SELinux Apache Port auf 88 Modul: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(Die Seite wurde neu angelegt: „=Port auf 88 stellen= *cat /etc/httpd/conf/httpd.conf Listen 88“) |
|||
| Zeile 2: | Zeile 2: | ||
*cat /etc/httpd/conf/httpd.conf | *cat /etc/httpd/conf/httpd.conf | ||
Listen 88 | Listen 88 | ||
| + | =Enforcing abschalten= | ||
| + | *setenforce 0 | ||
| + | =Apache neustarten= | ||
| + | *systemctl restart httpd | ||
| + | =Modul generieren= | ||
| + | *grep denied.*httpd.*88 /var/log/audit/audit.log | audit2allow -M http-88 | ||
| + | =Modul aktivieren= | ||
| + | *semodule -i http-88.pp | ||
| + | =Enforcing anaschalten= | ||
| + | *setenforce 1 | ||
| + | =Apache neustarten= | ||
| + | *systemctl restart httpd | ||
| + | =Die Regelen finden man hier= | ||
| + | *cat http-88.te | ||
| + | <pre> | ||
| + | module http-88 1.0; | ||
| + | |||
| + | require { | ||
| + | type kerberos_port_t; | ||
| + | type httpd_t; | ||
| + | class tcp_socket name_bind; | ||
| + | } | ||
| + | |||
| + | #============= httpd_t ============== | ||
| + | allow httpd_t kerberos_port_t:tcp_socket name_bind; | ||
| + | </pre> | ||
Version vom 22. November 2022, 10:56 Uhr
Port auf 88 stellen
- cat /etc/httpd/conf/httpd.conf
Listen 88
Enforcing abschalten
- setenforce 0
Apache neustarten
- systemctl restart httpd
Modul generieren
- grep denied.*httpd.*88 /var/log/audit/audit.log | audit2allow -M http-88
Modul aktivieren
- semodule -i http-88.pp
Enforcing anaschalten
- setenforce 1
Apache neustarten
- systemctl restart httpd
Die Regelen finden man hier
- cat http-88.te
module http-88 1.0;
require {
type kerberos_port_t;
type httpd_t;
class tcp_socket name_bind;
}
#============= httpd_t ==============
allow httpd_t kerberos_port_t:tcp_socket name_bind;