API tools faq
paste
Advertisement
sandervanvugt

selinux july21

sandervanvugt
Jul 12th, 2021
149
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.40 KB | None | 0 0
raw download clone embed print report
  1. [root@rh selinux]# history
  2. 1 dnf install -y httpd
  3. 2 systemctl enable --now httpd
  4. 3 ls -Zd /var/www/html/
  5. 4 ls -Z /var/www/html/
  6. 5 ls -Zd /var/www/html/
  7. 6 ps -Zaux | grep http
  8. 7 cd /home
  9. 8 ls -Z
  10. 9 cd
  11. 10 mkdir /web
  12. 11 vim /web/index.html
  13. 12 vim /etc/httpd/conf/httpd.conf
  14. 13 systemctl restart httpd
  15. 14 curl http://localhost
  16. 15 getenforce
  17. 16 setenforce permissive
  18. 17 getenforce
  19. 18 curl http://localhost
  20. 19 vim /etc/httpd/conf/httpd.conf
  21. 20 systemctl restart httpd
  22. 21 getenforce
  23. 22 curl http://localhost
  24. 23 getenforce
  25. 24 setenforce enforcing
  26. 25 curl http://localhost
  27. 26 grep AVC /var/log/audit/audit.log
  28. 27 yum install -y git
  29. 28 git clone https://github.com/sandervanvugt/selinux
  30. 29 cd selinux/
  31. 30 ls
  32. 31 cd ..
  33. 32 git clone https://github.com/sandervanvugt/luth
  34. 33 luth/countdown 12
  35. 34 history
  36. 35 systemctl status auditd
  37. 36 ls -lZ /web
  38. 37 ps Zaux | grep http
  39. 38 ls -Zd /var/www
  40. 39 ls -Z /var/www
  41. 40 semanage --help | less
  42. 41 man semanage-fcontext
  43. 42 semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
  44. 43 ls -ldZ /web
  45. 44 restorecon -Rv /web
  46. 45 setenforce enforcing
  47. 46 curl http://localhost
  48. 47 cat /etc/selinux/config
  49. 48 git clone https://github.com/SELinuxProject/refpolicy
  50. 49 sestatus
  51. 50 ps Zaux | less
  52. 51 ps aux | grep dbus-dae
  53. 52 ps Zaux | grep dbus-dae
  54. 53 cd /var/www/
  55. 54 ls
  56. 55 ls -Z
  57. 56 cd
  58. 57 luth/countdown 12
  59. 58 semanage fcontext -l
  60. 59 semanage fcontext -l | wc
  61. 60 semanage fcontext -l | grep http
  62. 61 seinfo -t
  63. 62 seinfo -t | wc
  64. 63 seinfo -t | grep http
  65. 64 man -k _selinux
  66. 65 dnf install selinux-policy-doc
  67. 66 mandb
  68. 67 man -k _selinux
  69. 68 man -k _selinux | wc
  70. 69 man -k _selinux | grep http
  71. 70 vim /etc/ssh/sshd_config
  72. 71 systemctl restart sshd
  73. 72 systemctl status sshd.service
  74. 73 grep AVC /var/log/audit/audit.log
  75. 74 vim /etc/ssh/sshd_config
  76. 75 man semanage-port
  77. 76 semanage port -a -t ssh_port_t -p tcp 2022
  78. 77 systemctl restart sshd
  79. 78 systemctl status sshd
  80. 79 vim /etc/ssh/sshd_config
  81. 80 systemctl restart sshd
  82. 81 getsebool -a
  83. 82 getsebool -a |wc
  84. 83 getsebool -a | grep vsftp
  85. 84 getsebool -a | grep ftp
  86. 85 setsebool -P ftpd_use_cifs on
  87. 86 journalctl | grep sealert
  88. 87 sealert -l a81809fc-4cf5-4e40-8919-011c53414f68 | less
  89. 88 journalctl | grep sealert
  90. 89 sealert -l 2610c5b2-10af-4596-b07f-faa3a18ba593 | less
  91. 90 ls -lZ /etc/passwd
  92. 91 yum install vsftpd
  93. 92 yum install lftp
  94. 93 vim /etc/vsftpd/vsftpd.conf
  95. 94 systemctl restart vsftpd
  96. 95 lftp localhost
  97. 96 chmod 777 /var/ftp/pub/
  98. 97 lftp localhost
  99. 98 grep AVC /var/log/audit/audit.log
  100. 99 journalctl | grep sealert
  101. 100 sealert -l 27d26ac4-9e13-487e-aadf-5a776dbb2c9c | less
  102. 101 # semanage fcontext -a -t public_content_rw_t pub
  103. 102 # restorecon -R -v pub
  104. 103 # setsebool -P allow_ftpd_anon_write 1
  105. 104 cd /var/ftp
  106. 105 semanage fcontext -a -t public_content_rw_t pub
  107. 106 restorecon -R -v pub
  108. 107 setsebool -P allow_ftpd_anon_write 1
