Re: rc.local question/problem (partly solved w/ setenforce=0)
- From: Cameron Simpson <cs@xxxxxxxxxx>
- Date: Fri, 8 Jul 2011 12:40:08 +1000
On 03Jul2011 19:00, Paul Allen Newell <pnewell@xxxxxxxxxx> wrote:
| > I expect it varies depending on what clamscan thinks is needs to scan
| > each time.
| > Do you run prelink? It hacks binaries about on a regular basis and may
| > be causing clamscan to be more active.
|
| If I am running prelink, I don't know it.
| Your "varies" comment makes
| sense and I am not paying too much attention to it right now
Try saying:
rpm -q prelink
If it is installed (it is by default on RH) it has a daily crontab
entry; it used to trip our integrity checker regularly as binaries
changed. That said, I think it should only muck things about if libraries get
updated.
| > | The second question is why wouldn't selinux be defaulted to allow clamav
| > | given that's what Fedora seems to be suggesting/using?
| >
| > Maybe it is, if it runs from /etc/init.d or something. Is clamav a
| > fedora supplied package? If so, why is it run from rc.local instead of
| > via a conventional presupplied chkconfig-controlled start/stop script?
| >
| It isn't part of the default "fresh" install, so I have to yum install
| it after. [...]
It's still Fedora supplied if you don't need an extra repository to
obtain it.
| The choice of rc.local is mine as I want it to happen at least once per
| time I use this F14 computer and don't want to have to su to root and
| manually run each time.
|
| I've seen mention of chkconfig but know nothing about it ... and haven't
| been able to see any reason why rc.local isn't a reasonable choice for
| doing freshclam and clamscan
rc.local is only a problem because of the selinux difficulties you're
having.
Regarding chkconfig, it's a tool to control which start/stop scripts get
run at different run levels, and therefor at boot.
Try this:
chkconfig --list
Does clamav show in the list?
A normal Fedora boot goes to runlevel 3 (text mode login) or 5 (GUI
login). So if you want clamav to run at boot, chkconfig should show it
as "on" for runlevels 3 and/or 5, usually both. Ths command:
chkconfig --level 35 clamav on
would do this (presuming "clamav" to be the relevant name listed by
"chkconfig --list" above - adjust to suit).
of course, it would still be useful to figure out the best selinux
incantation required to allow rc.local invocation of clamav...
Cheers,
--
Cameron Simpson <cs@xxxxxxxxxx> DoD#743
http://www.cskk.ezoshosting.com/cs/
I thought back to other headaches from my past and sneered at their
ineffectiveness. - Harry Harrison
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
- References:
- Re: rc.local question/problem (partly solved w/ setenforce=0)
- From: Paul Allen Newell
- Re: rc.local question/problem (partly solved w/ setenforce=0)
- Prev by Date: gtk-server
- Next by Date: Re: Btrfs development in Fedora 16
- Previous by thread: Re: rc.local question/problem (partly solved w/ setenforce=0)
- Next by thread: Re: rc.local question/problem (mostly solved)
- Index(es):
Relevant Pages
|
