API tools faq
paste
Advertisement
sandervanvugt

SELinux Aug2020

sandervanvugt
Aug 3rd, 2020
89
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.50 KB | None | 0 0
raw download clone embed print report
  1. 1 git clone https://github.com/sandervanvugt/bash-scripting
  2. 2 cd bash-scripting/
  3. 3 ls
  4. 4 vim script1
  5. 5 script1
  6. 6 echo $PATH
  7. 7 exit
  8. 8 echo $PATH
  9. 9 ./script1
  10. 10 cd bash-scripting/
  11. 11 ./script1
  12. 12 ls -l
  13. 13 chmod +x script1
  14. 14 ./script1
  15. 15 cat script1
  16. 16 ls -l script1
  17. 17 echo $?
  18. 18 ls kiwhgiughwiurghv
  19. 19 echo $?
  20. 20 ./script1
  21. 21 bash script1
  22. 22 sh script1
  23. 23 cat script1
  24. 24 history
  25. 25 chmod -x script1
  26. 26 bash script1
  27. 27 ./script1
  28. 28 chmod +x script1
  29. 29 sh script1
  30. 30 which sh
  31. 31 which bash
  32. 32 ls -l /usr/bin/sh /usr/bin/bash
  33. 33 vim script2
  34. 34 ./script2
  35. 35 chmod +x script*
  36. 36 ./script2
  37. 37 cat script2
  38. 38 pwd
  39. 39 vim script2
  40. 40 source script2
  41. 41 cat /etc/os-release
  42. 42 cat /etc/redhat-release
  43. 43 getenforce
  44. 44 ls -alZ
  45. 45 yum install -y httpd
  46. 46 cd /var/www/html/
  47. 47 vim index.html
  48. 48 systemctl enable --now httpd
  49. 49 curl http://localhost
  50. 50 ps Zaux | grep httpd
  51. 51 ls -Z /var/www
  52. 52 ls -Zd /var/tmp
  53. 53 semanage fcontext -l
  54. 54 semanage fcontext -l | wc
  55. 55 history
  56. 56 mkdir /web
  57. 57 cd /web
  58. 58 vim index.html
  59. 59 vim /etc/httpd/conf/httpd.conf
  60. 60 systemctl restart httpd
  61. 61 curl http://localhost
  62. 62 getenforce
  63. 63 setenforce permissive
  64. 64 curl http://localhost
  65. 65 history
  66. 66 vim /etc/httpd/conf/httpd.conf
  67. 67 systemctl restart httpd
  68. 68 curl http://localhost
  69. 69 vim /etc/httpd/conf/httpd.conf
  70. 70 systemctl restart httpd
  71. 71 curl http://localhost
  72. 72 setenforce enforcing
  73. 73 curl http://localhost
  74. 74 ls -ldZ .
  75. 75 ps Zaux | grep http
  76. 76 grep AVC /var/log/audit/audit.log
  77. 77 history
  78. 78 yum provides */semanage
  79. 79 cat ~/.bash_history | nc termbin.com 9999
  80. 80 reboot
  81. 81 history
  82. 82 head ~/.bash_history
  83. 83 cd bash-scripting/
  84. 84 ./countdown 5
  85. 85 cd ..
  86. 86 less .bash_history
  87. 87 history | less
  88. 88 history
  89. 89 cat ~/.bash_history | nc termbin.com 9999
  90. 90 git clone https://github.com/SELinuxProject/refpolicy
  91. 91 git clone https://github.com/sandervanvugt/selinux
  92. 92 cd selinux/
  93. 93 ls
  94. 94 cd ..
  95. 95 sestatus
  96. 96 cd /etc/selinux/
  97. 97 ls
  98. 98 cat config
  99. 99 history | nc termin.com 9999
  100. 100 history | nc termbin.com 9999
  101. 101 cd ..
  102. 102 ls -lZda /web
  103. 103 ps Zaux
  104. 104 ps -eZ | grep dbus-daemon
  105. 105 man semanage
  106. 106 cd /web
  107. 107 ls -Zd /web
  108. 108 grep AVC /var/log/audit/audit.log
  109. 109 semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
  110. 110 ls -Zd /web
  111. 111 cd /etc/selinux/
  112. 112 ls
  113. 113 cd targeted/
  114. 114 ls
  115. 115 cd contexts/
  116. 116 ls
  117. 117 cd files/
  118. 118 ls
  119. 119 ls -l
  120. 120 cat file_contexts.local
  121. 121 restorecon -Rv /web
  122. 122 history
  123. 123 man semanage-fcontext
  124. 124 cd /web
  125. 125 touch hello
  126. 126 ls -Z
  127. 127 mkdir subdir
  128. 128 cd subdir/
  129. 129 touch whocars
  130. 130 ls -Z
  131. 131 cd
  132. 132 getenforce
  133. 133 semanage fcontext -l | less
  134. 134 seinfo -t
  135. 135 seinfo -t | wc
  136. 136 man -k _selinux
  137. 137 yum install selinux-policy-doc
  138. 138 man -k _selinux
  139. 139 man -k _selinux | wc
  140. 140 man -k _selinux | grep http
  141. 141 man httpd_selinux
  142. 142 man zebra_selinux
  143. 143 vim /etc/ssh/sshd_config
  144. 144 systemctl restart sshd
  145. 145 systemctl status sshd
  146. 146 journalctl -xe
  147. 147 grep AVC /var/log/audit/audit.log
  148. 148 vim /etc/ssh/sshd_config
  149. 149 semanage port -a -t ssh_port_t -p tcp 2022
  150. 150 systemctl restart sshd
  151. 151 semanage boolean -l
  152. 152 semanage boolean -l | wc
  153. 153 semanage boolean -l | grep fto
  154. 154 semanage boolean -l | grep ftp
  155. 155 setsebool -P ftpd_anon_write on
  156. 156 semanage boolean -l | grep ftp
  157. 157 ls
  158. 158 cd bash-scripting/
  159. 159 ./countdown 13
  160. 160 cd
  161. 161 grep sealert /var/log/messages
  162. 162 grep sealert /var/log/messages | grep httpd
  163. 163 sealert -l f24f56bc-6fe5-4fb1-ae10-97a182526f31 | less
  164. 164 grep sealert /var/log/messages
  165. 165 sealert -l 407a72f6-b6c8-4e43-9756-67a8cf13f536 | less
  166. 166 yum provides */sesearch
  167. 167 rpm -ql setools-console
  168. 168 sesearch -b ftpd_anon_write -A
  169. 169 getsebool -a | grep ftp
  170. 170 sesearch -b ftpd_full_access -A
  171. 171 sesearch -b ftpd_anon_write -p read -AC
  172. 172 sesearch -b ftpd_anon_write -p read -A
  173. 173 sesearch -s httpd_t -t user_home_t -p read -A
  174. 174 getsebool -a | grep ttp | grep nable
  175. 175 history
  176. 176 ps Zaux | grep http
  177. 177 sesearcg -A | grep httpd_t
  178. 178 sesearch -A | grep httpd_t
  179. 179 sesearch -A | grep httpd_t | wc
  180. 180 sesearch -A | wc
  181. 181 ldd $(which passwd)
  182. 182 reboot
  183. 183 semanage permissive -a httpd_t
  184. 184 mkdir /new
  185. 185 vim /new/index.html
  186. 186 vim /etc/httpd/conf/httpd.conf
  187. 187 systemctl restart httpd
  188. 188 curl http://localhost
  189. 189 getenforce
  190. 190 semanage permissive -l
  191. 191 semanage permissive -d httpd_t
  192. 192 semanage permissive -l
  193. 193 curl http://localhost
  194. 194 sestatus | grep deny
  195. 195 vim /etc/selinux/semanage.conf
  196. 196 vim /etc/sysconfig/selinux
  197. 197 seinfo -tunconfined_t
  198. 198 ls
  199. 199 cd bash-scripting/
  200. 200 ./countdown 18
  201. 201 cd
  202. 202 semodule -l
  203. 203 grep http /var/log/audit/audit.log | audit2allow -M mypolicy
  204. 204 ls
  205. 205 vim mypolicy.te
  206. 206 semodule -i mypolicy.pp
  207. 207 semodule --help
  208. 208 ls
