Denied an untrusted non system library binary

Customer support forums for Atomic Protector (formerly Atomic Secured Linux). There is no such thing as a bad question here as long as it pertains to using Atomic Protector. Newbies feel free to get help getting started or asking questions that may be obvious. Regular users are asked to be gentle. :-)
kram
Forum Regular
Forum Regular
Posts: 243
Joined: Sat Dec 11, 2004 2:33 pm
Location: South Africa

Denied an untrusted non system library binary

Unread post by kram »

Hello,

I recently upgraded ASL and I picked up loads of these messages in the logs.

Code: Select all

Denied an untrusted non system library binary from hooking an application.

kernel: grsec: denied exec of usermode helper binary /usr/libexec/abrt-hook-ccpp located outside of /sbin and system library paths
Any Suggestions?

asl -v

Atomic Secured Linux, version 4.0-10.el6.art: CentOS 6 (SUPPORTED)
Copyright Atomicorp 2005-2014
All Rights Reserved.

Extended Version Information:

ASL_VERSION 4.0-10
APPINV_VERSION 201402101531
CLAMAV_VERSION 201405120949
GEOMAP_VERSION 201405121720
GRSEC_VERSION 0
MODSEC_VERSION 201405121429
OSSEC_VERSION 201405091000
WAF_DELAYED_VERSION 0
KERNEL_VERSION 0
Mark Brindley
2Large Networks - Web solutions that work
kram
Forum Regular
Forum Regular
Posts: 243
Joined: Sat Dec 11, 2004 2:33 pm
Location: South Africa

Re: Denied an untrusted non system library binary

Unread post by kram »

I just found another post in the forum by Michael Shinn.

Thats coming from Redhats abrt daemon, which you probably dont need to have running. If you want to disable it, run these commands as root:

service abrt-ccpp stop
service abrtd stop
service abrt-oops stop
chkconfig --del abrtd
chkconfig --del abrt-ccpp
chkconfig --del abrt-oops
_________________
Michael Shinn
Mark Brindley
2Large Networks - Web solutions that work
prupert
Forum Regular
Forum Regular
Posts: 573
Joined: Tue Aug 01, 2006 2:45 pm
Location: Netherlands

Re: Denied an untrusted non system library binary

Unread post by prupert »

kram wrote:I just found another post in the forum by Michael Shinn.

Thats coming from Redhats abrt daemon, which you probably dont need to have running. If you want to disable it, run these commands as root:

service abrt-ccpp stop
service abrtd stop
service abrt-oops stop
chkconfig --del abrtd
chkconfig --del abrt-ccpp
chkconfig --del abrt-oops
In stead of 'chkconfig --del <servicename>' it is better to use 'chkconfig <servicename> off'.

If you want to remove the service, you might just as well remove the abrt packages altogether via yum in stead of making custom file-level manipulations that might be reversed in the future.
Lemonbit Internet Dedicated Server Management
kram
Forum Regular
Forum Regular
Posts: 243
Joined: Sat Dec 11, 2004 2:33 pm
Location: South Africa

Re: Denied an untrusted non system library binary

Unread post by kram »

Thanks prupert,

everything seems fine now.
Mark Brindley
2Large Networks - Web solutions that work
Post Reply