API tools faq
paste
sandervanvugt

selinux oc20

sandervanvugt
Oct 30th, 2020
99
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.50 KB | None | 0 0
raw download clone embed print report
  1. [root@localhost selinux]# history
  2. 1 yum install -y httpd
  3. 2 systemctl enable --now httpd
  4. 3 getenforce
  5. 4 ps aux | grep httpd
  6. 5 ps Zaux | grep httpd
  7. 6 cd /var/www
  8. 7 ls -Z
  9. 8 ps auxZ | grep http
  10. 9 seinfo
  11. 10 cd /boot
  12. 11 ls
  13. 12 cd /proc
  14. 13 ls
  15. 14 cd
  16. 15 less /proc/cmdline
  17. 16 ls -Z
  18. 17 cd /boot
  19. 18 ls
  20. 19 less config-4.18.0-193.el8.x86_64
  21. 20 dmesg | grep SELinux
  22. 21 getenforce
  23. 22 setenforce --help
  24. 23 vim /etc/sysconfig/selinux
  25. 24 yum install -y git
  26. 25 git clone https://github.com/sandervanvugt/selinux
  27. 26 cd selinux/
  28. 27 ls
  29. 28 cd ..
  30. 29 git clone https://github.com/sandervanvugt/luth
  31. 30 ls
  32. 31 mv luth /root
  33. 32 mv selinux /root
  34. 33 cd /root
  35. 34 ls
  36. 35 luth/countdown 12
  37. 36 getenforce
  38. 37 mkdir /web
  39. 38 cd /web
  40. 39 vim index.html
  41. 40 vim /etc/httpd/conf/httpd.conf
  42. 41 systemctl restart httpd
  43. 42 curl http://localhost
  44. 43 getenforce
  45. 44 setenforce permissive
  46. 45 curl http://localhost
  47. 46 vim /etc/httpd/conf/httpd.conf
  48. 47 systemctl restart httpd
  49. 48 curl http://localhost
  50. 49 getenforce
  51. 50 setenforce disable
  52. 51 setenforce disabled
  53. 52 setenforce enforcing
  54. 53 curl http://localhost
  55. 54 systemctl status auditd
  56. 55 grep AVC /var/log/audit/audit.log
  57. 56 ls -Zd /web /var/www/html
  58. 57 man semanage
  59. 58 man semanage-fcontext
  60. 59 semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
  61. 60 cd
  62. 61 ls -Zd /web
  63. 62 cd /etc/selinux/
  64. 63 ls
  65. 64 cd targeted/
  66. 65 ls
  67. 66 cd contexts/
  68. 67 ls
  69. 68 cd files/
  70. 69 ls
  71. 70 cat file_contexts.local
  72. 71 cd
  73. 72 restorecon -Rv /web
  74. 73 ls -lZd /web
  75. 74 getenforce
  76. 75 curl http://localhost
  77. 76 less /var/log/audit/audit.log
  78. 77 grep AVC /var/log/audit/audit.log | grep httpd
  79. 78 cd /web
  80. 79 touch newfile
  81. 80 ls -Z newfile
  82. 81 rpm -qf $(which chcon)
  83. 82 which chcon
  84. 83 ps Zaux | grep http
  85. 84 sestatus
  86. 85 man semanage-fcontext
  87. 86 grep SELINUX /boot/config-4.18.0-193.el8.x86_64
  88. 87 cd
  89. 88 luth/countdown 12
  90. 89 ps -eZ | grep dbus-daemon
  91. 90 ps auxZ | grep dbus-daemon
  92. 91 semanage fcontext -l
  93. 92 semanage fcontext -l | wc
  94. 93 semanage fcontext -l | grep contain
  95. 94 seinfo -t
  96. 95 seinfo -t | wc
  97. 96 seinfo -t | grep container
  98. 97 man -k _selinux
  99. 98 yum install -y selinux-policy-doc
  100. 99 yum provides */seinfo
  101. 100 man -k _selinux
  102. 101 man -k _selinux | docker
  103. 102 man -k _selinux | grep docker
  104. 103 man -k _selinux | grep container
  105. 104 man container_selinux
  106. 105 yum provides */sepolicy
  107. 106 yum install policycoreutils-devel
  108. 107 yum install vsftpd -y
  109. 108 vim /etc/vsftpd/vsftpd.conf
  110. 109 chmod 777 /var/ftp/pub/
  111. 110 systemctl start vsftpd
  112. 111 yum install -y lftp
  113. 112 lftp localhost
  114. 113 getsebool -a
  115. 114 getsebool -a | grep ftp
  116. 115 setsebool -P ftpd_anon_write on
  117. 116 lftp localhost
  118. 117 vim /etc/vsftpd/vsftpd.conf
  119. 118 reboot
  120. 119 history
  121. 120 echo how to fix /etc/shadow
  122. 121 restorecon -v /etc/shadow
  123. 122 luth/countdown 17
  124. 123 grep sealert /var/log/messages
  125. 124 sealert -l df2e0a41-bee5-4f37-9095-56b79d8a1386 | less
  126. 125 # semanage fcontext -a -t public_content_rw_t pub
  127. 126 # restorecon -R -v pub
  128. 127 # semanage fcontext -a -t public_content_rw_t "/var/ftp/pub(/.*)?"
