Posts

Showing posts from September, 2013

SELinux: Tiny Tip

Image
SELinux Modes: Enforcing - SELinux security policy is enforced. IF this is set SELinux is enabled and will try to enforce the SELinux policies strictly. Permissive – SELinux prints warnings instead of enforcing. This setting will just give warning when any SELinux policy setting is breached. Normal models(When SELinux Disabled): In the regular permissions models, processes run as users, and the files and other resources on the system are labeled with permissions that control which users have what access to which files. SELinux: SELinux adds a parallel set of permissions, in which each process runs with a SElinux security context, and files and other resources on the system are also labeled with a security context. The difference from normal permissions is that a configurable SELinux policy controls which process contexts can access which file contexts. Red Hat provides a default policy which most people use.  Another difference with SELinux, is that to have access to a

unexpectedly shrunk window (repaired) in dmesg log - TCP Peer

Don't Panic, This normally occurs when a client decides to reduce its TCP window size, without the server expecting it. This can be the case when fragmentation is an issue, or when the client is using an embedded device with very little NIC buffer memory. This is a completely normal behaviour, and you’re likely to see quite a few such packets in your log. The messages are informational only, and are used to debug networking issues. I’d be worried if you saw hundreds of thousands of these packets, since there are attacks that involve packet fragmentation and small window sizes, but otherwise it’s just the normal sort of noise you should expect to see on any internet-facing network. In fact, the “repaired” part of your message is showing that your network driver fixed the issue, which is usually done by concatenating the payloads of two fragmented packets together. Shouldn’t be an issue at all. … … … … … … … … … … … … … … … … … … … … … … … … … … … … … … …