API tools faq
paste
Advertisement
sandervanvugt

selinux may21

sandervanvugt
May 7th, 2021
245
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.91 KB | None | 0 0
raw download clone embed print report
  1. [root@localhost selinux]# history
  2. 1 ls -Z
  3. 2 cat /etc/os-release
  4. 3 cd /etc
  5. 4 ls -l
  6. 5 yum install -y httpd
  7. 6 systemctl enable --now httpd
  8. 7 ps aux | grep http
  9. 8 ps Zaux | grep http
  10. 9 cd /var/www/
  11. 10 ls -lZ
  12. 11 netstat -Ztulpen
  13. 12 cd
  14. 13 mkdir /web
  15. 14 vim /web/index.html
  16. 15 vim /etc/httpd/conf/httpd.conf
  17. 16 systemctl restart httpd
  18. 17 curl localhost
  19. 18 history
  20. 19 setenforce permissive
  21. 20 curl localhost
  22. 21 ls -Zd /web
  23. 22 ps Zaux | grep http
  24. 23 vim /etc/httpd/conf/httpd.conf
  25. 24 systemctl restart httpd
  26. 25 getenforce
  27. 26 curl localhost
  28. 27 setenforce enforcing
  29. 28 curl localhost
  30. 29 grep AVC /var/log/audit/audit.log
  31. 30 ls -lZ /var/www
  32. 31 ls -lD /web
  33. 32 ls -zd /web
  34. 33 ls -Zd /web
  35. 34 semanage fcontext -a -t httpd_sys_script_exec_t "/web(/.*)?"
  36. 35 ls -Zd /web
  37. 36 restorecon -Rv /web
  38. 37 curl localhost
  39. 38 semanage fcontext -a -t httpd_sys_content_rw_t "/data(/.*)?"
  40. 39 mkdir /data
  41. 40 ls -Z /data
  42. 41 ls -Zd /data
  43. 42 restorecon -Rv /data
  44. 43 cd /web
  45. 44 touch newfile
  46. 45 ls -Z
  47. 46 ls -lZ /var/www
  48. 47 ls -lZd /web
  49. 48 cd ..
  50. 49 yum install -y git
  51. 50 git clone https://github.com/sandervanvugt/selinux
  52. 51 ls selinux/
  53. 52 mv selinux/ /root/
  54. 53 cd
  55. 54 git clone https://github.com/sandervanvugt/luth
  56. 55 luth/countdown 12
  57. 56 cd /etc/selinux/
  58. 57 ls
  59. 58 cat config
  60. 59 cat semanage.conf
  61. 60 cd targeted/
  62. 61 ls
  63. 62 cd contexts/
  64. 63 ls
  65. 64 cd files/
  66. 65 ls
  67. 66 cat file_contexts.local
  68. 67 pwd
  69. 68 cd
  70. 69 history
  71. 70 getenforce
  72. 71 setenforce --help
  73. 72 vim /etc/sysconfig/selinux
  74. 73 reboot
  75. 74 git clone https://github.com/SELinuxProject/refpolicy
  76. 75 cd refpolicy/
  77. 76 ls
  78. 77 cd policy/
  79. 78 ls
  80. 79 cd modules/
  81. 80 ls
  82. 81 cd
  83. 82 sestatus
  84. 83 grep AVC /var/log/audit/audit.log
  85. 84 ps Zaux | grep dbus-daemon
  86. 85 man 7 capabilities
  87. 86 luth/countdown 12
  88. 87 semanage fcontext -l
  89. 88 semanage fcontext -l | wc
  90. 89 man -k _selinux
  91. 90 yum install selinux-policy-doc
  92. 91 man -k _selinux
  93. 92 man -k _selinux | wc
  94. 93 man -k _selinux | grep http
  95. 94 man httpd_selinux
  96. 95 man semanage
  97. 96 man semanage-fcontext
  98. 97 vim /etc/ssh/sshd_config
  99. 98 systemctl restart sshd
  100. 99 systemctl status sshd
  101. 100 grep AVC /var/log/audit/audit.log
  102. 101 man -k _selinux | grep ssh
  103. 102 man sshd_selinux
  104. 103 netstat -Ztulpen | grep ssh
  105. 104 journalctl | grep sealert
  106. 105 sealert -l f8bea170-a1e8-4e92-8428-e60d579e0bc8 | less
  107. 106 history
  108. 107 semanage port -a -t ssh_port_t -p tcp 2022
  109. 108 systemctl restart sshd
  110. 109 netstat -Ztulpen | grep ssh
  111. 110 grep sealert /var/log/messages
  112. 111 sealert -l c4a7553e-8057-4e4a-88d0-e0f71c44205a | less
  113. 112 ausearch -c 'httpd' --raw
  114. 113 sealert -l c4a7553e-8057-4e4a-88d0-e0f71c44205a | less
  115. 114 vim /etc/sysconfig/selinux
  116. 115 yum install -y vsftpd
  117. 116 vim /etc/vsftpd/vsftpd.conf
  118. 117 cd /var/ftp/
  119. 118 ls -lZ
  120. 119 chmod -R 777 pub
  121. 120 semanage fcontext -a -t public_content_rw_t "/var/ftp/pub(/.*)?"
  122. 121 restorecon -Rv /var/ftp/pub
  123. 122 systemctl restart vsftpd
  124. 123 yum install -y lftp
  125. 124 lftp localhost
  126. 125 getsebool -a
  127. 126 getsebool -a | wc
  128. 127 getsebool -a | grep ftp
  129. 128 journalctl | grep sealert
  130. 129 sealert -l f422de85-86de-474f-81ce-465bad90cca4 | less
  131. 130 setsebool -P ftpd_anon_write 1
  132. 131 lftp localhost
  133. 132 grep AVC /var/log/audit/audit.log
  134. 133 grep AVC /var/log/audit/audit.log | grep ftp
  135. 134 grep AVC /var/log/audit/audit.log | grep http
  136. 135 cd
  137. 136 luth/countdown 18
  138. 137 sealert -b
  139. 138 getsebool -a | grep ftp
  140. 139 sesearch -b ftpd_anon_write -A
  141. 140 sesearch -b ftpd_full_access -A
  142. 141 sesearch -A | wc
  143. 142 sesearch -A | grep httpd_d
  144. 143 sesearch -A | grep httpd_t
  145. 144 ldd $(which ls)
  146. 145 seinfo -tunconfined_t
  147. 146 seinfo -aunconfined_domain_type -x
  148. 147 semodule -l
  149. 148 semodule -d xen
  150. 149 grep http /var/log/audit/audit.log | audit2allow -M mypolicy
  151. 150 ls
  152. 151 vim mypolicy.te
  153. 152 seinfo -c
  154. 153 seinfo -cservice -x
  155. 154 vim sander.te
  156. 155 vim sander.fc
  157. 156 checkmodule -M -m -o sander.mod sander.te
  158. 157 semodule_package -o sander.pp -m sander.mod -f sander.fc
  159. 158 semodule -i sander.pp
  160. 159 mkdir /opt/sander
  161. 160 ls -Zd /opt/sander
  162. 161 vim sander.fc
  163. 162 restorecon -Rv /opt/sander
  164. 163 semanage user -l
  165. 164 luth/countdown 12
  166. 165 semanage user -l
  167. 166 useradd linda
  168. 167 echo password | passwd --stdin linda
  169. 168 useradd -Z sysadm_u -G wheel lisa
  170. 169 id linda
  171. 170 id lisa
  172. 171 id -Z lisa
  173. 172 semanage login -a -s user_u linda
  174. 173 semanage login -l
  175. 174 ssh linda
  176. 175 ssh localhost
  177. 176 ssh localhost -p 2022
  178. 177 ssh linda@localhost -p 2022
  179. 178 semanage login -l
  180. 179 semanage login -m -s sysadm_u root
  181. 180 semanage login -l
  182. 181 semanage login -m -s user_u -r s0 __default__
  183. 182 semanage login -l
  184. 183 useradd anna
  185. 184 echo password | passwd --stdin anna
  186. 185 ssh anna@localhost
  187. 186 ssh anna@localhost -p 2022
  188. 187 getsebool -a | grep user
  189. 188 getsebool -a | grep sysadm
  190. 189 ls
  191. 190 cd selinux/
  192. 191 ls
  193. 192 vim setup-rot.sh
  194. 193 ./setup-rot.sh
  195. 194 sepolgen --application startrot13
  196. 195 vim startrot13.te
  197. 196 vim startrot13.fc
  198. 197 vim startrot13.te
  199. 198 startrot.sh
  200. 199 ./startrot13.sh
  201. 200 man -k startrot
  202. 201 mandb
  203. 202 ls
  204. 203 less startrot13_selinux.8
  205. 204 seinfo -t | grep start
  206. 205 systemctl stop vsftpd
  207. 206 runcon -u system_u -r system_r -t httpd_t vsftpd
  208. 207 grep sealert /var/log/messages
  209. 208 sealert -l 183830de-4cb4-44b4-8a70-7aa587ec903a
  210. 209 sealert -l 183830de-4cb4-44b4-8a70-7aa587ec903a | less
  211. 210 # ausearch -c 'runcon' --raw | audit2allow -M my-runcon
  212. 211 # semodule -X 300 -i my-runcon.pp
  213. 212 ausearch -c 'runcon' --raw | audit2allow -M my-runcon
  214. 213 semodule -X 300 -i my-runcon.pp
  215. 214 runcon -u system_u -r system_r -t httpd_t vsftpd
  216. 215 ps Zaux | grep vsftpd
  217. 216 grep AVC /var/log/audit/audit.log
  218. 217 grep sealert /var/log/messages
  219. 218 sealert -l bea45b79-889c-44d6-bb50-057aa5943d3f | less
  220. 219 setsebool -P domain_can_mmap_files 1
  221. 220 runcon -u system_u -r system_r -t httpd_t vsftpd
  222. 221 grep sealert /var/log/messages
  223. 222 sealert -l 86761ee2-ac9d-46b7-9d67-9629fefd0438 | less
  224. 223 # ausearch -c 'vsftpd' --raw | audit2allow -M my-vsftpd
  225. 224 # semodule -X 300 -i my-vsftpd.pp
  226. 225 ausearch -c 'vsftpd' --raw | audit2allow -M my-new-vsftpd
  227. 226 semodule -X 300 -i my-new-vsftpd.pp
  228. 227 runcon -u system_u -r system_r -t httpd_t vsftpd
  229. 228 grep sealert /var/log/messages
  230. 229 history
  231.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!