  109. 108 lftp localhost
  110. 109 systemctl restart vsftpd
  111. 110 lftp localhost
  112. 111 cd
  113. 112 luth/countdown 18
  114. 113 grep AVC /var/log/audit/audit.log
  115. 114 journalctl | grep sealert
  116. 115 history
  117. 116 ls -dZ /var/ftp/pub
  118. 117 semanage fcontext -a -t public_content_rw_t /var/ftp/pub
  119. 118 restorecon -Rv /var/ftp/pub
  120. 119 ls -dZ /var/ftp/pub
  121. 120 journalctl | grep sealert
  122. 121 sealert -l 27d26ac4-9e13-487e-aadf-5a776dbb2c9c | less
  123. 122 lftp localhost
  124. 123 cd /etc/selinux/
  125. 124 ls
  126. 125 cd targeted/
  127. 126 ls
  128. 127 cd contexts/
  129. 128 ls
  130. 129 cd files/
  131. 130 ls
  132. 131 cat file_contexts.local
  133. 132 man semanage-fcontext
  134. 133 semanage fcontext -d -t public_content_rw_t pub
  135. 134 ls
  136. 135 cat file_contexts.local
  137. 136 cd
  138. 137 podman run -d quay.io/bitnami/nginx
  139. 138 ps fax
  140. 139 ps faxZ
  141. 140 mkdir -p /srv/dbfiles
  142. 141 chown -R 27:27 /srv/dbfiles
  143. 142 #podman run -d -v /srv/dbfiles:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=password registry.access.redhat.com/rhscl/mysql-57-rhel7
  144. 143 podman login reigstry.access.redhat.com
  145. 144 podman login registry.access.redhat.com
  146. 145 podman run -d -v /srv/dbfiles:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=password registry.access.redhat.com/rhscl/mysql-57-rhel7
  147. 146 podman ps
  148. 147 podman ps -a
  149. 148 grep AVC /var/log/audit/audit.log
  150. 149 journalctl | grep sealert
  151. 150 sealert -l b6739b67-2951-455c-8a99-3dfa2df110a9 | less
  152. 151 semanage fcontext -a -t container_file_t "/srv/dbfiles(/.*)?"
  153. 152 restorecon -Rv /srv/dbfiles/
  154. 153 podman ps -a
  155. 154 podman rm xenodochial_chebyshev
  156. 155 podman run -d -v /srv/dbfiles:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=password registry.access.redhat.com/rhscl/mysql-57-rhel7
  157. 156 podman ps
  158. 157 cd /srv/dbfiles/
  159. 158 ls -Z
  160. 159 cd
  161. 160 getsebool -a | grep ftp
  162. 161 sesearch -b ftpd_anon_write -A
  163. 162 sesearch -b ftpd_full_access -A
  164. 163 ldd $(which httpd)
  165. 164 seinfo -tunconfined_t
  166. 165 seinfo -aunconfined_domain_type -x
  167. 166 semodule -l | less
  168. 167 grep http /var/log/audit/audit.log > httplog.txt
  169. 168 vim httplog.txt
  170. 169 grep http /var/log/audit/audit.log | grep AVC > httplog.txt
  171. 170 vim httplog.txt
  172. 171 cat httplog.txt | audit2allow -M mymodule
  173. 172 ls
  174. 173 vim mymodule.
  175. 174 vim mymodule.te
  176. 175 semodule -i mymodule.pp
  177. 176 semodule -d mymodule.pp
  178. 177 semodule --help
  179. 178 luth/countdown 12
  180. 179 vim sander.te
  181. 180 vim sander.fc
  182. 181 checkmodule -M -m -o sander.mod sander.te
  183. 182 semodule_package -o sander.pp -m sander.mod -f sander.fc
  184. 183 semodule -o sander.pp
  185. 184 semodule -i sander.pp
  186. 185 mkdir /opt/sander
  187. 186 restorecon -Rv /opt/sander/
  188. 187 semanage user -l
  189. 188 useradd linda
  190. 189 passwd linda
  191. 190 useradd -Z sysadm_u -G wheel lisa
  192. 191 semanage login -a -s user_u linda
  193. 192 semanage login -l
  194. 193 cd selinux/
  195. 194 ls
  196. 195 ./setup-rot.sh
  197. 196 ls
  198. 197 vim startrot13
  199. 198 vim rot13.service
  200. 199 sepolgen --application startrot13
  201. 200 vim startrot13.te
  202. 201 ls
  203. 202 ./startrot13
  204. 203 ls
  205. 204 ./startrot13.sh
  206. 205 seinfo -t | grep start
  207.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!