[ubuntu-hardened] [refpolicy] Cannot use SSH with Refpolicy in Ubuntu Hardy

Justin Mattock justinmattock at gmail.com
Mon Sep 8 21:39:45 BST 2008


On Sun, Sep 7, 2008 at 11:25 PM, Václav Ovsík <vaclav.ovsik at i.cz> wrote:
> On Sat, Sep 06, 2008 at 10:57:26PM -0400, Hong wrote:
>> Thanks for your reply, Justin.
>>
>> I just changed the line `SELINUX=enforcing` to `SELINUX=permissive` and
>> reboot the system.
>>
>> After reboot, I checked `getenforce` and it returned `permissive`.
>>
>> But still I cannot ssh to the machine remotely...
>> After each try with a correct password, /var/log/message doesn't grow but
>> /var/log/audit/audit.log grows with one line.
>> If I tried with an incorrect password, neither of the two log files changed.
>
> Did you relabel file-system?
> If you have some SE Linux problem (denials), sshd may fail even in
> permissive mode, because it is SE Linux aware application and it can
> choose different code flow with SE Linux enabled. Running the system in
> permissive mode is not the same as running the system with SE Linux
> switched off. I observed this sshd problem too.
> Regards
> --
> Zito
>

I wondering if he disabled SELinux completly,
just to isolate the issue.

-- 
Justin P. Mattock



More information about the ubuntu-hardened mailing list