[ubuntu-hardened] Cannot use SSH with Refpolicy in Ubuntu Hardy
Matt Anderson
mra at hp.com
Thu Sep 11 20:30:55 BST 2008
Hong wrote:
> I downloaded the source of refpolicy in Hardy. (`apt-get source
> refpolicy`). I compiled the policy and loaded it. And then I reboot
> the system with PERMISSIVE mode. (add `enforcing=0` in the kernel
> options when booting)
>
> Now I cannot login the system remotely using ssh. Note that the system
> is in PERMISSIVE mode! (`getenforce` returns `Permissive`). Everytime I
> tried `ssh my_host_name` and enter the correct password, the client side
> shows
> "Read from remote host my_host_name: Connection reset by peer
> Connection to my_host_name."
>
> And after each unsuccessful login, the /var/log/audit/audit.log file on
> the server added a line:
> "type=ANOM_ABEND msg=audit(1220746818.492:93): audit=4294967295 uid=1000
> gid=1000 subj=system_u:system_r:sysadm_t pid=4713 comm="sshd" sig=6"
The way I read this is the sshd process ended with signal 6 which is
Abort. The type ANOM_ABEND I think decodes to Anomalous - Abnormal End.
> By the way, when I use `make load` to load the policy, there is a
> one-line error message
> '[19691.816572] secuirty; context system-u;system-r;sysadm-mail-t is
> invalid'
I suspect this is closer to where your problem lies. For one, I'd
expect underscores instead of dashes in the context. I'd try removing
and trying to rebuild and install the policy cleanly. Is it possible to
get a pre-built policy for Hardy? It might be useful to see if the
problem exists there as well.
-matt
More information about the ubuntu-hardened
mailing list