Re: an actual hacked machine, in a preserved state

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 1/2/2012 9:41 PM, Ljubomir Ljubojevic wrote:
> On 01/03/2012 03:30 AM, Bennett Haselton wrote:
>> In other words, when SELinux causes a problem, it can take hours or days
>> to find out that SELinux is the cause -- and even then you're not done,
>> because you have to figure out a workaround if you want to fix the
>> problem while keeping SELinux turned on.
> You can always set SELinux to permissible mode for testing purposes and
> it will allow the action, but report that it would have been blocked.
>
Then, re-boot back into enforcing mode and run "audit2allow" and it will tell you how
to set up a module which can be installed so that SELinux will allow the operation.

Here is a little file I keep in my /root directory to remind me some basic SELinux stuff:
--------------------------------------------------------------------------
[root@monstro selinux]# more README
Procedure to make an seliux policy named localtmp...

cd /root
mkdir tmp
cd tmp
chcon -R -t usr_t .
ln -s /usr/share/selinux/devel/Makefile .
audit2allow -m mickey1 -i /var/log/audit/audit.log -o mickey1.te
make -f /usr/share/selinux/devel/Makefile
mv filename.te filename.pp ../selinux/
cd ../selinux
semodule -i filename.pp


Commands to fix sshd binding to non-standard ports...
semanage port -a -t ssh_port_t -p tcp 2244
semanage port -l | grep 22

Needed by samba
setsebool -P samba_export_all_ro 1
setsebool -P samba_enable_home_dirs 1
setsebool -P samba_export_all_rw 1

[root@monstro selinux]#
--------------------------------------------------------------------------
Harold

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux