 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Thu, 13 Oct 2011 22:06:57 -0700 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
On 2011/10/13 21:24, William Scott wrote:
> On 14 October 2011 14:13, jdow<[log in to unmask]> wrote:
>
>>
>> It acts as if the file is not even seen since there are no selinux problems
>> reported for it. So that makes me think something spooky is going on.
>
> Where did you put your script?
>
> if [ -x /sbin/ifup-pre-local ]; then
> /sbin/ifup-pre-local ${CONFIG} $2
> fi
>
> if [ -x /sbin/ifdown-pre-local ]; then
> /sbin/ifdown-pre-local ${DEVICE}
> fi
>
> The scripts get given arguments. Maybe echo $1, $2 to a text file and
> see what they get.
# ls --lcontext /sbin/ifup-local
-rwxr-xr-x. 1 system_u:object_r:bin_t:s0 root root 329 Jul 25 13:30
/sbin/ifup-local
The argument is used. If it is eth1 the rest of the script runs else
it skips on through.
It's contents (now) are:
===8<---
#!/bin/sh
DEVICE=$1
echo >>/tmp/ifup "ifup-local: $DEVICE"
if [ ${DEVICE} = "eth1" ]; then
echo >>/tmp/ifup "ifup-local resetting scripts etc"
/etc/sysconfig/network-scripts/iptables.up
/etc/sysconfig/network-scripts/dyndns-ip-up.local
/etc/mail/spamassassin/RestartMail.sh
fi
===8<---
It appears the script tries to run.
# ls --lcontext /etc/sysconfig/network-scripts/iptables.up
-rwxr-xr-x. 1 system_u:object_r:bin_t:s0 root root 534 Jul 25 13:37
/etc/sysconfig/network-scripts/iptables.up
# ls --lcontext /etc/sysconfig/network-scripts/dyndns-ip-up.local
-rwxr-xr-x. 1 system_u:object_r:bin_t:s0 root root 1735 Jul 25 13:38
/etc/sysconfig/network-scripts/dyndns-ip-up.local
# ls --lcontext /etc/mail/spamassassin/RestartMail.sh
-rwxr-xr-x. 1 system_u:object_r:bin_t:s0 root root 393 Jul 25 13:36
/etc/mail/spamassassin/RestartMail.sh
So the sub-scripts look good. (The iptables script perpetrates some
horrors I can't do with the firewall tool and make the system somewhat
more secure against ssh attacks. Making an attacker wait two or three
seconds before trying to get in again makes it annoyingly hard to guess
even abcdefg as a password. What I use is somewhat better, of course.)
It appears RestartMail.sh might actually run. It stops fetchmail, restarts
spamd, and restarts each user's fetchmail with a sudo to the user. There is
no indication that fetchmail starts - no mail inflow starts. The iptables
script prints out an "I am running" note using echo to a file in /tmp. But
the firewall does not end up setup. That's about where I got frustrated.
The iptables script outputs about a half dozen notes to syslog and they
don't appear. Nor do any error messages. That's the really confusing part.
So I guess I had indeed wrestled it around to actually running. But the files
it uses don't seem to run right. They run perfectly if I run /sbin/ifup-local
directly (as root, of course.)
And ifdown eth1 followed by ifup eth1 works fine. It's on boot that it seems
like nothing started up. Does syslog start after network?
I'll ask my system.... Duh - I think I answered the question. Now I have to
ask other questions of my system after I boot it next time. Indeed, network
starts before syslog so of course I will not see the messages I expected in
syslog. Reapproaching the problem after being away from it for awhile works.
Fortunately I did not need to boot all that often.
I figure this one is solved.
{^_^}
|
|
|
