted. I touch and reboot.
Apr 17 00:02:31 empire setroubleshoot: SELinux is preventing httpd (httpd_t) "execstack" to <Unknown> (httpd_t). For complete SELinux messages. run sealert -l 7c56e723-f8c6-41a3-a320-a8b11613acf3
Apr 17 00:02:31 empire setroubleshoot: SELinux prevented httpd executing access to http files. For complete SELinux messages. run sealert -l 9a9e95fc-e0ad-4901-9c17-b8f4f22178c2
Apr 17 00:02:32 empire setroubleshoot: SELinux is preventing the httpd from using potentially mislabeled files ./ssl_request_log (var_t). For complete SELinux messages. run sealert -l 855bad23-85d9-42de-b209-5542e8804e3d
Apr 17 00:02:33 empire setroubleshoot: SELinux prevented httpd reading and writing access to http files. For complete SELinux messages. run sealert -l efd7bbcf-76e2-4e02-be63-531969d6d355
Apr 17 00:02:33 empire proftpd[3239]: empire - ProFTPD 1.3.2 (stable) (built Thu Apr 16 18:38:20 CDT 2009) standalone mode STARTUP
Apr 17 00:02:33 empire setroubleshoot: SELinux is preventing proftpd (ftpd_t) "execstack" to <Unknown> (ftpd_t). For complete SELinux messages. run sealert -l aeb921e0-2d04-46b2-8879-634b235adeea
Apr 17 00:02:33 empire setroubleshoot: SELinux is preventing proftpd (ftpd_t) "ipc_lock" to <Unknown> (ftpd_t). For complete SELinux messages. run sealert -l d437bf51-9d7c-4b9b-8bfc-4a733c0066db
Apr 17 00:03:01 empire setroubleshoot: SELinux is preventing exim (system_mail_t) "read" to tmp (var_t). For complete SELinux messages. run sealert -l de9d3d82-1474-41ef-929c-0221bcfc8403
Apr 17 00:19:01 empire setroubleshoot: SELinux is preventing exim (system_mail_t) "read" to tmp (var_t). For complete SELinux messages. run sealert -l de9d3d82-1474-41ef-929c-0221bcfc8403
Now I know I'm going to have to create some exceptions here, that's part of the game but my question is why (and I'll almost put money it happens during the quote creation stage of the DA install) does DA need to disable SELinux? And does anyone have a custom ruleset that I can bum so I can be lazy?