Security message that seems to point that my system is hacked

[asicDesign]

I keep getting the following security alert. What does it mean? Has my system been hacked? How do I find out if it has been hacked? Is there any software I can download to enhance security?
Some help on this will be much appreciated.



SELinux is preventing /opt/teamviewer/teamviewer/7/wine/bin/wine-preloader from mmap_zero access on the memprotect .

***** Plugin mmap_zero (34.9 confidence) suggests **************************

If you do not think /opt/teamviewer/teamviewer/7/wine/bin/wine-preloader should need to mmap low memory in the kernel.
Then you may be under attack by a hacker, this is a very dangerous access.
Do
contact your security administrator and report this issue.

***** Plugin wine (34.9 confidence) suggests *******************************

If you want to ignore this AVC because it is dangerous and your wine applications are working correctly.
Then you must tell SELinux about this by enabling the wine_mmap_zero_ignore boolean.
Do
# setsebool -P wine_mmap_zero_ignore 1

***** Plugin catchall_boolean (28.0 confidence) suggests *******************

If you want to control the ability to mmap a low area of the address space, as configured by /proc/sys/kernel/mmap_min_addr.
Then you must tell SELinux about this by enabling the 'mmap_low_allowed' boolean.You can read 'mmap_selinux' man page for more details.
Do
setsebool -P mmap_low_allowed 1

***** Plugin catchall (3.94 confidence) suggests ***************************

If you believe that wine-preloader should be allowed mmap_zero access on the memprotect by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep wine-preloader /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context unconfined_u:unconfined_r:wine_t:s0-s0:c0.c1023
Target Context unconfined_u:unconfined_r:wine_t:s0-s0:c0.c1023
Target Objects [ memprotect ]
Source wine-preloader
Source Path /opt/teamviewer/teamviewer/7/wine/bin/wine-
preloader
Port <Unknown>
Host asic1
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.10.0-96.fc16.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name asic1
Platform Linux asic1 3.6.11-1.fc16.i686 #1 SMP Mon Dec 17
21:36:23 UTC 2012 i686 i686
Alert Count 246
First Seen Sat 16 Jun 2012 11:18:07 PM EDT
Last Seen Wed 06 Feb 2013 11:04:45 PM EST
Local ID 205069e9-9682-401a-a52b-0fa9a3860796

Raw Audit Messages
type=AVC msg=audit(1360209885.671:1950): avc: denied { mmap_zero } for pid=10973 comm="wine-preloader" scontext=unconfined_u:unconfined_r:wine_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:wine_t:s0-s0:c0.c1023 tclass=memprotect


Hash: wine-preloader,wine_t,wine_t,memprotect,mmap_zero

audit2allow

#============= wine_t ==============
#!!!! This avc can be allowed using the boolean 'mmap_low_allowed'

allow wine_t self:memprotect mmap_zero;

audit2allow -R

#============= wine_t ==============
#!!!! This avc can be allowed using the boolean 'mmap_low_allowed'

allow wine_t self:memprotect mmap_zero;

[domg472]

Wine attempts to mmap_zero on memprotect

This is *potentially* dangerous

Wine does not always actually need this permission and therefore SELinux denies these attempts and prints a report about the event by default.

It is up to you to determine whether this access is really needed or that it is a "false positive"

If it is really needed, e.g. your wine application does not work, then you can tell SELinux to allow this access with the following command:

Code:

 sudo setsebool -P mmap_low_allowed 1

If your wine-app works fine. Then it is a false positive and then you can tell SELinux to silently deny attempts by wine to mmap_zero on memprotect (that way SELinux will block but will no longer print a report of the event):

Code:

 sudo setsebool -P wine_mmap_zero_ignore 1

Most of the time wine does not need this access, only some old windows applications actually need this.

So that is why you get this message. Now you are aware that it is something to think about. It is up to you to decide how to deal with it.

This is a common issue with wine, so it probably does not signal an actual intrusion.

Quote:

Is there any software I can download to enhance security?

This *IS* enhanced security. A potential dangerous action was blocked and you were informed about the event. It does not get much more " Enhanced" than this.

[ptuk]

I get these kinds of warning all the time when using Wine. The programs still seem to run OK so I've not investigated further and I've not altered SELinux permissions to get rid of the warnings.