Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 1 dnf install -y httpd
- 2 systemctl enable --now httpd
- 3 ps aux | grep httpd
- 4 ps Za | grep httpd
- 5 ps Zaux | grep httpd
- 6 ps Zaux | less
- 7 ls -Z /var/www
- 8 getenforce
- 9 setenforce permissive
- 10 getenforce
- 11 setenforce disabled
- 12 vim /etc/sysconfig/selinux
- 13 reboot
- 14 getenforce
- 15 ls -Z /etc/*
- 16 reboot
- 17 dnf install -y git
- 18 git clone https://github.com/SELinuxProject/refpolicy
- 19 ls
- 20 sestatus
- 21 git clone https://github.com/sandervanvugt/selinux
- 22 cd selinux/
- 23 ls
- 24 history
- 25 mkdir /web
- 26 vim /web/index.html
- 27 vim /etc/httpd/conf/httpd.conf
- 28 systemctl restart httpd
- 29 curl localhost
- 30 getenforce
- 31 setenforce permissive
- 32 curl localhost
- 33 vim /etc/httpd/conf/httpd.conf
- 34 systemctl restart httpd
- 35 curl localhost
- 36 setenforce enforcing
- 37 curl localhost
- 38 history
- 39 grep AVC /var/log/audit/audit.log
- 40 ls -ldZ /web /var/www/html
- 41 semanage fcontext -a -t httdp_sys_content_t "/web/(.*)?"
- 42 semanage fcontext -a -t httpd_sys_content_t "/web/(.*)?"
- 43 ls -ldZ /web /var/www/html
- 44 restorecon -Rv /web
- 45 getenforce
- 46 curl localhost
- 47 man semanage-fcontext
- 48 history
- 49 cd /etc/selinux/
- 50 ls
- 51 cd targeted/
- 52 ls
- 53 cd contexts/
- 54 ls
- 55 cd files
- 56 ls
- 57 less file_contexts.local
- 58 history
- 59 ps -eZ | grep dbus
- 60 cd /web/
- 61 touch newfile.txt
- 62 ls -Z
- 63 restorecon -Rv /web
- 64 history -w
- 65 cd selinux/
- 66 ./countdown 12
- 67 dnf install -y git
- 68 git clone https://github.com/SELinuxProject/refpolicy
- 69 ls
- 70 sestatus
- 71 git clone https://github.com/sandervanvugt/selinux
- 72 cd selinux/
- 73 ls
- 74 history
- 75 mkdir /web
- 76 vim /web/index.html
- 77 vim /etc/httpd/conf/httpd.conf
- 78 systemctl restart httpd
- 79 curl localhost
- 80 getenforce
- 81 setenforce permissive
- 82 curl localhost
- 83 vim /etc/httpd/conf/httpd.conf
- 84 systemctl restart httpd
- 85 curl localhost
- 86 setenforce enforcing
- 87 curl localhost
- 88 history
- 89 grep AVC /var/log/audit/audit.log
- 90 ls -ldZ /web /var/www/html
- 91 semanage fcontext -a -t httdp_sys_content_t "/web/(.*)?"
- 92 semanage fcontext -a -t httpd_sys_content_t "/web/(.*)?"
- 93 ls -ldZ /web /var/www/html
- 94 restorecon -Rv /web
- 95 getenforce
- 96 curl localhost
- 97 man semanage-fcontext
- 98 history
- 99 cd /etc/selinux/
- 100 ls
- 101 cd targeted/
- 102 ls
- 103 cd contexts/
- 104 ls
- 105 cd files
- 106 ls
- 107 less file_contexts.local
- 108 history
- 109 ps -eZ | grep dbus
- 110 cd /web/
- 111 touch newfile.txt
- 112 ls -Z
- 113 restorecon -Rv /web
- 114 history -w
- 115 reboot
- 116 # GRUB boot argument: init=/bin/bash
- 117 # mount -o remount,rw /
- 118 # passwd
- 119 # touch /.autorelabel
- 120 # exec /usr/lib/systemd/systemd
- 121 history
- 122 dnf install selinux-policy-doc
- 123 man -k _selinux
- 124 man -k _selinux | wc
- 125 man -k _selinux | grep http
- 126 man httpd_selinux
- 127 vim /etc/httpd/conf/httpd.conf
- 128 systemctl restart httpd
- 129 systemctl status httpd
- 130 setenforce permissive
- 131* systemctl restart http
- 132 setenforce enforce
- 133 setenforce enforcing
- 134 grep AVC /var/log/audit/audit.log
- 135 journalctl | grep sealert
- 136 sealert -l e3d592df-a274-4e05-be27-009e9af1367b | less
- 137 semanage port -a -t http_port_t -p tcp 82
- 138 getenforce
- 139 systemctl restart httpd
- 140 grep sealert /var/log/messages
- 141 sealert -l 3ef1dbd1-b558-422f-a325-045bb2906f37 | less
- 142 dnf provides */sealert
- 143 ls -Z /etc/hosts
- 144 cp /etc/host /root
- 145 cp /etc/hosts /root
- 146 ls -Z hosts
- 147 ls -Zd /root
- 148 rm /etc/hosts
- 149 mv /etc/hosts /etc/
- 150 mv hosts /etc/
- 151 ls -Z /etc/hosts
- 152 mv /etc/hosts .
- 153 ls -Z hosts
- 154 cp hosts /etc/
- 155 ls -Z /etc/hosts
- 156 restorecon -v /etc/hosts
- 157 getsebool -l
- 158 getsebool -a
- 159 getsebool -a | wc
- 160*
- 161 getsebool -a | grep ftp
- 162 dnf install -y vsftpd
- 163 cd /var/ftp/
- 164 ls
- 165 ls -l
- 166 chmod 777 pub
- 167 vim /etc/vsftpd/vsftpd.conf
- 168 systemctl enable --now vsftpd
- 169 dnf install -y lftp
- 170 lftp localhost
- 171 grep AVC /var/log/audit/audit.log
- 172 journalctl | grep sealert
- 173 sealert -l 1a8107c7-7c91-43a0-926e-3b6fdcb622bf | less
- 174 # semanage fcontext -a -t public_content_rw_t pub
- 175 # restorecon -R -v pub
- 176 # setsebool -P allow_ftpd_anon_write 1
- 177 semanage fcontext -a -t public_content_rw_t "/var/ftp/pub(/.*)?"
- 178 restorecon -Rv /var/ftp/pub
- 179 setsebool -P allow_ftpd_anon_write 1
- 180 lftp localhost
- 181 sesearcg -b ftpd_anon_write -A
- 182 sesearch -b ftpd_anon_write -A
- 183 sesearch -b ftpd_full_access -A
- 184 cp /etc/hosts /tmp/hosts
- 185 ls -Z /tmp/hosts
- 186 mv /tmp/hosts /var/www/html/
- 187 curl http://localhost:82/hosts
- 188 grep AVC /var/log/audit/audit.log
- 189 vim /etc/httpd/conf/httpd.conf
- 190 systemctl restart httpd
- 191 curl http://localhost/hosts
- 192 ls -lZ /var/www/html/
- 193 grep AVC /var/log/audit/audit.log
- 194 mv /var/www/html/ /web/
- 195 curl http://localhost/hosts
- 196 systemctl restart httpd
- 197 curl http://localhost/hosts
- 198 grep AVC /var/log/audit/
- 199 grep AVC /var/log/audit/audit.log
- 200 ls -l /web/
- 201 cd /we b
- 202 cd /web
- 203 ls -lZ
- 204 mv html/hosts .
