headers
Eric Amram | 2 Aug 2005 16:13

Login problem

Hello,
 
First of all, congratulations for this great piece of software,
I find LIDS by far superior to SELinux.
 
I tried to install the latest release 2.2.1rc3 - 2.6.12 on a Fedora Core 4
perfectly updated.
 
I tried the kernel RPM (which needed to be "--force", since
the release 390 was older than last update), which installed fine
after all.
 
I set all CAP to "+" and set the rules to the minimum (as described
in the FAQ), set ACL_DISCOVERY to 1 and rebooted.
 
Then I could login at all : the login was always "incorrect".
I rebooted with "lids=0" option but same problem.
 
I rebooted again on FC4 kernel, login, looked at the /var/log/messages
and there nothing (after a few cycles, I made all LIDS remarks disappear).
 
I tried with / without ACL_DISCOVERY, tried many (stupid) other things
but nothing overthrown this login/passwd.
 
Other Hints: the PC boots with all daemons starting (SSH, HTTP, Postfix...).
When I try to login through SSHd, I get a "Permission denied".
 
Any idea where it could come from ?
 
Thanks in advance,
 
--Eric
 
 
NB: I have a server on Kernel 2.4 + LIDS, running for years
  without any problem !
 
Permalink | Reply | 2 comments |
headers
Sander Klein | 2 Aug 2005 22:25
Picon

Re: LIDS-JP mini conference will be held in Japan on 2005/09/03

I woul definitly like to read the english translations. Since I can't 
speak or read any japanese ;-)

Hope you enjoy yourselves.

Regards,

Sander Klein

omok wrote:

>Folks,
>
>I guess almost people on this ML are outside of Japan. So this is
>just for your information.
>
>We(LIDS-JP) are pleased to announce that we will hold a LIDS 
>technical mini-conference in Japan on 2005/09/03. 
>(Actually, this is mini-mini-conference. Capacity is only 50 person).
>
>This mini-conference's purpose is for promoting LIDS, and make it 
>more familiar in Japan. 
>
>Conference Program:
>
>Session 1  	"About LIDS and its differences between SELinux"
>Speaker 	Kazuki Omo 
>
>Session 2  	"Beginning to use LIDS with TDE/TPE"
>Speaker 	Yuusuke Sato 
>
>Session 3 	"Implementation LIDS on Embedded system."
>Speaker 	Hiroshi Shinji 
>
>There's no English menu/speaker on this mini conference. 
>So, you need to read and listen with Japanese Language.
>
>The information is available on 
>http://www.selinux.gr.jp/LIDS-JP/LIDS_en/study/lids-study-0.en.html
>
>Also, we'll translate all of material to English later.
>
>Regards,
>  
>

-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
Permalink | Reply | 1 comment |
headers
omok | 3 Aug 2005 04:43
Favicon

Re: Login problem

Dear, Eric,

On Tue, Aug 02, 2005 at 04:13:35PM +0200, Eric Amram wrote:
> 
> Then I could login at all : the login was always "incorrect".
> I rebooted with "lids=0" option but same problem.
> 

It seems you have below error messages after you login to machine
which is using LIDS-patched kernel, rigt?

-------------------------------------------------------
Error sending status request (Operation not permitted)
Error sending status request (Operation not permitted)
Error sending status request (Operation not permitted)
-------------------------------------------------------

Also, please check
http://forum.lids.org/viewtopic.php?t=107

If so, I have same problem, but I'm ignoring the error because other LIDS feature 
are still working fine.
Even if I'm using vanilla-2.6.12 with LIDS, I have same problem. I guess there's
some problem on FC4's new version of software or something...
--

-- 
Omo Kazuki <omok <at> honto.info>
LIDS Japanese Information:
Japanese: http://www.selinux.gr.jp/LIDS-JP/index.html
English:  http://www.selinux.gr.jp/LIDS-JP/LIDS_en/index.html

-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
Permalink | Reply | 0 comments |
headers
Huagang Xie | 3 Aug 2005 08:12

Re: ACL problem on 2.2.1rc3

Hello Omo,

On Thu, Jul 28, 2005 at 04:10:25PM +0900, omok wrote:
> Dear, Xie,
> 
> Now I'm having odd problem on lids-2.2.1rc3+ssh patch.
> 
> 
> 2. Now, I want to hide /var/www/html/hide from httpd. Then I added following
> ACL;
> 
>  lidsconf -A -s /usr/sbin/httpd -o /var/www/html/hide -j DENY
> 
> Now 
> a.) httpd can't read /var/www/html/hide anymore
> but
> b.) still httpd could read /var/www/html/hide directory.

hide is a directory or a file? 

huagang

-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
Permalink | Reply | 1 comment |
headers
omok | 3 Aug 2005 12:27
Favicon

