API tools faq
paste
Advertisement
sandervanvugt

Untitled

sandervanvugt
Jun 25th, 2020
93
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.68 KB | None | 0 0
raw download clone embed print report
  1.  
  2. [root@localhost selinux]# history
  3. 1 yum install -y httpd
  4. 2 ls -l /var/www
  5. 3 ls -lZ /var/www
  6. 4 systemctl enable --now httpd
  7. 5 ps Zaux | grep http
  8. 6 ls -lZd /tmp
  9. 7 netstat -Ztuplen
  10. 8 mkdir /web
  11. 9 vim /web/index.html
  12. 10 vim /etc/httpd/conf/httpd.conf
  13. 11 systemctl restart httpd
  14. 12 curl http://localhost
  15. 13 getenforce
  16. 14 setenforce permissive
  17. 15 getenforce
  18. 16 curl http://localhost
  19. 17 vim /etc/httpd/conf/httpd.conf
  20. 18 systemctl restart httpd
  21. 19 curl http://localhost
  22. 20 setenforce enforcing
  23. 21 curl http://localhost
  24. 22 grep AVC /var/log/audit/audit.log
  25. 23 sestatus
  26. 24 yum install -y git
  27. 25 git clone https://github.com/sandervanvugt/selinux
  28. 26 ls selinux/
  29. 27 git clone https://github.com/sandervanvugt/luth
  30. 28 luth/countdown 12
  31. 29 ps Zaux
  32. 30 ps -eZ | grep dbus-daemon
  33. 31 ps -eZ | grep systemd
  34. 32 semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
  35. 33 ls -Zd /web
  36. 34 cd /etc/selinux/
  37. 35 ls
  38. 36 cd targeted/
  39. 37 ls
  40. 38 cd contexts/
  41. 39 ls
  42. 40 cd files/
  43. 41 ls
  44. 42 vim file_contexts.local
  45. 43 restorecon -Rv /web
  46. 44 setenforce enforcing
  47. 45 getenforce
  48. 46 curl http://localhost
  49. 47 ls -Z /var/www
  50. 48 semanage fcontext -l
  51. 49 semanage fcontext -l | wc
  52. 50 semanage fcontext -l | grep http
  53. 51 seinfo -t
  54. 52 seinfo -t | wc
  55. 53 seinfo -t | grep http
  56. 54 man -k _selinux
  57. 55 yum install selinux-policy-doc
  58. 56 man -k _selinux
  59. 57 man -k _selinux | grep vmware
  60. 58 vim /etc/ssh/sshd_config
  61. 59 systemctl restart sshd
  62. 60 systemctl status sshd
  63. 61 grep AVC /var/log/audit/audit.log
  64. 62 semanage port -a -t ssh_port_t -p tcp 2022
  65. 63 systemctl restart sshd
  66. 64 vim /etc/ssh/sshd_config
  67. 65 semanage port -a -t ssh_port_t -p tcp 443
  68. 66 semanage port -t | grep 443
  69. 67 semanage port -l | grep 443
  70. 68 semanage port -m -t ssh_port_t -p tcp 443
  71. 69 systemctl restart sshd
  72. 70 man semanage-fcontext
  73. 71 semanage fcontext -a -t tmp_t "/web(/.*)?"
  74. 72 pwd
  75. 73 cd ../../..
  76. 74 ls
  77. 75 cd
  78. 76 getsebool -a | wc
  79. 77 getsebool -a | less
  80. 78 setsebool ftpd_anon_write on -P
  81. 79 semanage boolean -l | grep ftpd_a
  82. 80 getsebool -a | grep kube
  83. 81 getsebool -a | grep conta
  84. 82 luth/countdown 12
  85. 83 ps aux | grep setrou
  86. 84 grep sealert /var/log/messages
  87. 85 sealert -l 7113ade3-c84d-4462-90c2-08e95597c5b8 | less
  88. 86 sesearch -b ftpd_anon_write -A
  89. 87 yum install -y vsftpd lftp
  90. 88 grep ftp /etc/passwd
  91. 89 cd /var/ftp
  92. 90 ls
  93. 91 ls -lZ
  94. 92 chmod 777 pub
  95. 93 getsebool -a | grep ftp
  96. 94 setsebool ftpd_anon_write on -P
  97. 95 ls -l
  98. 96 systemctl enable --now vsftpd
  99. 97 lftp localhost
  100. 98 vim /etc/vsftpd/vsftpd.conf
  101. 99 systemctl restart vsftpd
  102. 100 lftp localhost
  103. 101 setenforce permissive
  104. 102 lftp localhost
  105. 103 ls -Z
  106. 104 sesearch -b ftpd_anon_write -A
  107. 105 grep sealert /var/log/messages
  108. 106 sealert -l 966db3a6-0b20-4bce-99d9-e6ec08dc7fbd | less
  109. 107 cd /
  110. 108 lftp localhost
  111. 109 grep sealert /var/log/messages
  112. 110 sealert -l 966db3a6-0b20-4bce-99d9-e6ec08dc7fbd | less
  113. 111 sesearch -b ftpd_full_access -A
  114. 112 man 7 capabilities
  115. 113 sesearch -b ftpd_anon_write -p read -AC
  116. 114 sesearch -b ftpd_anon_write -p read -A
  117. 115 sesearch -s httpd_t -t user_home_t -p read -A
  118. 116 ps Zaux | grep http
  119. 117 sesearch -A | grep httpd_t
  120. 118 ldd $(which passwd)
  121. 119 ldd $(which httpd)
  122. 120 vim /etc/httpd/conf/httpd.conf
  123. 121 grep 81 /etc/services | less
  124. 122 systemctl restart httpd
  125. 123 systemctl status httpd
  126. 124 getenforce
  127. 125 setenforce enforcing
  128. 126 systemctl restart httpd
  129. 127 systemctl status httpd
  130. 128 systemctl stop httpd
  131. 129 systemctl start httpd
  132. 130 semanage port -l | grep http
  133. 131 vim /etc/httpd/conf/httpd.conf
  134. 132 systemctl restart httpd
  135. 133 systemctl status httpd
  136. 134 semanage permissive -l
  137. 135 semanage permissive -a httpd_t
  138. 136 semanage permissive -l
  139. 137 systemctl restart httpd
  140. 138 systemctl status httpd
  141. 139 semanage permissive -d httpd_t
  142. 140 systemctl status httpd
  143. 141 systemctl restart httpd
  144. 142 vim /etc/httpd/conf/httpd.conf
  145. 143 systemctl restart httpd
  146. 144 luth/countdown 20
  147. 145 cd
  148. 146 luth/countdown 20
  149. 147 semodule -l
  150. 148 semodule -l | wc
  151. 149 grep http /var/log/audit/audit.log | audit2allow -M mypolicy
  152. 150 ls mypolicy.*
  153. 151 vim mypolicy.te
  154. 152 seinfo -c | less
  155. 153 seinfo -cfile -x
  156. 154 grep AVC /var/log/audit/audit.log
  157. 155 grep http /var/log/audit/audit.log | grep AVC > httpavc.txt
  158. 156 vim httpavc.txt
  159. 157 cat httpavc.txt | audit2allow -M http_pol
  160. 158 ls
  161. 159 vim http_pol.te
  162. 160 vim sander.te
  163. 161 vim sander.fc
  164. 162 checkmodule -M -m -o sander.mod sander.te
  165. 163 vim sander.te
  166. 164 checkmodule -M -m -o sander.mod sander.te
  167. 165 semodule_package -o sander.pp -m sander.mod -f sander.fc
  168. 166 semodule -i sander.pp
  169. 167 mkdir /opt/sander
  170. 168 restorecon -Rv /opt/sander
  171. 169 cat sander.te
  172. 170 cat sander.fc
  173. 171 reboot
  174. 172 history
  175. 173 ls -a
  176. 174 cp .bash_history 4hourhistory
  177. 175 sesearch --dontaudit
  178. 176 sesearch --dontaudit | wc
  179. 177 sesearch -D -s sshd_t -d
  180. 178 sesearch -D -s sshd_t
  181. 179 sesearch -T
  182. 180 pstree -Z | grep -e '^systemd -e httpd'
  183. 181 pstree -Z | grep -e ^systemd -e httpd
  184. 182 luth/countdown 13
  185. 183 git clone https://github.com/SELinuxProject/refpolicy
  186. 184 cd refpolicy/
  187. 185 ls
  188. 186 cd policy/
  189. 187 ls
  190. 188 cd modules/
  191. 189 ls
  192. 190 ls */*.fc
  193. 191 cd /usr/share/doc/
  194. 192 ls
  195. 193 cd selinux-policy/
  196. 194 ls
  197. 195 vim example.te
  198. 196 vim example.fc
  199. 197 make -f /usr/share/selinux/devel/Makefile myapp.pp
  200. 198*
  201. 199 make -f Makefile.example myapp.pp
  202. 200 make -f /usr/share/doc/selinux-policy/Makefile.example myapp.pp
  203. 201 cd /usr/share/doc/selinux-policy/
  204. 202 ls
  205. 203 make -f Makefile.example example.pp
  206. 204 yum -qf /usr/share/selinux/targeted/include/Makefile
  207. 205 rpm -qf /usr/share/selinux/targeted/include/Makefile
  208. 206 cd
  209. 207 cd selinux/
  210. 208 ls
  211. 209 cat rot13.service
  212. 210 cat server.php
  213. 211 ./setup-rot.sh
  214. 212 sepolgen --application startrot
  215. 213 cat startrot.te
  216. 214 vim startrot.fc
  217. 215 ls
  218. 216 systemctl stop vsftpd
  219. 217 ps aux | grep ftp
  220. 218 runcon -u system_u -r system_r -t httpd_t vsftpd
  221. 219 vsftpd
  222. 220 killall vsftpd
  223. 221 which vsftpd
  224. 222 runcon --help
  225. 223 journactl
  226. 224 journalctl
  227. 225 grep sealert /var/log/messages
  228. 226 sealert -l 34a375bf-7083-45e8-b125-b0714087d24a | less
  229. 227 # ausearch -c 'runcon' --raw | audit2allow -M my-runcon
  230. 228 # semodule -X 300 -i my-runcon.pp
  231. 229 ausearch -c 'runcon' --raw | audit2allow -M my-runcon
  232. 230 semodule -X 300 -i my-runcon.pp
  233. 231 runcon --help
  234. 232 runcon -u system_u -r system_r -t httpd_t vsftpd
  235. 233 grep ftp /var/log/messages
  236. 234 grep sealert /var/log/messages
  237. 235 sealert -l def5c383-09e1-4881-8e4a-f69d7e08867f | less
  238. 236 setsebool -P domain_can_mmap_files 1
  239. 237 runcon -u system_u -r system_r -t httpd_t vsftpd
  240. 238 date
  241. 239 grep sealert /var/log/messages
  242. 240 setenforce 0
  243. 241 runcon -u system_u -r system_r -t httpd_t vsftpd
  244. 242 grep sealert /var/log/messages
  245. 243 ps Zaux | grep ftp
  246. 244 pwd
  247. 245 ls
  248. 246 sepolgen --application startrot
  249. 247 vim startrot.te
  250. 248 startrot.sh
  251. 249 ls
  252. 250 ./startrot.sh
  253. 251 ls -lZ startrot*
  254. 252 seinfo -t | grep start
  255. 253 history
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!