- 205 ls -Z
- 206 curl http://localhost/hosts
- 207 grep AVC /var/log/audit/audit.log
- 208 dnf install -y setools-console
- 209 sesearch -A | grep httpd_t | grep user_tmp_t
- 210 cd
- 211 cd selinux/
- 212 history
- 213 seinfo -tunconfined
- 214 seinfo -aunconfined_domain_type -x
- 215 dnf module install -y container-tools
- 216 dnf install -y container-tools
- 217 podman run --env container=podman -v /home:/home:ro -v /var/spool:/var/spool:rw -p 21:21 -it docker.io/redhat/ubi9 bash
- 218 systemctl disable --now vsftpd
- 219 podman run --env container=podman -v /home:/home:ro -v /var/spool:/var/spool:rw -p 21:21 -it docker.io/redhat/ubi9 bash
- 220 podman run --security-opt label=type:ubi9pol/process --env container=podman -v /home:/home:ro -v /var/spool:/var/spool:rw -p 21:21 -it docker.io/redhat/ubi9 bash
- 221 history
- 222 podman run --security-opt label=type:ubi9pol.process --env container=podman -v /home:/home:ro -v /var/spool:/var/spool:rw -p 21:21 -it docker.io/redhat/ubi9 bash
- 223 semodule -l
- 224 sealert -l 1a8107c7-7c91-43a0-926e-3b6fdcb622bf | less
- 225 ls
- 226 vim sander.te
- 227 sander.fc
- 228 vim sander.fc
- 229 checkmodule -M -m -o sander.mod sander.te
- 230 semodule_package -o sander.pp -m sander.mod -f sander.fc
- 231 semodule -i sander.pp
- 232 mkdir /opt/sander
- 233 ls -dZ /opt/sander
- 234 cd /opt/sander
- 235 touch bbbb
- 236 ls -lZ
- 237 history
- 238 vim sander.fc
- 239 pwd
- 240 cd
- 241 cd selinux/
- 242 ls
- 243 cat sander.fc
- 244 ls -lZ
- 245 history
- 246 pwd
- 247 restorecon -Rv /opt/sander
- 248 pwd
- 249 ./countdown 12
- 250 semanage user -l
- 251 semanage login -l
- 252 useradd linda
- 253 echo password | passwd --stdin linda
- 254 useradd -Z sysadm_u -G wheel lisa
- 255 passwd lisa
- 256 semanage login -a -s user_u linda
- 257 semanage login -l
- 258 ssh linda@localhost
- 259 semanage login -l
- 260 semanage login -m -s sysadm_u root
- 261 semanage login -l
- 262 semanage login -m -u user_u -r s0 __default__
- 263 semanage login -m -u user_u __default__
- 264 semanage login -m -u user_u -r s0 __default__
- 265 semanage login -m -s user_u -r s0 __default__
- 266 semanage login -l
- 267 useradd anna
- 268 passwd anna
- 269 ssh anna@localhost
- 270 setsebool -P xdm_sysadm_login on
- 271 ssh root@localhost
- 272 setsebool -P ssh_sysadm_login on
- 273 pwd
- 274 ls
- 275 dnf install policycoreutils-devel setools-console gcc
- 276 ls
- 277 cat mydaemon.
- 278 cat mydaemon.c
- 279 gcc -o mydaemon mydaemon.c
- 280 cp mydaemon /usr/local/bin/
- 281 vim mydaemon.service
- 282 cp mydaemon.service /etc/systemd/system/
- 283 systemctl start mydaemon
- 284 ps Zaux | grep mydaemon
- 285 mkdir mydaemon
- 286 mkdir md
- 287 cd md
- 288 sepolicy generate --init /usr/local/bin/mydaemon
- 289 ls
- 290 cat mydaemon.te
- 291 ./mydaemon.sh
- 292 systemctl restart mydaemon
- 293 ps Zaux | grep mydaemon
- 294 grep AVC /var/log/audit/audit.log
- 295 getenforce
- 296 ls
- 297 vim mydaemon_selinux.spec
- 298 systemctl stop vsftpd
- 299 runcon -u system_u -r system_r -t httpd_t vsftpd
- 300 grep AVC /var/log/audit/audit.log
- 301 journactl | grep sealert
- 302 journalctl | grep sealert
- 303 sealert -l 9a203745-ab2f-45fd-b698-1dff0378bc18 | less
- 304 ausearch -c 'runcon' --raw | audit2allow -M my-runcon
- 305 semodule -i my-runcon.pp
- 306 runcon -u system_u -r system_r -t httpd_t vsftpd
- 307 journalctl | grep sealert
- 308 sealert -l 227c5cb4-87f8-4fd7-bdb4-82f5ea8697ce | less
- 309 setsebool -P domain_can_mmap_files 1
- 310 runcon -u system_u -r system_r -t httpd_t vsftpd
- 311 cd
- 312 history
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement