[CentOS] an actual hacked machine, in a preserved state

Harold Pritchett harold at uga.edu
Tue Jan 3 03:23:57 UTC 2012


On 1/2/2012 9:41 PM, Ljubomir Ljubojevic wrote:
> On 01/03/2012 03:30 AM, Bennett Haselton wrote:
>> In other words, when SELinux causes a problem, it can take hours or days
>> to find out that SELinux is the cause -- and even then you're not done,
>> because you have to figure out a workaround if you want to fix the
>> problem while keeping SELinux turned on.
> You can always set SELinux to permissible mode for testing purposes and
> it will allow the action, but report that it would have been blocked.
>
Then, re-boot back into enforcing mode and run "audit2allow" and it will tell you how
to set up a module which can be installed so that SELinux will allow the operation.

Here is a little file I keep in my /root directory to remind me some basic SELinux stuff:
--------------------------------------------------------------------------
[root at monstro selinux]# more README
Procedure to make an seliux policy named localtmp...

cd /root
mkdir tmp
cd tmp
chcon -R -t usr_t .
ln -s /usr/share/selinux/devel/Makefile .
audit2allow -m mickey1 -i /var/log/audit/audit.log -o mickey1.te
make -f /usr/share/selinux/devel/Makefile
mv filename.te filename.pp ../selinux/
cd ../selinux
semodule -i filename.pp


Commands to fix sshd binding to non-standard ports...
semanage port -a -t ssh_port_t -p tcp 2244
semanage port -l | grep 22

Needed by samba
setsebool -P samba_export_all_ro 1
setsebool -P samba_enable_home_dirs 1
setsebool -P samba_export_all_rw 1

[root at monstro selinux]#
--------------------------------------------------------------------------
Harold




More information about the CentOS mailing list