Subject: Re: Veriexec: Incorrect access type
To: None <email@example.com>
From: John R. Shannon <firstname.lastname@example.org>
Date: 04/03/2007 09:50:36
Further investigation shows that I can execute the command, /bin/cat, without
the message. The veriexec message is getting logged when mtree is run on
the /bin directory as part of the daily security checks.
On Tuesday 03 April 2007 09:16, John R. Shannon wrote:
> I appear to be logging an incorrect access type message from veriexec on
> every program executed. A typical log entry looks like:
> Veriexec: Incorrect access type. [cat, pid=2202, uid=0, gid=0]
> where the corresponding /etc/signatures entry looks like:
> /bin/cat SHA256
> The kernel uses the veriexec options and pseudodevice as defined in GENERIC
> and /dev/veriexec is present.
> Is this something familiar?
John R. Shannon, CISSP
DSCI, Information Assurance Division