User Tools

Site Tools


модуль_selinux

This is an old revision of the document!


Модуль SELinux

Конфигурация

# sestatus

# yum install policycoreutils-python-utils

# man semanage
...
semanage {import,export,login,user,port,interface,module,node,fcontext,boolean,permissive,dontaudit}
# semanage fcontext -l
# echo "<h1>Hello World</h1>" > /var/www/html/index.html
# ls -Za /var/www/html/

# echo "<h1>Hello World 2</h1>" > /root/index.html
# mv /root/index.html /var/www/html/index.html
# ls -Za /var/www/html/

# chcon -v -t httpd_sys_content_t /var/www/html/index.html
  или
# yum install setroubleshoot
# sealert -a /var/log/audit/audit.log
# /sbin/restorecon -v /var/www/html/index.html
# ps axZ | grep ssh
# yum install setools-console
# sesearch --allow | grep sshd_t | grep port

# semanage port -a -t ssh_port_t -p tcp 2222
# yum install policycoreutils-devel
# sepolicy network -a /usr/sbin/sshd
# semanage port -d -t ssh_port_t -p tcp 22
# runcon -t inetd_child_t -r system_r -u system_u cat /etc/passwd
# runcon -t httpd_t -r system_r -u system_u cat /etc/passwd
# semanage boolean -l
...
httpd_can_connect_ldap
...

Разработка модулей

Отключение

# sestatus

# setenforce 0

# cat /etc/selinux/config
...
SELINUX=disabled
...
модуль_selinux.1592822810.txt.gz · Last modified: 2020/06/22 13:46 (external edit)