Nicolas Kovacs wrote: > Le 23/05/2018 à 16:58, m.roth at 5-cent.us a écrit : >> A suggestion: once you've got the firewall issue dealt with, set selinux >> into permissive mode; *then* you can figure out what it's complaining >> about, while at the same time, your system will be available. Once >> you've >> fixed those issues, then you can make it enforcing. > > This is always my approach. Turns out the solution was rather simple > here. After switching SELinux to permissive mode and connecting to the > server, I did this: > > # sealert -a /var/log/audit/audit.log > > The problem here was that I got a small tsunami of suggestions. But in ARGH! No. We get entries in /var/log/messages that tell you run run sealert *with* a given number. I just highlight, copy and run that, not try to read the whole audit log. mark > the middle of this flood, I got a boolean to set, so on a hunch, I tried > that: > > # setsebool -P ftpd_full_access 1 > > Turns out this solved all SELinux-related problems. So Vsftp works > perfectly now with my custom Iptables firewall *and* SELinux in > enforcing mode. > > Cheers & thanks for all your suggestions. > > Niki > > -- > Microlinux - Solutions informatiques durables > 7, place de l'église - 30730 Montpezat > Site : https://www.microlinux.fr > Blog : https://blog.microlinux.fr > Mail : info at microlinux.fr > Tél. : 04 66 63 10 32 > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >