HELP! /bin/bash: Permission denied

[KingCollins]

Hey guys, in some trouble here. I recently did a yum update and turned on enforcing on SELinux while setting up an httpd server and now I cannot SSH or login into my server?

 

Everytime I login, it does login successfully but kicks me out instantly, it's almost like a login loop. How can I see that I'm logging in? Because it gives me the "Last login" message.

 

Please see below:

➜  ~ ssh root@192.168.0.215
root@192.168.0.215's password:
Last login: Fri Jul 26 14:01:15 2019 from 192.168.1.2
/bin/bash: Permission denied
Connection to 192.168.0.215 closed.

Any ideas? This is running on a HyperV host

[Jarsky]

What happens if you disable SELinux? (setenforce 0)

 

Any errors under dmesg? 

[KingCollins]

1 minute ago, Jarsky said:

What happens if you disable SELinux? (setenforce 0)

 

Any errors under dmesg? 

I cannot gain access to the machine at all! 

 

Although, rsyslog is configured to push logs to a Graylog server running, lemme see if there was any errors on there.

[KingCollins]

ssh_selinux_change_context: setcon system_u:system_r:sshd_net_t:s0 from system_u:system_r:kernel_t:s0 failed with Permission denied [preauth]

Failed to start user slice user-0.slice, ignoring: Access denied (org.freedesktop.DBus.Error.AccessDenied)

Failed to start session scope session-3.scope: Access denied

pam_systemd(sshd:session): Failed to create session: Access denied


audit event#012node=centos.localdomain type=AVC msg=audit(1564147354.265:198): avc:  denied  { dyntransition } for  pid=3065 comm="sshd" scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process permissive=0#012#012node=centos.localdomain type=SYSCALL msg=audit(1564147354.265:198): arch=c000003e syscall=1 success=no exit=-13 a0=6 a1=5584270cee60 a2=2a a3=666e6f636e753a72 items=0 ppid=3034 pid=3065 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:kernel_t:s0 key=(null)

Looks to be SELinux alright I think? 

[Jarsky]

12 minutes ago, KingCollins said:

I cannot gain access to the machine at all! 

So not even through hyper-v console?? It should only be affecting remote tty (ssh) 

[NelizMastr]

The HyperV MMC should indeed work. Try that for good measure.

[KingCollins]

10 minutes ago, NelizMastr said:

The HyperV MMC should indeed work. Try that for good measure.

I've tried multiple times now. Lemme try once more for good measure.

[NelizMastr]

Also, logging in directly as root is really not best practice. Use a named user account instead and go into root mode whenever needed.

[KingCollins]

9 minutes ago, NelizMastr said:

Also, logging in directly as root is really not best practice. Use a named user account instead and go into root mode whenever needed.

That's usually what I do, I log in as a separate user and sudo su. But neither are working.

 

Non root user on MMC:

audit event#012node=centos.localdomain type=AVC msg=audit(1564150060.309:294): avc:  denied  { transition } for  pid=4641 comm="login"
path="/usr/bin/bash" dev="dm-0" ino=1194 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0
tclass=process permissive=0#012#012node=centos.localdomain type=SYSCALL msg=audit(1564150060.309:294): arch=c000003e syscall=59 success=no
exit=-13 a0=c4b252 a1=7fff67d859f8 a2=c55490 a3=7fff67d85220 items=0 ppid=4587 pid=4641 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000
fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=tty1 ses=7 comm="login" exe="/usr/bin/login" subj=system_u:system_r:kernel_t:s0 key=(null)

Logging in does not give me a "Login incorrect" error. Just loops back to login.

[NelizMastr]

3 minutes ago, KingCollins said:

That's usually what I do, I log in as a separate user and sudo su. But neither are working.

 

Non root user on MMC:

audit event#012node=centos.localdomain type=AVC msg=audit(1564150060.309:294): avc:  denied  { transition } for  pid=4641 comm="login"
path="/usr/bin/bash" dev="dm-0" ino=1194 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0
tclass=process permissive=0#012#012node=centos.localdomain type=SYSCALL msg=audit(1564150060.309:294): arch=c000003e syscall=59 success=no
exit=-13 a0=c4b252 a1=7fff67d859f8 a2=c55490 a3=7fff67d85220 items=0 ppid=4587 pid=4641 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000
fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=tty1 ses=7 comm="login" exe="/usr/bin/login" subj=system_u:system_r:kernel_t:s0 key=(null)

Logging in does not give me a "Login incorrect" error. Just loops back to login.

Well I think you've locked yourself out completely. If you aren't permitted to use bash and you can't supply a different shell entirely you're looking at a rebuild of the machine.

[Jarsky]

Unless you took a snapshot, I don't see you being able to do anything short of shutting it down, attaching the disk to another VM and creating a mount point and editing /etc/selinux/config 

[KingCollins]

Ok, I managed to log into single user mode after editing the kernel boot line.

 

I have a few options but of course I cannot see the /etc/selinux directory.

 

Any suggestions?

[KingCollins]

I GOT IN!!!!

 

I had to add selinux=0 as a kernel boot parameter to disable SELinux when booting.

 

Oh thank god, I can sleep tonight.

 

Thanks guys for the suggestions.