  129. 128 semanage fcontext -a -t public_content_rw_t "/var/ftp/pub(/.*)?"
  130. 129 restorecon -Rv /var/ftp/pub/
  131. 130 lftp localhost
  132. 131 systemctl status vsftpd
  133. 132 systemctl enable --now vsftpd
  134. 133 lftp localhost
  135. 134 grep sealert /var/log/messages
  136. 135 sealert -l a863d808-57e2-4151-a2c2-ff7eaf809739 | less
  137. 136 vim /etc/httpd/conf/httpd.conf
  138. 137 grep 82 /etc/services | less
  139. 138 systemctl restart httpd
  140. 139 systemctl status httpd
  141. 140 grep sealert /var/log/messages
  142. 141 sealert -l 85879352-e35d-4441-830b-771dfd6cabfd
  143. 142 sealert -l 85879352-e35d-4441-830b-771dfd6cabfd | less
  144. 143 semanage port -a -t http_port_t -p tcp 82
  145. 144 systemctl restart httpd
  146. 145 systemctl status httpd
  147. 146 grep sealert /var/log/messages | grep ftp
  148. 147 sealert -l df2e0a41-bee5-4f37-9095-56b79d8a1386
  149. 148 sealert -l df2e0a41-bee5-4f37-9095-56b79d8a1386 | less
  150. 149 sesearch -b ftpd_full_access -A
  151. 150 sesearch -b ftpd_anon_write -A
  152. 151 sesearch -s httpd_t -t user_home_t -p read -A
  153. 152 sesearch -s httpd_t -t default_t -p read -A
  154. 153 ldd /usr/bin/passwd
  155. 154 semanage permissive -l
  156. 155 semanage permissive -d httpd_t
  157. 156 seinfo -tunconfined_t
  158. 157 semodule -l
  159. 158 grep http /var/log/audit/audit.log
  160. 159 grep http /var/log/audit/audit.log | audit2allow -M myhttpd
  161. 160 ls
  162. 161 vim myhttpd.te
  163. 162 git clone https://github.com/SELinuxProject/refpolicy
  164. 163 cd refpolicy/
  165. 164 ls
  166. 165 cd policy/
  167. 166 ls
  168. 167 cd modules/
  169. 168 ls
  170. 169 cd services/
  171. 170 ls
  172. 171 less zabbix.te
  173. 172 less zabbix.fc
  174. 173 cd
  175. 174 cd selinux/
  176. 175 ls
  177. 176 vim sander.te
  178. 177 vim sander.fc
  179. 178 checkmodule -M -m -o sander.mod sander.te
  180. 179 vim sander.te
  181. 180 checkmodule -M -m -o sander.mod sander.te
  182. 181 ls
  183. 182 semodule_package -o sander.pp -m sander.mod -f sander.fc
  184. 183 semodule -i sander.pp
  185. 184 vim sander.fc
  186. 185 semodule_package -o sander.pp -m sander.mod -f sander.fc
  187. 186 semodule -i sander.pp
  188. 187 mkdir /opt/sander
  189. 188 ls -Zd /opt/sander
  190. 189 restorecon -Rv /opt/sander
  191. 190 cd
  192. 191 luth/countdown 11
  193. 192 seinfo -tunconfined_t
  194. 193 seinfo -aunconfined_domain_type -x | less
  195. 194 cd /etc/selinux/targeted/policy/
  196. 195 ls
  197. 196 cd ..
  198. 197 ls
  199. 198 cd contexts/files/
  200. 199 ls
  201. 200 less file_contexts.local
  202. 201 semanage user -l
  203. 202 semanage login -l
  204. 203 useradd linda
  205. 204 semanage login -a -s user_u linda
  206. 205 semanage login -l
  207. 206 ssh linda@localhost
  208. 207 passwd linda
  209. 208 ssh linda@localhost
  210. 209 cd
  211. 210 cd selinux/
  212. 211 ls
  213. 212 cat startrot13
  214. 213 vim rot13.service
  215. 214 vim server.php
  216. 215 vim setup-rot.sh
  217. 216 ./setup-rot.sh
  218. 217 sepolgen --application startrot
  219. 218 ls
  220. 219 sepolgen --application startrot13
  221. 220 vim startrot13.te
  222. 221 ./startrot13.sh
  223. 222 semodule -l | grep start
  224. 223 seinfo -t | grep start
  225. 224 history
  226. 225 ls
  227. 226 vim /etc/sysconfig/selinux
  228. 227 pastebin
  229. 228 history
  230.  
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!