Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 1 dnf install -y git
- 2 git clone https://github.com/sandervanvugt/selinux
- 3 cd selinux/
- 4 ls
- 5 ./countdown 12
- 6 ./countdown 1
- 7 ./countdown 13
- 8 getenforce
- 9 dnf install -y httpd
- 10 systemctl enable --now httpd
- 11 ps Zaux
- 12 ls -Z /var/www
- 13 history
- 14 vim /etc/httpd/conf/httpd.conf
- 15 mkdir /web
- 16 vim /web/index.html
- 17 vim /var/www/html/index.html
- 18 systemctl restart httpd
- 19 systemctl status httpd
- 20 curl localhost
- 21 getenforce
- 22 setenforce permissive
- 23 curl localhost
- 24 getenforce
- 25 vim /etc/httpd/conf/httpd.conf
- 26 history
- 27 systemctl restart httpd
- 28 curl localhost
- 29 setenforce enforcing
- 30 curl localhost
- 31 ps Zaux | grep http
- 32 ls -dZ /web
- 33 history
- 34 grep AVC /var/log/audit/audit.log
- 35 date -d @1688561120
- 36 ls -dZ /var/www/html
- 37 ls -dZ /web
- 38 setenforce --help
- 39 man semanage-fcontext
- 40 semanage fcontext -a -t httpd_sys_content_t "/web(/.*)"
- 41 ls -Zd /web
- 42 cd /etc/selinux/targeted/contexts/files/
- 43 ls
- 44 less file_contexts.local
- 45 semanage fcontext -d -t httpd_sys_content_t "/web(/.*)"
- 46 less file_contexts.local
- 47 semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
- 48 restorecon -Rv /web
- 49 getenforce
- 50 curl localhost
- 51 history
- 52 semanage fcontext -l | grep http
- 53 man -k _selinux
- 54 dnf install selinux-policy-doc
- 55 man -k _selinux
- 56 man -k _selinux | wc -l
- 57 man -k _selinux | grep http
- 58 man httpd_selinux
- 59 history
- 60 dnf provides */sealert
- 61 systemctl status auditd
- 62 journalctl | grep sealert
- 63 sealert -l 3af5c81e-c389-4483-81ff-0c8aa8a2da0c | less
- 64 grep AVC /var/log/audit/audit.log
- 65 history
- 66 grep AVC /var/log/audit/audit.log
- 67 sealert
- 68 vim /etc/httpd/conf/httpd.conf
- 69 less /etc/services
- 70 systemctl restart httpd
- 71 hello
- 72 systemctl status httpd
- 73 setenforce permissive
- 74 systemctl restart httpd
- 75 setenforce enforcing
- 76 grep AVC /var/log/audit/audit.log
- 77 journalctl | grep sealert
- 78 sealert -l c0713a6c-060b-442a-bf51-ab8e6930eb4f | less
- 79 semanage port -a -t http_port_t -p tcp 82
- 80 getenforce
- 81 systemctl restart httpd
- 82 netstat -Ztulpen
- 83 history
- 84 ss -Ztuna
- 85 ls -Zd /web
- 86 chcon -t public_content_rw_t "/web(/.*)?"
- 87 chcon -t public_content_rw_t /web
- 88 ls -Zd /web
- 89 restorecon -R /web
- 90 ls -Zd /web
- 91 getsebool -a
- 92 semanage boolean -l
- 93 setsebool xen_use_nfs on
- 94 semanage boolean -l
- 95 setsebool -P xen_use_nfs on
- 96 dnf install -y vsftpd
- 97 vim /etc/vsftpd/vsftpd.conf
- 98 systemctl restart vsftpd
- 99 dnf install -y lftp
- 100 lftp localhost
- 101 setenforce 0
- 102 getenforce
- 103 lftp localhost
- 104 find / -name "pub" -t d
- 105 find / -name "pub" -type d
- 106 ls -ldZ /var/ftp/pub
- 107 chmod -R 777 /var/ftp/pub
- 108 lftp localhost
- 109 grep AVC /var/log/audit/audit.log
- 110 journalctl | grep sealert
- 111 sealert -l 30b9ec88-a73a-48aa-87db-6894559fcc97 | less
- 112 # semanage fcontext -a -t public_content_rw_t /pub/hosts
- 113 # restorecon -R -v /pub/hosts
- 114 # setsebool -P allow_ftpd_anon_write 1
- 115 semanage fcontext -a -t public_content_rw_t /pub/hosts
- 116 cat /etc/selinux/targeted/contexts/files/file_contexts.local
- 117 semanage fcontext -d -t public_content_rw_t /pub/hosts
- 118 semanage fcontext -d -t public_content_rw_t "/var/ftp/pub(/.*)?"
- 119 semanage fcontext - -t public_content_rw_t "/var/ftp/pub(/.*)?"
- 120 semanage fcontext -a -t public_content_rw_t "/var/ftp/pub(/.*)?"
- 121 restorecon -Rv /var/ftp/pub/
- 122 getsebool -a | grep ftp
- 123 cd
- 124 lftp localhost
- 125 getenforce
- 126 journalctl | grep sealert
- 127 sealert -l 30f386a4-b4d7-4a7a-91a9-c2b2ef5c2fb7 | less
- 128 setsebool -P ftpd_anon_write on
- 129 rm /var/ftp/pub/*
- 130 lftp localhost
- 131 setenforce enforcing
- 132 lftp localhost
- 133 history
- 134 seinfo | grep audit
- 135 grep AVC /var/log/audit/audit.log | tail -1
- 136 grep AVC /var/log/audit/audit.log | tail -1 | audit2why
- 137 grep AVC /var/log/audit/audit.log | tail -1 | audit2allow
- 138 ls -Zd /tmp
- 139 touch /tmp/testfile1
- 140 ls -Z /tmp/testfile1
- 141 semodule -l
- 142 semodule -l |wc
- 143 semodule -d zabbix
- 144 #semodule -i zabbix
- 145 seinfo -c
- 146 seinfo -c tcp_socket -x
- 147 seinfo -c socket -x
- 148 vim /etc/ssh/sshd_config
- 149 systemctl restart sshd
- 150 grep ssh /var/log/audit/audit.log | grep AVC
- 151 grep ssh /var/log/audit/audit.log | grep AVC | audit2allow -M mysshpolicy
- 152 ls mysshpolicy.*
- 153 vim mysshpolicy.te
- 154 semodule -i mysshpolicy.pp
- 155 semodule -d mysshpolicy.pp
- 156 semodule --help
- 157 semodule -r mysshpolicy.pp
- 158 reboot
- 159 cd selinux/
- 160 ./countdown 3
- 161 chvt 2
- 162 setsebool -P xdm_sysadm_login on
- 163 setsebool -P ssh_sysadm_login on
- 164 reboot
- 165 semanage permissive -l
- 166 seinfo -aunconfined_domain_type -x
- 167 runcon -t httpd_d sleep infinity
- 168 runcon -u unconfined_u -r unconfined_r -t httpd_d sleep infinity
- 169 cp /usr/lib/systemd/system/vsftpd.service /etc/systemd/system/
- 170 vim /etc/systemd/system/vsftpd.service
- 171 systemctl start vsftpd
- 172 ps Zaux | grep ftp
- 173 journalctl | grep sealert
- 174 sealert -l fa5566cf-7ced-43be-9376-e9032689ba1d
- 175 ausearch -c 'runcon' --raw | audit2allow -M my-runcon
- 176 semodule -i my-runcon.pp
- 177 systemctl restart vsftpd
- 178 dnf install -y policycoreutils-devel
- 179 cd selinux/
- 180 ls
- 181 vim mydaemon.c
- 182 gcc -o mydaemon mydaemon.c
- 183 cp mydaemon /usr/local/bin/
- 184 cp mydaemon.service /etc/systemd/system
- 185 vim mydaemon.service
- 186 systemctl start mydaemon
- 187 ps Zaux | grep mydae
- 188 sepolicy generate --init /usr/local/bin/mydaemon
- 189 ./mydaemon.sh
- 190 systemctl restart mydaemon
- 191 ps Zaux | grep mydae
- 192 sealert -l "*"
- 193 ausearch -m AVC -ts recent | audit2allow -R
- 194 echo logging_rw_generic_logs(mydaemon_t) >> mydaemon.te
- 195 echo 'logging_rw_generic_logs(mydaemon_t)' >> mydaemon.te
- 196 ./mydaemon.sh
- 197 sudo sesearch -m AVC -ts recent
- 198 sesearch -m AVC -ts recent
- 199 sesearch -m AVC
- 200 grep AVC /var/log/audit/audit.log
- 201 date -d @1688575575
- 202 history
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement