Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [root@localhost selinux]# history
- 1 cd selinux/
- 2 ./countdown 18
- 3 getenforce
- 4 dnf install -y httpd
- 5 systemctl enable --now httpd
- 6 ps Zaux | grep http
- 7 ls -Z /var/www
- 8 history
- 9 getenforce
- 10 mkdir /web
- 11 vim /web/index.html
- 12 vim /etc/httpd/conf/httpd.conf
- 13 systemctl restart httpd
- 14 curl http://localhost
- 15 setenforce 0
- 16 getenforce
- 17 curl http://localhost
- 18 vim /etc/httpd/conf/httpd.conf
- 19 systemctl restart httpd
- 20 curl http://localhost
- 21 getenforce
- 22 setenforce enforcing
- 23 curl http://localhost
- 24 grep AVC /var/log/audit/audit.log
- 25 history
- 26 grep AVC /var/log/audit/audit.log | tail -1
- 27 date -d
- 28 date -d -- 1663850760
- 29 ausearch -i
- 30 date -d '@1663850760'
- 31 dnf install -y git
- 32 git clone https://github.com/SELinuxProject/refpolicy
- 33 cd refpolicy/
- 34 ls
- 35 cd policy/
- 36 ls
- 37 cd modules/
- 38 ls
- 39 cd system/
- 40 ls
- 41 history
- 42 sestatus
- 43 cd
- 44 git clone https://github.com/sandervanvugt/selinux
- 45 cd selinux/
- 46 ./countdown 13
- 47 history
- 48 ps Zaux
- 49 ps -eZ | grep dbus-daemon
- 50 ps -eZ | grep dbus
- 51 ps -efuZ | grep dbus
- 52 hello
- 53 history
- 54 ls -lZ /web
- 55 ls -lZd /web
- 56 ls -Z /var/www
- 57 semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
- 58 ls -lZd /web
- 59 cd /etc/selinux/targeted/
- 60 ls
- 61 cd contexts/
- 62 ls
- 63 cd files/
- 64 ls
- 65 cat file_contexts.local
- 66 restorecon -Rv /web
- 67 ls -lZd /web
- 68 setenforce
- 69 getenforce
- 70 curl http://localhost
- 71 history
- 72 dnf install selinux-policy-doc
- 73 man -k _selinux
- 74 man -k _selinux | wc
- 75 man -k _selinux | grep httpd
- 76 man httpd_selinux
- 77 semanage fcontext -l
- 78 semanage fcontext -l | wc
- 79 semanage fcontext -l | grep http
- 80 seinfo -t
- 81 seinfo -t | wc
- 82 vim /etc/ssh/sshd_config
- 83 semanage port -a -t ssh_port_t -p tcp 2022
- 84 man semanage-port
- 85 man semanage-fcontext
- 86 getsebool -a
- 87 getsebool -a | wc
- 88 getsebool -a | grep ftp
- 89 dnf install vsftpd
- 90 vim /etc/vsftpd/vsftpd.conf
- 91 getsebool -a | grep ftp
- 92 setsebool -P ftpd_anon_write on
- 93 sesearch -b ftpd_anon_write -A | less
- 94 systemctl status auditd
- 95 journalctl | grep sealert
- 96 sealert -l e95683a9-e0c2-4fa6-ab09-7e8aa1295e0a | less
- 97 semanage port -l -C
- 98 vim /etc/ssh/sshd_config
- 99 systemctl restart sshd
- 100 journalctl | grep sealert
- 101 sealert -l a470dd69-91a2-4113-a0d1-d8922dcc1596 | less
- 102 vim /etc/httpd/conf/httpd.conf
- 103 systemctl restart httpd
- 104 journalctl | grep sealert
- 105 sealert -l 93dc64a6-48f4-466a-a5e6-3b9e759a50af | less
- 106 semanage port -a -t http_port_t -p tcp 82
- 107 systemctl restart httpd
- 108 grep AVC /var/log/audit/audit.log
- 109 history
- 110 sealert -b
- 111 pwd
- 112 cd
- 113 cd selinux/
- 114 ./countdown 13
- 115 sesearch -s httpd_t -t user_home_t -p read -A
- 116 sesearch -A
- 117 sesearch -A | wc
- 118 sesearch -A | grep httpd_t
- 119 cd
- 120 cp /etc/hosts /tmp/hosts
- 121 ls -Z /etc/hosts /tmp/hosts
- 122 mv /tmp/hosts /var/www/html/
- 123 ls -Z /var/www/html/
- 124 curl http://localhost/hosts
- 125 vim /etc/httpd/conf/httpd.conf
- 126 echo default > /var/www/html/index.html
- 127 systemctl restart httpd
- 128 curl http://localhost
- 129 curl http://localhost/hosts
- 130 grep AVC /var/log/audit/audit.log
- 131 grep AVC /var/log/audit/audit.log | grep http
- 132 grep AVC /var/log/audit/audit.log | grep http | grep hosts
- 133 dnf install -y setools-console
- 134 sesearch -A | grep httpd_t | grep user_tmp_t
- 135 history
- 136 semanage permissive -l
- 137 seinfo -tunconfined_t
- 138 seinfo -aunconfined_domain_type -x
- 139 semodule -l | less
- 140 semodule -l
- 141 semanage fcontext -l | grep zebra
- 142 semodule -d zebra
- 143 semanage fcontext -l | grep zebra
- 144 semodule -e zebra
- 145 semanage fcontext -l | grep zebra
- 146 journalctl -a | grep sealert
- 147 vim /etc/ssh/sshd_config
- 148 systemctl restart sshd
- 149 journalctl -a | grep sealert | grep http
- 150 sealert -l e95683a9-e0c2-4fa6-ab09-7e8aa1295e0a | less
- 151 #ausearch -c 'httpd' --raw | audit2allow -M my-httpd
- 152 ausearch -c httpd --raw
- 153 ausearch -c httpd --raw | grep AVC
- 154 sealert -l e95683a9-e0c2-4fa6-ab09-7e8aa1295e0a | less
- 155 ausearch -c 'httpd' --raw | audit2allow -M my-httpd
- 156 ls
- 157 vim my-httpd.te
- 158 grep AVC /var/log/audit/audit.log
- 159 grep AVC /var/log/audit/audit.log | grep http
- 160 seinfo -c
- 161 seinfo -cfile -x
- 162 vim sander.te
- 163 vim sander.fc
- 164 checkmodule -M -m -o sander.mod sander.te
- 165 semodule_package -o sander.pp -m sander.mod -f sander.fc
- 166 semodule -i sander.pp
- 167 mkdir /opt/sander
- 168 ls -Zd /opt/sander/
- 169 ls -Zd /opt
- 170 restorecon -Rv /opt/sander
- 171 cd selinux/
- 172 ./countdown 1
- 173 history
- 174 cat sander.te
- 175 cd ..
- 176 cat sander.te
- 177 cat sander.fc
- 178 dnf search setroubleshoot
- 179 dnf install -y setroubleshoot
- 180 sealert -b
- 181 dnf install -y container-tools
- 182 podman run --env container=podman -v /home:/home:ro -v /var/spool:/var/spool:rw -p 21:21 -it docker.io/redhat/ubi9 bash
- 183 podman run --security-opt label=type:ubi9pol.process --env container=podman -v /home:/home:ro -v /var/spool:/var/spool:rw -p 21:21 -it docker.io/redhat/ubi9 bash
- 184 exit
- 185 podman ps
- 186 podman inspect 51087a67dfc0 > ubi9.json
- 187 vim ubi9.json
- 188 udica -j ubi9.json ubi9pol
- 189 semodule -i ubi9pol.cil /usr/share/udica/templates/{base_container.cil,net_container.cil,home_container.cil}
- 190 exit
- 191 history
- 192 echo command 183 should be executed after command 189
- 193 ls
- 194 vim ubi9pol.cil
- 195 grep AVC /var/log/audit/audit.log | grep process
- 196 grep AVC /var/log/audit/audit.log
- 197 semanage user -l
- 198 seinfo -aselinux_unconfined_type -x
- 199 semanage login -l
- 200 semanage user -l
- 201 useradd linda
- 202 echo password | passwd --stdin linda
- 203 useradd -Z sysadm_u -G wheel lisa
- 204 echo password | passwd --stdin lisa
- 205 semanage login -a -s user_u linda
- 206 semanage login -l
- 207 ssh linda@localhost
- 208 semanage login -l
- 209 #semanage login -m -s sysadm_u root
- 210 semanage login -m -s user_u -r s0 __default__
- 211 semanage login -l
- 212 useradd anna
- 213 echo password | passwd --stdin anna
- 214 ssh anna@localhost
- 215 getsebool -a | grep user
- 216 getsebool -a | grep sysadm
- 217 setsebool -P ssh_sysadm_login on
- 218 setsebool -P xdm_sysadm_login on
- 219 semanage login -m -s sysadm_u root
- 220 semanage login -l
- 221 cd selinux/
- 222 ./countdown 13
- 223 semodule -l | grep virt
- 224 seinfo --type
- 225 seinfo --attribute
- 226 ls
- 227 cd ..
- 228 ls
- 229 vim sander.fc
- 230 cd refpolicy/policy/modules/services/
- 231 ls
- 232 vim cron.fc
- 233 cd
- 234 cd selinux/
- 235 ls
- 236 dnf install policycoreutils-devel setools-console gcc
- 237 vim mydaemon.c
- 238 gcc -o mydaemon mydaemon.c
- 239 ls
- 240 cp mydaemon /usr/local/bin/
- 241 cp mydaemon.service /etc/systemd/system/
- 242 vim mydaemon.service
- 243 systemctl start mydaemon
- 244 systemctl status mydaemon
- 245 ps Zaux | grep mydaemon
- 246 sepolicy generate --init /usr/local/bin/mydaemon
- 247 vim mydaemon.te
- 248 vim mydaemon.fc
- 249 ./mydaemon.sh
- 250 man mydaemon_selinux
- 251 man -k mydaemon
- 252 mandb
- 253 man mydaemon_selinux
- 254 systemctl restart mydaemon
- 255 ps Zaux | grep mydaemon
- 256 ausearch -m AVC -rs recent
- 257 ausearch -m AVC -ts recent
- 258 sealert -l "*"
- 259 vim mydaemon.te
- 260 ./mydaemon.sh
- 261 vim mydaemon.te
- 262 ./mydaemon.sh
- 263 semodule -d mydaemon
- 264 ./mydaemon.sh
- 265 systemctl status vsftpd
- 266 runcon -u system_u -r system_r -t httpd_t vsftpd
- 267 grep AVC /var/log/audit/audit.log
- 268 ausearch -c 'mydaemon' --raw | audit2allow -M my-mydaemon
- 269 semodule -X 300 -i my-mydaemon.pp
- 270 ./mydaemon.sh
- 271 ps Zaux | grep mydaemon
- 272 systemctl restart mydaemon
- 273 ps Zaux | grep mydaemon
- 274 systemctl status mydaemon
- 275 grep AVC /var/log/audit/audit.log
- 276 history
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement