Re: SELINUX Problem (Firefox Create access on rawip_socket)

2016-05-11 Thread Joe Zeff
On 05/11/2016 08:51 AM, Patrick O'Callaghan wrote: Virtually every security measure is a partial solution. There are no magic bullets. However just because a given measure is weak on its own doesn't mean it isn't useful in combination with others. Using a non- root user for remote login means

Re: SELINUX Problem (Firefox Create access on rawip_socket)

2016-05-11 Thread Patrick O'Callaghan
On Wed, 2016-05-11 at 10:07 -0500, Bruno Wolff III wrote: > On Tue, May 10, 2016 at 01:30:48 -0700, >   Joe Zeff wrote: > > > > > > Excellent advice.  Linux never tells you if the username you're > > trying  > > to log in with is right, just that the combination of username and  >

Re: SELINUX Problem (Firefox Create access on rawip_socket)

2016-05-11 Thread Bruno Wolff III
On Tue, May 10, 2016 at 01:30:48 -0700, Joe Zeff wrote: Excellent advice. Linux never tells you if the username you're trying to log in with is right, just that the combination of username and password was wrong. The only username that a potential cracker knows exists is

Re: SELINUX Problem (Firefox Create access on rawip_socket)

2016-05-10 Thread Tim
Allegedly, on or about 10 May 2016, Patrick O'Callaghan sent: > Much more important is to keep tight control of logins > from outside your network. Only allow SSH, don't allow it to the root > account, only allow it using token (not password) access, and run > fail2ban. If you run externally

Re: SELINUX Problem (Firefox Create access on rawip_socket)

2016-05-10 Thread Joe Zeff
On 05/10/2016 01:03 AM, Patrick O'Callaghan wrote: Much more important is to keep tight control of logins from outside your network. Only allow SSH, don't allow it to the root account, only allow it using token (not password) access, and run fail2ban. Excellent advice. Linux never tells you

Re: SELINUX Problem (Firefox Create access on rawip_socket)

2016-05-10 Thread Patrick O'Callaghan
On Mon, 2016-05-09 at 16:11 -0700, Samuel Sieb wrote: > > Linux is a bit more impervious to the nefarious actions of the evil > > hackers out there than MacOS and a lot more so that Winblows, but > it > > isn't perfect. If you're surfing the web, wear a full-body condom > or > > two. And always

Re: SELINUX Problem (Firefox Create access on rawip_socket)

2016-05-09 Thread Samuel Sieb
On 05/09/2016 03:52 PM, Rick Stevens wrote: On 05/09/2016 12:19 PM, CS DBA wrote: 1) If I want to use the plugin package: you must turn off SELinux controls on the Firefox plugins. # setsebool -P unconfined_mozilla_plugin_transition 0 I wouldn't go so far as to reinstall. SELinux has blocked

Re: SELINUX Problem (Firefox Create access on rawip_socket)

2016-05-09 Thread Rick Stevens
On 05/09/2016 03:30 PM, CS DBA wrote: On 05/09/2016 01:39 PM, Rick Stevens wrote: On 05/09/2016 12:19 PM, CS DBA wrote: Hi All; I'm running Fedora 23 KDE Spin, After a recent firefox update (I'm now at Firefox 46.0.1) I've been getting these SELINUX alerts: The source process:

Re: SELINUX Problem (Firefox Create access on rawip_socket)

2016-05-09 Thread CS DBA
On 05/09/2016 04:36 PM, Samuel Sieb wrote: On 05/09/2016 12:19 PM, CS DBA wrote: Thoughts? Is this a bug? Should I run the setsebool command to allow access? https://bugzilla.redhat.com/show_bug.cgi?id=1230052 What plugins do you have installed? Flash? -- users mailing list

Re: SELINUX Problem (Firefox Create access on rawip_socket)

2016-05-09 Thread Samuel Sieb
On 05/09/2016 12:19 PM, CS DBA wrote: Thoughts? Is this a bug? Should I run the setsebool command to allow access? https://bugzilla.redhat.com/show_bug.cgi?id=1230052 What plugins do you have installed? Flash? -- users mailing list users@lists.fedoraproject.org To unsubscribe or change

Re: SELINUX Problem (Firefox Create access on rawip_socket)

2016-05-09 Thread CS DBA
On 05/09/2016 01:39 PM, Rick Stevens wrote: On 05/09/2016 12:19 PM, CS DBA wrote: Hi All; I'm running Fedora 23 KDE Spin, After a recent firefox update (I'm now at Firefox 46.0.1) I've been getting these SELINUX alerts: The source process: 57656220436F6E74656E74 Attempted this access:

Re: SELINUX Problem (Firefox Create access on rawip_socket)

2016-05-09 Thread Rick Stevens
On 05/09/2016 12:19 PM, CS DBA wrote: Hi All; I'm running Fedora 23 KDE Spin, After a recent firefox update (I'm now at Firefox 46.0.1) I've been getting these SELINUX alerts: The source process: 57656220436F6E74656E74 Attempted this access: create On this rawip_socket: The alert gives me

SELINUX Problem (Firefox Create access on rawip_socket)

2016-05-09 Thread CS DBA
Hi All; I'm running Fedora 23 KDE Spin, After a recent firefox update (I'm now at Firefox 46.0.1) I've been getting these SELINUX alerts: The source process: 57656220436F6E74656E74 Attempted this access: create On this rawip_socket: The alert gives me 2 choices: 1) If I want to use the