Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [root@localhost selinux]# history
- 1 cd selinux/
- 2 ./countdown 12
- 3 cd /etc
- 4 ls -Z
- 5 ps Zaux
- 6 grep AVC /var/log/audit/audit.log
- 7 cat /etc/os-release
- 8 cd
- 9 dnf install -y httpd
- 10 systemctl start httpd
- 11 ps Zaux | grep http
- 12 ls -Zl /var/www
- 13 mkdir /web
- 14 vim /web/index.html
- 15 vim /etc/httpd/conf/httpd.conf
- 16 systemctl restart httpd
- 17 curl localhost
- 18 setenforce permissive
- 19 curl localhost
- 20 vim /etc/httpd/conf/httpd.conf
- 21 systemctl restart httpd
- 22 curl localhost
- 23 getenforce
- 24 setenforce enforcing
- 25 curl localhost
- 26 grep AVC /var/log/audit/audit.log
- 27 ls -Z /web/index.html
- 28 dnf install -y git
- 29 git clone https://github.com/sandervanvugt/selinux
- 30 cd selinux/
- 31 ls
- 32 cd ..
- 33 grep AVC /var/log/audit/audit.log
- 34 date -d @1671032151
- 35 history
- 36 cat /etc/sysconfig/selinux
- 37 sestatus
- 38 getsebool -a
- 39 getsebool -a | grep ftp
- 40 ps Zaux | grep dbus
- 41 ps Zaux | grep dbus-daemon
- 42 ls -lZd /web
- 43 semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
- 44 ls -lZd /web
- 45 cd /etc/selinux/
- 46 ls
- 47 cd targeted/
- 48 ls
- 49 cd contexts/
- 50 ls
- 51 cd files/
- 52 ls
- 53 cat file_contexts.local
- 54 cd
- 55 restorecon -Rv /web
- 56 getenforce
- 57 curl localhost
- 58 history
- 59 man semanage
- 60 man semanage-fcontext
- 61 reboot
- 62 chvt 2
- 63 exit
- 64 podman ps
- 65 podman inspect e11f8637ec65 > ubi8.json
- 66 less ubi8.json
- 67 udica -j ubi8.json ubi8pol
- 68 semodule -i ubi8pol.cil /usr/share/udica/templates/{base_container.cil,home_container.cil}
- 69 ls
- 70 less ubi8pol.cil
- 71 ls -lZ /var/www
- 72 man -k _selinux
- 73 dfn install -y selinux-policy-doc
- 74 dnf install -y selinux-policy-doc
- 75 man -k _selinux
- 76 man -k _selinux | wc
- 77 man zebra_selinux
- 78 journalctl
- 79 journalctl | grep sealert
- 80 sealert
- 81 grep sealert /var/log/messages
- 82 sealert -l 29e1308a-3434-43d1-a935-fce5f7217355 | less
- 83 vim /etc/ssh/sshd_config
- 84 systemctl restart sshd
- 85 systemctl status sshd
- 86 setenforce 0
- 87 systemctl status sshd
- 88 systemctl restart sshd
- 89 grep sealert /var/log/messages
- 90 sealert -l fb6422b5-79ed-458b-b504-37aca6456309 | less
- 91 emanage port -a -t ssh_port_t -p tcp 2022
- 92 semanage port -a -t ssh_port_t -p tcp 2022
- 93 getenforce
- 94 setenforce 1
- 95 getenforce
- 96 systemctl restart sshd
- 97 systemctl status sshd
- 98 cp /etc/hosts .
- 99 ls -Z /etc/hosts ./hosts
- 100 rm /etc/hosts
- 101 mv hosts /etc/
- 102 ls -Z /etc/hosts
- 103 restorecon -R /etc/hosts
- 104 ls -Z /etc/hosts
- 105 dnf install vsftpd
- 106 vim /etc/vsftpd/vsftpd.conf
- 107 grep ftp /etc/passwd
- 108 cd /var/ftp
- 109 mkdir pub
- 110 ls -l
- 111 chmod 777 pub
- 112 dnf install -y lftp
- 113 systemctl start vsftpd
- 114 lftp localhost
- 115 grep AVC /var/log/audit/audit.log
- 116 grep sealert /var/log/messages
- 117 sealert -l 4f3b42bb-89ba-47e8-98e2-b8a6e52f36e6 | less
- 118 # semanage fcontext -a -t public_content_rw_t pub
- 119 # restorecon -R -v pub
- 120 # setsebool -P allow_ftpd_anon_write 1
- 121 pwd
- 122 semanage fcontext -a -t public_content_rw_t "/var/ftp/pub(/.*)?"
- 123 restorecon -Rv /var/ftp/pub
- 124 setsebool -P allow_ftpd_anon_write 1
- 125 lftp localhost
- 126 getsebool -a | grep ftp
- 127 cd
- 128 selinux/countdown 13
- 129 sesearch
- 130 sesearch -b ftpd_anon_write -A | less
- 131 getsebool -a | grep ftp
- 132 sesearch -b ftpd_full_access -A | less
- 133 sesearch -b ftpd_anon_write -p read -AC
- 134 sesearch -s httpd_t -t user_home_t -p read -A
- 135 sesearch -s httpd_t -t default_t -p read -A
- 136 sesearch -A | grep httpd_t
- 137 sesearch -A | grep httpd_t | wc
- 138 sesearch -A
- 139 sesearch -A | wc
- 140 cp /etc/hosts /tmp/hosts
- 141 ls -Z /tmp/hosts
- 142 mv /tmp/hosts /var/www/html/
- 143 mv /var/www/html/ /web/
- 144 ls -Z /web
- 145 cd /web
- 146 mv html/hosts .
- 147 ls -Z
- 148 curl http://localhost/hosts
- 149 systemctl enable --now httpd
- 150 curl http://localhost/hosts
- 151 grep AVC /var/log/audit/audit.log
- 152 dnf install -y setools-console
- 153 sesearch -A | grep httpd_t | grep user_tmp_t
- 154 seinfo -aunconfined_domain_type -x
- 155 dnf install -y container-tools
- 156 podman run --env container=podman -v /home:/home:ro -v /var/spool:/var/spool:rw -p 21:21 -it docker.io/redhat/ubi9 bash
- 157 podman ps
- 158 podman run --env container=podman -v /home:/home:ro -v /var/spool:/var/spool:rw -it docker.io/redhat/ubi9 bash
- 159 podmamn stop e11
- 160 podman stop e11
- 161 podman run --security-opt label=type:ubi8pol.process -v /home:/home:ro -v /var/spool:/var/spool:rw -it docker.io/redhat/ubi9 bash
- 162 semodule -l
- 163 semodule -l | wc
- 164 cd
- 165 grep http /var/log/audit/audit.log | audit2allow -M mypolicy
- 166 ls
- 167 vim mypolicy.te
- 168 cd selinux/
- 169 ls
- 170 cd ..
- 171 vim sander.te
- 172 vim sander.fc
- 173 checkmodule -M -m -o sander.mod sander.te
- 174 semodule_package -o sander.pp -m sander.mod -f sander.fc
- 175 semodule -i sander.pp
- 176 cat sander.fc
- 177 mkdir /opt/sander
- 178 ls -ldZ /opt/sander
- 179 restorecon -Rv /opt/sander
- 180 cd selinux/
- 181 ./countdown 20
- 182 semanage user -l
- 183 useradd linda
- 184 echo password | passwd --stdin linda
- 185 useradd -Z sysadm_u -G wheel lisa
- 186 echo password | passwd --stdin lisa
- 187 semanage login -a -s user_u linda
- 188 semanage login -l
- 189 chvt 3
- 190 semanage login -m -s sysadm_u root
- 191 semanage login -l
- 192 semanage login -m -s user_u -r s0 __default__
- 193 semanage login -l
- 194 useradd anna
- 195 echo password | passwd --stdin anna
- 196 chvt 3
- 197 getsebool -a | grep user
- 198 getsebool -a | grep sysadm
- 199 chvt 2
- 200 setsebool -P xdm_sysadm_login on
- 201 setsebool -P ssh_sysadm_login on
- 202 reboot
- 203 cd selinux/
- 204 ./countdown 12
- 205 pwd
- 206 ls
- 207 dnf install policycoreutils-devel setools-console gcc
- 208 ls
- 209 gcc -o mydaemon mydaemon.c
- 210 ls
- 211 sudo cp mydaemon /usr/local/bin/
- 212 vim mydaemon.service
- 213 cp mydaemon.service /etc/systemd/system/
- 214 ls -Z /usr/local/bin/mydaemon
- 215 systemctl start mydaemon
- 216 ps Zaux | grep mydaemon
- 217 sepolicy generate --init /usr/local/bin/mydaemon
- 218 vim mydaemon.te
- 219 vim mydaemon.if
- 220 vim mydaemon.sh
- 221 ./mydaemon.sh
- 222 systemctl restart mydaemon.service
- 223 ps Zaux | grep mydae
- 224 man -k mydaemon
- 225 mandb
- 226 grep AVC /var/log/audit/audit.log
- 227 grep sealert /var/log/messages
- 228 sealert -l "*"
- 229 sealert -l "*" | less
- 230 # ausearch -c 'mydaemon' --raw | audit2allow -M my-mydaemon
- 231 # semodule -X 300 -i my-mydaemon.pp
- 232 ausearch -c 'mydaemon' --raw | audit2allow -M my-mydaemon
- 233 semodule -i my-mydaemon.pp
- 234 systemctl restart mydaemon
- 235 grep AVC /var/log/messages
- 236 grep AVC /var/log/audit/audit.log
- 237 date -d @1671046387
- 238 systemctl cat vsftpd.service
- 239 runcon -u system_u -r system_r -t httpd_t vsftpd
- 240 grep AVC /var/log/audit/audit.log
- 241 sealert -l
- 242 sealert -l "*"
- 243 # ausearch -c 'runcon' --raw | audit2allow -M my-runcon
- 244 # semodule -X 300 -i my-runcon.pp
- 245 ausearch -c 'runcon' --raw | audit2allow -M my-runcon
- 246 semodule -X 300 -i my-runcon.pp
- 247 runcon -u system_u -r system_r -t httpd_t vsftpd
- 248 grep AVC /var/log/audit/audit.log
- 249 sealert -l "*"
- 250 # ausearch -c 'runcon' --raw | audit2allow -M my-runcon
- 251 # semodule -X 300 -i my-runcon.pp
- 252 ausearch -c 'runcon' --raw | audit2allow -M my-runcon2
- 253 semodule -X 300 -i my-runcon2.pp
- 254 runcon -u system_u -r system_r -t httpd_t vsftpd
- 255 grep AVC /var/log/audit/audit.log
- 256 history
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement