[prev in list] [next in list] [prev in thread] [next in thread]
List: gentoo-hardened
Subject: [gentoo-hardened] final polish
From: Christian Schäfer <caefer () krachstoff ! net>
Date: 2003-08-29 18:41:52
[Download RAW message or body]
hi,
this morning my little box turn fully grown. ;-)
I did make relabel and now I'm through with the installation-guide.
btw: I would appreciate some sort of advices at the beginning of this
guide. like 'don't use reiserfs, since it is not fully stable with
selinux'..
anyway, I do use reiserfs.
at the end of this mail you'll find my current dmesg output.
no errors really but a few lines that i don't like, but don't know how
to handle either.. may there be help. :D
'### ' mark the lines of wuestion.
I either don't know what they mean and/or what to do to avoid them.
the last lines with these avc: denied... thingies are uncorrect
labeled files right? a relabel does not help, what shall I do?
anyway, what is a good procedure to carry on? do i have to label any
emerge now?
maybe someone of you knows a good basic read, from a users view.
I already read a lot about policies and such. but nithing gave me a
clue on how to administrate things.
thanks a lot!
regards
/christian
<snip>
Linux version 2.4.20-hardened-r4 (root@cdimage) (gcc version 3.2.3 20030422 (Gentoo \
Linux 1.4 3.2.3-r2, propolice)) #1 SMP Fri Aug 29 07:57:22 CEST 2003 BIOS-provided \
physical RAM map: BIOS-e820: 0000000000000000 - 00000000000a0000 (usable)
BIOS-e820: 00000000000f0000 - 0000000000100000 (reserved)
BIOS-e820: 0000000000100000 - 0000000008000000 (usable)
BIOS-e820: 00000000ffff0000 - 0000000100000000 (reserved)
128MB LOWMEM available.
On node 0 totalpages: 32768
zone(0): 4096 pages.
zone(1): 28672 pages.
zone(2): 0 pages.
Kernel command line: root=/dev/sda3
### No local APIC present or hardware disabled
Initializing CPU#0
Detected 233.866 MHz processor.
Console: colour VGA+ 80x25
Calibrating delay loop... 465.30 BogoMIPS
Memory: 126392k/131072k available (1652k kernel code, 4296k reserved, -2248k data, \
260k init, 0k highmem) Security Scaffold v1.0.0 initialized
SELinux: Initializing.
SELinux: Starting in permissive mode
Dentry cache hash table entries: 16384 (order: 5, 131072 bytes)
Inode cache hash table entries: 8192 (order: 4, 65536 bytes)
Mount-cache hash table entries: 2048 (order: 2, 16384 bytes)
Buffer-cache hash table entries: 8192 (order: 3, 32768 bytes)
Page-cache hash table entries: 32768 (order: 5, 131072 bytes)
Intel Pentium with F0 0F bug - workaround enabled.
CPU: After generic, caps: 008001bf 00000000 00000000 00000000
CPU: Common caps: 008001bf 00000000 00000000 00000000
Checking 'hlt' instruction... OK.
POSIX conformance testing by UNIFIX
CPU: After generic, caps: 008001bf 00000000 00000000 00000000
CPU: Common caps: 008001bf 00000000 00000000 00000000
CPU0: Intel Pentium MMX stepping 03
per-CPU timeslice cutoff: 160.32 usecs.
task migration cache decay timeout: 10 msecs.
### SMP motherboard not detected.
### Local APIC not detected. Using dummy APIC emulation.
migration_task 0 on cpu=0
PCI: PCI BIOS revision 2.10 entry at 0xfb550, last bus=0
PCI: Using configuration type 1
PCI: Probing PCI hardware
Limiting direct PCI/PCI transfers.
