[CentOS] shellinabox via proxy(apache)
lejeczek
peljasz at yahoo.co.ukFri Jun 15 16:15:14 UTC 2018
- Previous message: [CentOS] CentOS-announce Digest, Vol 160, Issue 3
- Next message: [CentOS] Passwords in plain text
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
hi guys,
cannot get it to work - shellinabox - not being programmer nor
selinux sorcerer.
shellinabox via apache, when I ausearch it all I get is:
#============= unconfined_service_t ==============
#!!!! The file '/usr/bin/bash' is mislabeled on your system.
#!!!! Fix with $ restorecon -R -v /usr/bin/bash
allow unconfined_service_t unconfined_t:process transition;
I have shellinabox in Apache's:
<Location /cmd>
AuthType Basic
AuthName "some more"
AuthBasicProvider PAM
AuthPAMService rstudio
Require valid-user
#Require all granted
ProxyPasshttp://localhost:4200/
</Location>
using:
LoadModule authnz_pam_module modules/mod_authnz_pam.so
So all seems to work there between apache & shellinabox. Last bit
when you login to shell you get denied.
I also see:
$ ps -FZp 2909167 --cols 999
LABEL UID PID PPID C SZ RSS PSR STIME TTY TIME CMD
system_u:system_r:unconfined_service_t:s0 shellin+ 2909167 1 0 10785 2740 7 Jun11 ? 00:00:00 /usr/sbin/shellinaboxd -u shellinabox -g shellinabox --cert=/var/lib/shellinabox --port=4200 --localhost-only --disable-ssl
So it seems that shellinabox runs unconfined and the centos' policy forbids transitions between unconfined domains.
Would that be right?
Many thanks, L.
- Previous message: [CentOS] CentOS-announce Digest, Vol 160, Issue 3
- Next message: [CentOS] Passwords in plain text
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list