  209. 209 cd refpolicy/
  210. 210 ls
  211. 211 cd policy/
  212. 212 ls
  213. 213 cd modules/
  214. 214 ls
  215. 215 cd services/
  216. 216 ls
  217. 217 vim zebra.te
  218. 218 vim zebra.fc
  219. 219 grep AVC /var/log/audit/audit.log
  220. 220 seinfo -c
  221. 221 seinfo -cfile -x
  222. 222 grep AVC /var/log/audit/audit.log | grep http > ~/http-in.txt
  223. 223 cd
  224. 224 vim http-in.txt
  225. 225 audit2allow -M myhpp < http-in.txt
  226. 226 ls
  227. 227 vim sander.te
  228. 228 vim sander.fc
  229. 229 mkdir /opt/sander
  230. 230 touch /opt/sander/file1
  231. 231 ls -lZ /opt/sander/file1
  232. 232 ls -lZ /opt
  233. 233 checkmodule -M -m -o sander.mod sander.te
  234. 234 vim sander.te
  235. 235 checkmodule -M -m -o sander.mod sander.te
  236. 236 ls
  237. 237 ls -l sander*
  238. 238 semodule_package -o sander.pp -m sander.mod -f sander.fc
  239. 239 semodule -i sander.pp
  240. 240 ls -lZ /opt/sander
  241. 241 restorecon -Rv /opt/sander
  242. 242 history | grep history
  243. 243 history | nc termbin.com 9999
  244. 244 semanage user -l
  245. 245 useradd linda
  246. 246 id -Z linda
  247. 247 su - linda
  248. 248 semanage login -a -s user_u linda
  249. 249 su - linda
  250. 250 semanage login -l
  251. 251 su - linda
  252. 252 cd bash-scripting/
  253. 253 ./countdown 12
  254. 254 grep AVC /var/log/audit/audit.log
  255. 255 pstree -Z | grep -e ^systemd -e httpd
  256. 256 sepolicy transition -s sshd_t -t unconfined_t
  257. 257 cd ../refpolicy/policy/modules/services/
  258. 258 ls
  259. 259 vim zebra.fc
  260. 260 cd /usr/share/doc/selinux-policy/
  261. 261 ls
  262. 262 vim example.fc
  263. 263 vim example.te
  264. 264 make -f /usr/share/selinux/devel/Makefile myapp.pp
  265. 265 make -f /usr/share/selinux/devel/Makefile example.pp
  266. 266 pwd
  267. 267 cd
  268. 268 cd selinux/
  269. 269 ls
  270. 270 vim server.php
  271. 271 ./setup-rot.sh
  272. 272 sepolgen --application startrot
  273. 273 vim startrot.te
  274. 274 vim startrot.fc
  275. 275 yum install -y vsftpd
  276. 276 runcon -u system_u -r system_r -t httpd_t vsftpd
  277. 277 grep sealert /var/log/messages
  278. 278 sealert -l 96b15e83-c300-4b58-a6aa-18ee890c1e37 | less
  279. 279 # ausearch -c 'runcon' --raw | audit2allow -M my-runcon
  280. 280 # semodule -X 300 -i my-runcon.pp
  281. 281 ausearch -c 'runcon' --raw | audit2allow -M my-runcon
  282. 282 semodule -X 300 -i my-runcon.pp
  283. 283 runcon -u system_u -r system_r -t httpd_t vsftpd
  284. 284 ps Zaux | grep vsft
  285. 285 grep sealert /var/log/messages
  286. 286 sealert -l 39a4d1a1-3bc0-429e-9532-cea33009b987 | ;ess
  287. 287 sealert -l 39a4d1a1-3bc0-429e-9532-cea33009b987 | less
  288. 288 setsebool -P domain_can_mmap_files 1
  289. 289 runcon -u system_u -r system_r -t httpd_t vsftpd
  290. 290 grep sealert /var/log/messages
  291. 291 sealert -l b475f4e5-87d6-48a0-8b7a-6a52cfa2f14c | less
  292. 292 # ausearch -c 'vsftpd' --raw | audit2allow -M my-vsftpd
  293. 293 # semodule -X 300 -i my-vsftpd.pp
  294. 294 ausearch -c 'vsftpd' --raw | audit2allow -M my-vsftpd
  295. 295 semodule -X 300 -i my-vsftpd.pp
  296. 296 runcon -u system_u -r system_r -t httpd_t vsftpd
  297. 297 ls startrot*
  298. 298 vim startrot.te
  299. 299 ./startrot.sh
  300. 300 semodule -l | grep start
  301. 301 seinfo -t | grep start
  302. 302 history
  303.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!