Linux NET4.0 for Linux 2.4
Based upon Swansea University Computer Society NET3.039
Initializing RT netlink socket
Starting kswapd
devfs: v1.12c (20020818) Richard Gooch (rgooch@atnf.csiro.au)
devfs: boot_options: 0x1
### There is already a security framework initialized, register_security failed.
### Failure registering capabilities with the kernel
selinux_register_security: Registering secondary module capability
Capability LSM initialized
pty: 256 Unix98 ptys configured
Serial driver version 5.05c (2001-07-08) with MANY_PORTS SHARE_IRQ SERIAL_PCI enabled
ttyS00 at 0x03f8 (irq = 4) is a 16550A
ttyS01 at 0x02f8 (irq = 3) is a 16550A
FDC 0 is a post-1991 82077
loop: loaded (max 8 devices)
8139too Fast Ethernet driver 0.9.26
eth0: RealTek RTL8139 Fast Ethernet at 0xc8800000, 00:30:84:28:e3:12, IRQ 9
eth0: Identified 8139 chip type 'RTL-8139C'
eth1: RealTek RTL8139 Fast Ethernet at 0xc8802000, 00:e0:7d:82:48:3c, IRQ 12
eth1: Identified 8139 chip type 'RTL-8139B'
SCSI subsystem driver Revision: 1.00
scsi0 : Adaptec AIC7XXX EISA/VLB/PCI SCSI HBA DRIVER, Rev 6.2.8
<Adaptec 2940 Ultra SCSI adapter>
aic7880: Ultra Wide Channel A, SCSI Id=7, 16/253 SCBs
Vendor: IBM Model: DCAS-34330W Rev: S65A
Type: Direct-Access ANSI SCSI revision: 02
(scsi0:A:0): 40.000MB/s transfers (20.000MHz, offset 8, 16bit)
Vendor: QUANTUM Model: QM39100TD-SW Rev: N1B0
Type: Direct-Access ANSI SCSI revision: 02
(scsi0:A:1): 40.000MB/s transfers (20.000MHz, offset 8, 16bit)
Vendor: QUANTUM Model: QM39100TD-SW Rev: N1B0
Type: Direct-Access ANSI SCSI revision: 02
(scsi0:A:2): 40.000MB/s transfers (20.000MHz, offset 8, 16bit)
Vendor: PLEXTOR Model: CD-ROM PX-40TS Rev: 1.04
Type: CD-ROM ANSI SCSI revision: 02
(scsi0:A:3): 20.000MB/s transfers (20.000MHz, offset 15)
scsi0:A:0:0: Tagged Queuing enabled. Depth 253
scsi0:A:1:0: Tagged Queuing enabled. Depth 253
scsi0:A:2:0: Tagged Queuing enabled. Depth 253
Attached scsi disk sda at scsi0, channel 0, id 0, lun 0
Attached scsi disk sdb at scsi0, channel 0, id 1, lun 0
Attached scsi disk sdc at scsi0, channel 0, id 2, lun 0
SCSI device sda: 8467200 512-byte hdwr sectors (4335 MB)
Partition check:
/dev/scsi/host0/bus0/target0/lun0: p1 p2 p3 p4 < p5 p6 p7 >
SCSI device sdb: 17783249 512-byte hdwr sectors (9105 MB)
/dev/scsi/host0/bus0/target1/lun0: p1
SCSI device sdc: 17783249 512-byte hdwr sectors (9105 MB)
/dev/scsi/host0/bus0/target2/lun0: p1
Attached scsi CD-ROM sr0 at scsi0, channel 0, id 3, lun 0
sr0: scsi-1 drive
Uniform CD-ROM driver Revision: 3.12
NET4: Linux TCP/IP 1.0 for NET4.0
IP Protocols: ICMP, UDP, TCP, IGMP
IP: routing cache hash table of 1024 buckets, 8Kbytes
TCP: Hash tables configured (established 8192 bind 8192)
klips_info:ipsec_init: KLIPS startup, FreeS/WAN IPSec version: \
super-freeswan-1.99.7rc2 klips_info:ipsec_alg_init: KLIPS alg v=0.8.1-0 \
(EALG_MAX=255, AALG_MAX=15) klips_info:ipsec_alg_init: calling \
ipsec_alg_static_init() ipsec_aes_init(alg_type=15 alg_id=12 name=aes): ret=0
ipsec_aes_init(alg_type=14 alg_id=9 name=aes_mac): ret=0
ipsec_serpent_init(alg_type=15 alg_id=252 name=serpent): ret=0
ipsec_twofish_init(alg_type=15 alg_id=253 name=twofish): ret=0
NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
reiserfs: checking transaction log (device 08:03) ...