Re: ACL problem on 2.2.1rc3

Dear, Xie,

/var/www/html/hide is a directory.
Also, even if I tested same ACL on file(/var/www/html/hide.html),
httpd could read the file(/var/www/html/hide.html)

Regards,

On Tue, Aug 02, 2005 at 11:12:23PM -0700, Huagang Xie wrote:
> > 
> > 2. Now, I want to hide /var/www/html/hide from httpd. Then I added following
> > ACL;
> > 
> >  lidsconf -A -s /usr/sbin/httpd -o /var/www/html/hide -j DENY
> > 
> > Now 
> > a.) httpd can't read /var/www/html/hide anymore
> > but
> > b.) still httpd could read /var/www/html/hide directory.
> 
> hide is a directory or a file? 

--

-- 
Omo Kazuki <omok <at> honto.info>
LIDS Japanese Information:
Japanese: http://www.selinux.gr.jp/LIDS-JP/index.html
English:  http://www.selinux.gr.jp/LIDS-JP/LIDS_en/index.html

-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
Permalink | Reply | 0 comments |
headers
Søren Nøhr Christensen | 9 Aug 2005 03:30
Picon

Configuring exceptions

Hi all!

I have the following ACL configured:

B4SW1000-9-116-16-69:~# lidsconf -L
                Subject   ACCESS  inherit               Object
----------------------------------------------------------------------------
               Any file  READONLY:  0      /usr/X11R6/bin/X
       /usr/X11R6/bin/X     GRANT:  0         CAP_SYS_RAWIO
               Any file      DENY:  0                /devel
               Any file  READONLY:  0       /usr/bin/kwrite
        /usr/bin/kwrite  READONLY:  1                /devel

Can anyone tell med why /usr/bin/kwrite cannot access /devel?

The configuration is merely for testing purposes.

Soren

-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
Permalink | Reply | 1 comment |
headers
cartoes | 17 Aug 2005 07:44
Picon
Favicon

Cartes UOL

'

Você recebeu um Cartão UOL



Mensagem:
Você sabe que sempre estará em meu coração.

Clique na figura acima, para o ver o cartão por inteiro!
 
Este cartão ficará disponível por 5 dias.

Envie um cartão para um amigo.
Clique no seguinte endereço: http://www.uol.com.br/cartoes
   
   
   
   
   
Permalink | Reply | 0 comments |
headers
Wild Hunters | 20 Aug 2005 23:19
Picon
Favicon

Wild Hunters - Hunting and Fishing trips in Romania!

Dear Friend,

      This year, I have the pleasure to invite you once again to Romania for the hunting season with our company.

      It's been more than 5 years since we opened the roumanian hunting for hunters all over the world.For more than 5 years we’ve been organising hunting trips for occidental hunters. After 1 years we've been able to select hunting reservs and trophies for Chamois, Deer, Roe Buck, Stag, Bear, Wild Boar, Wolf and Lynx. Beautifull the hunting and the Wild Boar trophies.Great Chamois in the Carpathian Mountains and huge Stag trophies in Transilvania’s forests. In spring, the Bear hunting and Capercaille hunting. Reserves with 100/100 positiv results.

      For the small hunting, Duck and Geese in the Danube. Also Quails and Snipes Hunting with Dogs in August and September.
      Our company provides all the transportation for the hunters. The lodges will always be selected to provide you with confort.
      We are waiting for you in Romania, with quality services andwith beutifull hunting possibilities .

Please email us at wildhunters_ro <at> yahoo.com for reservations ! You can also use the online contact for that is at : http://www.wildhunters.ro/contact.html
http://www.wildhunters.ro
wildhunters_ro <at> yahoo.com
http://www.wildhunters.ro/contact.html

 

 

------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf

Permalink | Reply | 0 comments |
headers
Dorothe Thao | 22 Aug 2005 11:00
Picon
Favicon

Vagrra No Failure With V.

 
Hi, d d le on?
o you want to spen ss on your medicati
 
VlSlT USPharmcy- op and SAV to 70
By-MaiI Sh E up  %
 
VALlU LLlS VlAGRR ther dr op
UM ClA A and many o ugs in our sh
 
We are op which gives this great deal to
 the only sh  you -
Just  you will not be disappointed!
try us and 
 

With MSN Spaces email straight to your blog. Upload jokes, photos and more. It's free!

------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf

Permalink | Reply | 0 comments |
headers
AragonX | 22 Aug 2005 18:56

Anyone here? (FC4 setup)

Does anyone have a good config for Fedora Core 4?  I'm using:

sendmail
spamassassin
clamav
mailscanner
aide
chkrootkit
apache
samba
cups
dovecot
mysql
squirrelmail
dhcp

That's the major ones I think.

-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
Permalink | Reply | 0 comments |

Gmane