Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [l3info@localhost ~]$ id
- uid=1001(l3info) gid=1001(l3info) groupes=10(wheel),1001(l3info)contexte=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
- [l3info@localhost ~]$ ps axZ | less
- system_u:system_r:rpcd_t:s0 1562 ? Ss 0:00 rpc.statd
- system_u:system_r:kernel_t:s0 1590 ? S< 0:00 [rpciod/0]
- system_u:system_r:rpcd_t:s0 1602 ? Ss 0:00 rpc.idmapd
- system_u:system_r:bluetooth_t:s0 1620 ? Ss 0:00 /usr/sbin/bluetoothd
- system_u:system_r:kernel_t:s0 1635 ? S< 0:00 [bluetooth]
- system_u:system_r:sshd_t:s0-s0:c0.c1023 1651 ? Ss 0:00 /usr/sbin/sshd
- system_u:system_r:dhcpc_t:s0 1671 ? S 0:00 /sbin/dhclient -d -sf /usr/libexec/nm-dhcp-client.action -pf /var/r
- system_u:system_r:mysqld_safe_t:s0 1695 ? S 0:00 /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var
- system_u:system_r:mysqld_t:s0 1783 ? Sl 0:00 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=
- system_u:system_r:gpm_t:s0 1831 ? Ss 0:00 /usr/sbin/gpm -m /dev/input/mice -t exps2
- system_u:system_r:httpd_t:s0 1840 ? Ss 0:00 /usr/sbin/httpd
- system_u:system_r:crond_t:s0-s0:c0.c1023 1853 ? Ss 0:00 crond
- system_u:system_r:crond_t:s0-s0:c0.c1023 1864 ? Ss 0:00 /usr/sbin/atd
- [l3info@localhost ~]$ ls -lZ
- drwxr-xr-x. l3info l3info unconfined_u:object_r:user_home_t:s0 Bureau
- drwxr-xr-x. l3info l3info unconfined_u:object_r:user_home_t:s0 Documents
- drwxr-xr-x. l3info l3info unconfined_u:object_r:user_home_t:s0 Images
- drwxr-xr-x. l3info l3info unconfined_u:object_r:user_home_t:s0 Mod�les
- drwxr-xr-x. l3info l3info unconfined_u:object_r:user_home_t:s0 Musique
- drwxr-xr-x. l3info l3info unconfined_u:object_r:user_home_t:s0 Public
- drwxr-xr-x. l3info l3info unconfined_u:object_r:user_home_t:s0 T�l�chargement
- drwxr-xr-x. l3info l3info unconfined_u:object_r:user_home_t:s0 Vid�os
- [l3info@localhost bin]$ ls -lZ
- -rwsr-xr-x. root root system_u:object_r:su_exec_t:s0 su
- -rwxr-xr-x. root root system_u:object_r:bin_t:s0 sync
- -rwxr-xr-x. root root system_u:object_r:bin_t:s0 tar
- -rwxr-xr-x. root root system_u:object_r:bin_t:s0 taskset
- -rwxr-xr-x. root root system_u:object_r:bin_t:s0 touch
- -rwxr-xr-x. root root system_u:object_r:traceroute_exec_t:s0 tracepath
- -rwxr-xr-x. root root system_u:object_r:traceroute_exec_t:s0 tracepath6
- -rwxr-xr-x. root root system_u:object_r:traceroute_exec_t:s0 traceroute
- lrwxrwxrwx. root root system_u:object_r:bin_t:s0 traceroute6 -> traceroute
- -rwxr-xr-x. root root system_u:object_r:bin_t:s0 true
- -rwxr-xr-x. root root system_u:object_r:bin_t:s0 ulockmgr_server
- -rwsr-xr-x. root root system_u:object_r:mount_exec_t:s0 umount
- -rwxr-xr-x. root root system_u:object_r:bin_t:s0 uname
- -rwxr-xr-x. root root system_u:object_r:bin_t:s0 unicode_start
- -rwxr-xr-x. root root system_u:object_r:bin_t:s0 unicode_stop
- [l3info@localhost bin]$ runcon system_u:system_r:unconfined_t:s0 id
- uid=1001(l3info) gid=1001(l3info) groupes=10(wheel),1001(l3info)contexte=system_u:system_r:unconfined_t:s0
- [l3info@localhost bin]$ runcon root:system_r:kernel_t:s0 ls
- runcon: ls: Permission non accord�e
- tail messages
- Jan 25 14:21:40 localhost kernel: type=1400 audit(1264425700.419:12): avc: denied { create } for pid=4546 comm="cp" name="alternatives" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=dir
- Jan 25 14:21:40 localhost kernel: type=1400 audit(1264425700.419:13): avc: denied { create } for pid=4546 comm="cp" name="anacrontab" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=file
- Jan 25 14:21:40 localhost kernel: type=1400 audit(1264425700.419:14): avc: denied { create } for pid=4546 comm="cp" name="anthy-conf" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=file
- Jan 25 14:21:40 localhost kernel: type=1400 audit(1264425700.419:15): avc: denied { create } for pid=4546 comm="cp" name="asound.conf" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=file
- Jan 25 14:21:40 localhost kernel: type=1400 audit(1264425700.419:16): avc: denied { create } for pid=4546 comm="cp" name="audisp" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=dir
- Jan 25 14:21:40 localhost kernel: type=1400 audit(1264425700.419:17): avc: denied { create } for pid=4546 comm="cp" name="audit" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=dir
- Jan 25 14:22:19 localhost kernel: __ratelimit: 780 callbacks suppressed
- Jan 25 14:22:19 localhost kernel: type=1400 audit(1264425739.023:278): avc: denied { create } for pid=4565 comm="cp" name="hosts" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=file
- Jan 25 14:25:59 localhost kernel: type=1400 audit(1264425959.077:279): avc: denied { transition } for pid=4699 comm="runcon" path="/usr/bin/id" dev=sda1 ino=109544 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=root:system_r:kernel_t:s0 tclass=process
- Jan 25 14:26:04 localhost kernel: type=1400 audit(1264425964.567:280): avc: denied { transition } for pid=4718 comm="runcon" path="/bin/ls" dev=sda1 ino=445328 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=root:system_r:kernel_t:s0 tclass=process
- guest_u guest_r
- root staff_r sysadmin_r system_r unconfined_r
- staff_u staff_r sysadmin_r system_r
- sysadm_u sysadm_r
- system_u system_r
- unconfined_u system_r unconfined_r
- user_u user_r
- xguest_u xguest_r
- [l3info@localhost bin]$ runcon system_u:system_r:unconfined_t:s0 id
- uid=1001(l3info) gid=1001(l3info) groupes=10(wheel),1001(l3info)contexte=system_u:system_r:unconfined_t:s0
- audit2allow - generate SELinux policy allow rules from logs of
- denied operations
- audit2why - translates SELinux audit messages into a description
- of why the access was denied (audit2allow -w)
- en utilisant audit2why, on peut lire:
- Jan 25 14:21:40 localhost kernel: type=1400 audit(1264425700.419:12): avc: denied { create } for pid=4546 comm="cp" name="alternatives" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=dir
- Was caused by:
- Missing type enforcement (TE) allow rule.
- You can use audit2allow to generate a loadable module to allow this access.
- Avant de saisir l'entier:
- [l3info@localhost ~]$ ps axZ | grep ex3
- unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 5700 pts/1 S+ 0:00 ./ex3
- apr�s
- [l3info@localhost ~]$ ps axZ | grep cat
- unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 5810 pts/1 S+ 0:00 cat
- [l3info@localhost ~]$ ls -lZ /bin/cat
- -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /bin/cat
- [l3info@localhost ~]$ ps axZ | grep passwd
- unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 6258 pts/1 S+ 0:00 passwd
- [l3info@localhost ~]$ ls -lZ /usr/bin/pass*
- -rwsr-xr-x. root root system_u:object_r:passwd_exec_t:s0 /usr/bin/passwd
- [l3info@localhost ~]$ runcon unconfined_u:unconfined_r:passwd_t:s0 ./ex3
- runcon: ./ex3: Permission non accord�e
- 4)
- [l3info@localhost attr]$ cat current
- unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
- [l3info@localhost attr]$ id -Z
- unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
- [l3info@localhost ~]$ getsebool -a
- allow_console_login --> off
- allow_cvs_read_shadow --> off
- allow_daemons_dump_core --> on
- allow_daemons_use_tty --> on
- allow_domain_fd_use --> on
- allow_execheap --> off
- allow_execmem --> off
- allow_execmod --> off
- allow_execstack --> on
- allow_ftpd_anon_write --> off
- allow_ftpd_full_access --> off
- allow_ftpd_use_cifs --> off
- allow_ftpd_use_nfs --> off
- ...
- ssh 10.14.2.105:
- [l3info@localhost attr]$ cat current
- unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
- [l3info@localhost attr]$ cat prev
- system_u:system_r:sshd_t:s0-s0:c0.c1023
- [root@localhost ~]# cat /proc/self/attr/prev
- unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
- apr�s changement:
- [root@localhost ~]# cat /proc/self/attr/prev
- sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023
- [l3info@localhost booleans]$ ssh -l root/sysadm_r localhost
- root/sysadm_r@localhost's password:
- Last login: Wed Oct 28 11:53:55 2009 from mssi08
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement