<div dir="ltr">Hi,<div><br></div><div><table class="gmail-MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="78%" style="width:78.12%;border-collapse:collapse">
<tbody><tr style="height:12.7pt">
<td width="79%" valign="top" style="width:79.76%;border-top:none;border-left:none;border-bottom:1pt solid windowtext;border-right:1pt solid windowtext;padding:0in 5.4pt;height:12.7pt">
<p class="MsoNormal" style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:9pt;font-family:Arial,sans-serif">Problem Description:<br>
Customer security scan returned unconfined services on Kamailio.<br>
Unconfined processes run in unconfined domains Rationale:<br>
For unconfined processes, SELinux policy rules are applied, but policy rules
exist that allow processes running<br>
in unconfined domains almost all access. Processes running in unconfined
domains fall back to using DAC<br>
rules exclusively. If an unconfined process is compromised, SELinux does not
prevent an attacker from<br>
gaining access to system resources and data, but of course, DAC rules are
still used. SELinux is a security<br>
enhancement on top of DAC rules - it does not replace them<br>
Solution<br>
Investigate any unconfined processes found during the audit action. They may
need to have an existing security<br>
context assigned to them or a policy built for them.<br>
Notes:<br>
Occasionally certain daemons such as backup or centralized management
software may require running<br>
unconfined. Any such software should be carefully analyzed and documented
before such an exception is made.<br>
See Also<br>
<a href="https://workbench.cisecurity.org/files/2485" style="color:rgb(5,99,193)">https://workbench.cisecurity.org/files/2485</a><br>
<br>
For Kamailio<br>
======<br>
The command returned :<br>
00 kamailio<br>
00 kamailio<br>
00 kamailio<br>
00 kamailio<br>
00 kamailio<br>
10 kamailio<br>
10 kamailio<br>
10 kamailio<br>
10 kamailio<br>
00 kamailio<br>
00 kamailio<br>
00 kamailio<br>
00 kamailio<br>
33 kamailio<br>
33 kamailio<br>
33 kamailio<br>
32 kamailio<br>
17 kamailio<br>
16 kamailio<br>
33 kamailio<br>
00 kamailio<br>
00 kamailio<br>
03 kamailio<br>
05 kamailio<br>
18 kamailio<br>
17 kamailio<br>
18 kamailio<br>
18 kamailio<br>
07 kamailio<br>
00 sleep</span></p>
</td>
</tr>
</tbody></table></div><div><br></div><div>is any security context available to assign kamailio processes ?</div><div><span style="font-size:11pt;font-family:Calibri,sans-serif">theses services can
be run as confined services ?</span><br></div><div><span style="font-size:11pt;font-family:Calibri,sans-serif"><br></span></div><div><span style="font-size:11pt;font-family:Calibri,sans-serif">Please suggest us with resolution, thanks in advance.</span></div><div><br clear="all"><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Thanks & Regards,<div> Hima Bindu.</div></div></div></div></div></div>