Nicolas Kovacs wrote:
> Le 23/05/2018 à 16:58, m.roth@xxxxxxxxx a écrit :
>> A suggestion: once you've got the firewall issue dealt with, set selinux
>> into permissive mode; *then* you can figure out what it's complaining
>> about, while at the same time, your system will be available. Once
>> you've
>> fixed those issues, then you can make it enforcing.
>
> This is always my approach. Turns out the solution was rather simple
> here. After switching SELinux to permissive mode and connecting to the
> server, I did this:
>
> # sealert -a /var/log/audit/audit.log
>
> The problem here was that I got a small tsunami of suggestions. But in
ARGH! No. We get entries in /var/log/messages that tell you run run
sealert *with* a given number. I just highlight, copy and run that, not
try to read the whole audit log.
mark
> the middle of this flood, I got a boolean to set, so on a hunch, I tried
> that:
>
> # setsebool -P ftpd_full_access 1
>
> Turns out this solved all SELinux-related problems. So Vsftp works
> perfectly now with my custom Iptables firewall *and* SELinux in
> enforcing mode.
>
> Cheers & thanks for all your suggestions.
>
> Niki
>
> --
> Microlinux - Solutions informatiques durables
> 7, place de l'église - 30730 Montpezat
> Site : https://www.microlinux.fr
> Blog : https://blog.microlinux.fr
> Mail : info@xxxxxxxxxxxxx
> Tél. : 04 66 63 10 32
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos
>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