Using r5 hash to sort names
ReiserFS version 3.6.25
VFS: Mounted root (reiserfs filesystem) readonly.
SELinux: Completing initialization.
security: loading policy configuration from /etc/security/selinux/policy.12
security: 3 users, 6 roles, 338 types
security: 29 classes, 22793 rules
SELinux: initialized (dev 08:03, type reiserfs), uses PSIDs
SELinux: initialized (dev 00:08, type devpts), uses transition SIDs
SELinux: initialized (dev 00:07, type devfs), uses genfs_contexts
SELinux: initialized (dev 00:06, type binfmt_misc), not configured for labeling
SELinux: initialized (dev 00:05, type pipefs), uses task SIDs
SELinux: initialized (dev 00:04, type tmpfs), uses transition SIDs
SELinux: initialized (dev 00:03, type sockfs), uses task SIDs
SELinux: initialized (dev 00:02, type proc), uses genfs_contexts
SELinux: initialized (dev 00:01, type bdev), not configured for labeling
SELinux: initialized (dev 00:00, type rootfs), not configured for labeling
Mounted devfs on /dev
Freeing unused kernel memory: 260k freed
### Adding Swap: 498004k swap-space (priority -1)
### avc: denied { getattr } for pid=221 exe=/sbin/reiserfsck \
scontext=system_u:system_r:fsadm_t tcontext=system_u:object_r:proc_t \
tclass=filesystem
reiserfs: checking transaction log (device 08:05) ...
Using r5 hash to sort names
ReiserFS version 3.6.25
SELinux: initialized (dev 08:05, type reiserfs), uses PSIDs
reiserfs: checking transaction log (device 08:06) ...
Using r5 hash to sort names
ReiserFS version 3.6.25
SELinux: initialized (dev 08:06, type reiserfs), uses PSIDs
reiserfs: checking transaction log (device 08:07) ...
Using r5 hash to sort names
ReiserFS version 3.6.25
SELinux: initialized (dev 08:07, type reiserfs), uses PSIDs
reiserfs: checking transaction log (device 08:11) ...
Using r5 hash to sort names
ReiserFS version 3.6.25
SELinux: initialized (dev 08:11, type reiserfs), uses PSIDs
reiserfs: checking transaction log (device 08:21) ...
Using r5 hash to sort names
ReiserFS version 3.6.25
SELinux: initialized (dev 08:21, type reiserfs), uses PSIDs
SELinux: initialized (dev 00:09, type tmpfs), uses transition SIDs
### avc: denied { append } for pid=694 exe=/usr/sbin/syslog-ng path=/vc/12 \
dev=00:07 ino=26 scontext=system_u:system_r:syslogd_t \
tcontext=system_u:object_r:tty_device_t tclass=chr_file
### avc: denied { setattr } for pid=694 exe=/usr/sbin/syslog-ng path=/vc/12 \
dev=00:07 ino=26 scontext=system_u:system_r:syslogd_t \
tcontext=system_u:object_r:tty_device_t tclass=chr_file
eth0: Setting 100mbps full-duplex based on auto-negotiated partner ability 45e1.
eth1: Setting half-duplex based on auto-negotiated partner ability 0000.
### avc: denied { write } for pid=978 exe=/bin/bash path=/root dev=08:03 ino=5186 \
scontext=root:staff_r:staff_t tcontext=system_u:object_r:sysadm_home_dir_t tclass=dir
### avc: denied { add_name } for pid=978 exe=/bin/bash path=/root/dmesg.out \
scontext=root:staff_r:staff_t tcontext=system_u:object_r:sysadm_home_dir_t tclass=dir
### avc: denied { create } for pid=978 exe=/bin/bash path=/root/dmesg.out \
scontext=root:staff_r:staff_t tcontext=root:object_r:sysadm_home_dir_t tclass=file \
</snip>
gruss
/Christian mailto:caefer@krachstoff.net
---
I propose that the following character sequence for joke markers:
> -)
19-Sep-82 11:44 Scott E Fahlman
--
gentoo-hardened@gentoo.org mailing list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic