API tools faq
paste
Advertisement
sandervanvugt

selinux july23

sandervanvugt
Jul 5th, 2023
56
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.58 KB | None | 0 0
raw download clone embed print report
  1. 1 dnf install -y git
  2. 2 git clone https://github.com/sandervanvugt/selinux
  3. 3 cd selinux/
  4. 4 ls
  5. 5 ./countdown 12
  6. 6 ./countdown 1
  7. 7 ./countdown 13
  8. 8 getenforce
  9. 9 dnf install -y httpd
  10. 10 systemctl enable --now httpd
  11. 11 ps Zaux
  12. 12 ls -Z /var/www
  13. 13 history
  14. 14 vim /etc/httpd/conf/httpd.conf
  15. 15 mkdir /web
  16. 16 vim /web/index.html
  17. 17 vim /var/www/html/index.html
  18. 18 systemctl restart httpd
  19. 19 systemctl status httpd
  20. 20 curl localhost
  21. 21 getenforce
  22. 22 setenforce permissive
  23. 23 curl localhost
  24. 24 getenforce
  25. 25 vim /etc/httpd/conf/httpd.conf
  26. 26 history
  27. 27 systemctl restart httpd
  28. 28 curl localhost
  29. 29 setenforce enforcing
  30. 30 curl localhost
  31. 31 ps Zaux | grep http
  32. 32 ls -dZ /web
  33. 33 history
  34. 34 grep AVC /var/log/audit/audit.log
  35. 35 date -d @1688561120
  36. 36 ls -dZ /var/www/html
  37. 37 ls -dZ /web
  38. 38 setenforce --help
  39. 39 man semanage-fcontext
  40. 40 semanage fcontext -a -t httpd_sys_content_t "/web(/.*)"
  41. 41 ls -Zd /web
  42. 42 cd /etc/selinux/targeted/contexts/files/
  43. 43 ls
  44. 44 less file_contexts.local
  45. 45 semanage fcontext -d -t httpd_sys_content_t "/web(/.*)"
  46. 46 less file_contexts.local
  47. 47 semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
  48. 48 restorecon -Rv /web
  49. 49 getenforce
  50. 50 curl localhost
  51. 51 history
  52. 52 semanage fcontext -l | grep http
  53. 53 man -k _selinux
  54. 54 dnf install selinux-policy-doc
  55. 55 man -k _selinux
  56. 56 man -k _selinux | wc -l
  57. 57 man -k _selinux | grep http
  58. 58 man httpd_selinux
  59. 59 history
  60. 60 dnf provides */sealert
  61. 61 systemctl status auditd
  62. 62 journalctl | grep sealert
  63. 63 sealert -l 3af5c81e-c389-4483-81ff-0c8aa8a2da0c | less
  64. 64 grep AVC /var/log/audit/audit.log
  65. 65 history
  66. 66 grep AVC /var/log/audit/audit.log
  67. 67 sealert
  68. 68 vim /etc/httpd/conf/httpd.conf
  69. 69 less /etc/services
  70. 70 systemctl restart httpd
  71. 71 hello
  72. 72 systemctl status httpd
  73. 73 setenforce permissive
  74. 74 systemctl restart httpd
  75. 75 setenforce enforcing
  76. 76 grep AVC /var/log/audit/audit.log
  77. 77 journalctl | grep sealert
  78. 78 sealert -l c0713a6c-060b-442a-bf51-ab8e6930eb4f | less
  79. 79 semanage port -a -t http_port_t -p tcp 82
  80. 80 getenforce
  81. 81 systemctl restart httpd
  82. 82 netstat -Ztulpen
  83. 83 history
  84. 84 ss -Ztuna
  85. 85 ls -Zd /web
  86. 86 chcon -t public_content_rw_t "/web(/.*)?"
  87. 87 chcon -t public_content_rw_t /web
  88. 88 ls -Zd /web
  89. 89 restorecon -R /web
  90. 90 ls -Zd /web
  91. 91 getsebool -a
  92. 92 semanage boolean -l
  93. 93 setsebool xen_use_nfs on
  94. 94 semanage boolean -l
  95. 95 setsebool -P xen_use_nfs on
  96. 96 dnf install -y vsftpd
  97. 97 vim /etc/vsftpd/vsftpd.conf
  98. 98 systemctl restart vsftpd
  99. 99 dnf install -y lftp
  100. 100 lftp localhost
  101. 101 setenforce 0
  102. 102 getenforce
  103. 103 lftp localhost
  104. 104 find / -name "pub" -t d
  105. 105 find / -name "pub" -type d
  106. 106 ls -ldZ /var/ftp/pub
  107. 107 chmod -R 777 /var/ftp/pub
  108. 108 lftp localhost
  109. 109 grep AVC /var/log/audit/audit.log
  110. 110 journalctl | grep sealert
  111. 111 sealert -l 30b9ec88-a73a-48aa-87db-6894559fcc97 | less
  112. 112 # semanage fcontext -a -t public_content_rw_t /pub/hosts
  113. 113 # restorecon -R -v /pub/hosts
  114. 114 # setsebool -P allow_ftpd_anon_write 1
  115. 115 semanage fcontext -a -t public_content_rw_t /pub/hosts
  116. 116 cat /etc/selinux/targeted/contexts/files/file_contexts.local
  117. 117 semanage fcontext -d -t public_content_rw_t /pub/hosts
  118. 118 semanage fcontext -d -t public_content_rw_t "/var/ftp/pub(/.*)?"
  119. 119 semanage fcontext - -t public_content_rw_t "/var/ftp/pub(/.*)?"
  120. 120 semanage fcontext -a -t public_content_rw_t "/var/ftp/pub(/.*)?"
  121. 121 restorecon -Rv /var/ftp/pub/
  122. 122 getsebool -a | grep ftp
  123. 123 cd
  124. 124 lftp localhost
  125. 125 getenforce
  126. 126 journalctl | grep sealert
  127. 127 sealert -l 30f386a4-b4d7-4a7a-91a9-c2b2ef5c2fb7 | less
  128. 128 setsebool -P ftpd_anon_write on
  129. 129 rm /var/ftp/pub/*
  130. 130 lftp localhost
  131. 131 setenforce enforcing
  132. 132 lftp localhost
  133. 133 history
  134. 134 seinfo | grep audit
  135. 135 grep AVC /var/log/audit/audit.log | tail -1
  136. 136 grep AVC /var/log/audit/audit.log | tail -1 | audit2why
  137. 137 grep AVC /var/log/audit/audit.log | tail -1 | audit2allow
  138. 138 ls -Zd /tmp
  139. 139 touch /tmp/testfile1
  140. 140 ls -Z /tmp/testfile1
  141. 141 semodule -l
  142. 142 semodule -l |wc
  143. 143 semodule -d zabbix
  144. 144 #semodule -i zabbix
  145. 145 seinfo -c
  146. 146 seinfo -c tcp_socket -x
  147. 147 seinfo -c socket -x
  148. 148 vim /etc/ssh/sshd_config
  149. 149 systemctl restart sshd
  150. 150 grep ssh /var/log/audit/audit.log | grep AVC
  151. 151 grep ssh /var/log/audit/audit.log | grep AVC | audit2allow -M mysshpolicy
  152. 152 ls mysshpolicy.*
  153. 153 vim mysshpolicy.te
  154. 154 semodule -i mysshpolicy.pp
  155. 155 semodule -d mysshpolicy.pp
  156. 156 semodule --help
  157. 157 semodule -r mysshpolicy.pp
  158. 158 reboot
  159. 159 cd selinux/
  160. 160 ./countdown 3
  161. 161 chvt 2
  162. 162 setsebool -P xdm_sysadm_login on
  163. 163 setsebool -P ssh_sysadm_login on
  164. 164 reboot
  165. 165 semanage permissive -l
  166. 166 seinfo -aunconfined_domain_type -x
  167. 167 runcon -t httpd_d sleep infinity
  168. 168 runcon -u unconfined_u -r unconfined_r -t httpd_d sleep infinity
  169. 169 cp /usr/lib/systemd/system/vsftpd.service /etc/systemd/system/
  170. 170 vim /etc/systemd/system/vsftpd.service
  171. 171 systemctl start vsftpd
  172. 172 ps Zaux | grep ftp
  173. 173 journalctl | grep sealert
  174. 174 sealert -l fa5566cf-7ced-43be-9376-e9032689ba1d
  175. 175 ausearch -c 'runcon' --raw | audit2allow -M my-runcon
  176. 176 semodule -i my-runcon.pp
  177. 177 systemctl restart vsftpd
  178. 178 dnf install -y policycoreutils-devel
  179. 179 cd selinux/
  180. 180 ls
  181. 181 vim mydaemon.c
  182. 182 gcc -o mydaemon mydaemon.c
  183. 183 cp mydaemon /usr/local/bin/
  184. 184 cp mydaemon.service /etc/systemd/system
  185. 185 vim mydaemon.service
  186. 186 systemctl start mydaemon
  187. 187 ps Zaux | grep mydae
  188. 188 sepolicy generate --init /usr/local/bin/mydaemon
  189. 189 ./mydaemon.sh
  190. 190 systemctl restart mydaemon
  191. 191 ps Zaux | grep mydae
  192. 192 sealert -l "*"
  193. 193 ausearch -m AVC -ts recent | audit2allow -R
  194. 194 echo logging_rw_generic_logs(mydaemon_t) >> mydaemon.te
  195. 195 echo 'logging_rw_generic_logs(mydaemon_t)' >> mydaemon.te
  196. 196 ./mydaemon.sh
  197. 197 sudo sesearch -m AVC -ts recent
  198. 198 sesearch -m AVC -ts recent
  199. 199 sesearch -m AVC
  200. 200 grep AVC /var/log/audit/audit.log
  201. 201 date -d @1688575575
  202. 202 history
  203.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!