[CentOS] Vsftpd vs. iptables firewall script

Wed May 23 16:01:09 UTC 2018
m.roth at 5-cent.us <m.roth at 5-cent.us>

Nicolas Kovacs wrote:
> Le 23/05/2018 à 16:58, m.roth at 5-cent.us a écrit :
>> A suggestion: once you've got the firewall issue dealt with, set selinux
>> into permissive mode; *then* you can figure out what it's complaining
>> about, while at the same time, your system will be available. Once
>> you've
>> fixed those issues, then you can make it enforcing.
>
> This is always my approach. Turns out the solution was rather simple
> here. After switching SELinux to permissive mode and connecting to the
> server, I did this:
>
>   # sealert -a /var/log/audit/audit.log
>
> The problem here was that I got a small tsunami of suggestions. But in

ARGH! No. We get entries in /var/log/messages that tell you run run
sealert *with* a given number. I just highlight, copy and run that, not
try to read the whole audit log.

       mark
> the middle of this flood, I got a boolean to set, so on a hunch, I tried
> that:
>
>   # setsebool -P ftpd_full_access 1
>
> Turns out this solved all SELinux-related problems. So Vsftp works
> perfectly now with my custom Iptables firewall *and* SELinux in
> enforcing mode.
>
> Cheers & thanks for all your suggestions.
>
> Niki
>
> --
> Microlinux - Solutions informatiques durables
> 7, place de l'église - 30730 Montpezat
> Site : https://www.microlinux.fr
> Blog : https://blog.microlinux.fr
> Mail : info at microlinux.fr
> Tél. : 04 66 63 10 32
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>