SELinux Lösungen: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| (7 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 2: | Zeile 2: | ||
= Verlegen eines SSH-Ports = | = Verlegen eines SSH-Ports = | ||
| − | * grep | + | * grep "^Port" /etc/ssh/sshd_config |
<!-----> | <!-----> | ||
| − | Port | + | Port 8472 |
| − | * grep | + | * grep "set allowed_tcp_dports" --after-context=3 /etc/nftables/main.nft |
<!-----> | <!-----> | ||
set allowed_tcp_dports { | set allowed_tcp_dports { | ||
type inet_service | type inet_service | ||
| − | elements = { ssh, 9090, ''' | + | elements = { ssh, 9090, '''8472''' } |
} | } | ||
* systemctl restart nftables | * systemctl restart nftables | ||
| − | * semanage port -a -p tcp | + | * semanage port -a -p tcp 8472 -t ssh_port_t |
* systemctl restart sshd | * systemctl restart sshd | ||
* systemctl status sshd | * systemctl status sshd | ||
| Zeile 32: | Zeile 32: | ||
Jan 12 15:11:46 fedora systemd[1]: Starting sshd.service - OpenSSH server daemon... | Jan 12 15:11:46 fedora systemd[1]: Starting sshd.service - OpenSSH server daemon... | ||
| − | Jan 12 15:11:46 fedora sshd[13188]: Server listening on 0.0.0.0 port | + | Jan 12 15:11:46 fedora sshd[13188]: Server listening on 0.0.0.0 port 8472. |
| − | Jan 12 15:11:46 fedora sshd[13188]: Server listening on :: port | + | Jan 12 15:11:46 fedora sshd[13188]: Server listening on :: port 8472. |
Jan 12 15:11:46 fedora systemd[1]: Started sshd.service - OpenSSH server daemon. | Jan 12 15:11:46 fedora systemd[1]: Started sshd.service - OpenSSH server daemon. | ||
| − | * grep | + | * grep "set allowed_tcp_dports" --after-context=3 /etc/nftables/main.nft |
<!-----> | <!-----> | ||
set allowed_tcp_dports { | set allowed_tcp_dports { | ||
type inet_service | type inet_service | ||
| − | elements = { ssh, 9090, ''' | + | elements = { ssh, 9090, '''90''' } |
} | } | ||
* systemctl restart nftables | * systemctl restart nftables | ||
| Zeile 46: | Zeile 46: | ||
* cd /etc/httpd/conf | * cd /etc/httpd/conf | ||
* cp httpd.conf{,.orig} | * cp httpd.conf{,.orig} | ||
| − | * sed | + | * sed 's/var\/www/web/g' httpd.conf.orig > httpd.conf |
* systemctl start httpd | * systemctl start httpd | ||
* semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?" | * semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?" | ||
Aktuelle Version vom 17. Januar 2023, 13:58 Uhr
Verlegen eines SSH-Ports
- grep "^Port" /etc/ssh/sshd_config
Port 8472
- grep "set allowed_tcp_dports" --after-context=3 /etc/nftables/main.nft
set allowed_tcp_dports {
type inet_service
elements = { ssh, 9090, 8472 }
}
- systemctl restart nftables
- semanage port -a -p tcp 8472 -t ssh_port_t
- systemctl restart sshd
- systemctl status sshd
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; preset: enabled)
Active: active (running) since Thu 2023-01-12 15:11:46 CET; 2s ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 13188 (sshd)
Tasks: 1 (limit: 2311)
Memory: 1.3M
CPU: 10ms
CGroup: /system.slice/sshd.service
└─13188 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"
Jan 12 15:11:46 fedora systemd[1]: Starting sshd.service - OpenSSH server daemon...
Jan 12 15:11:46 fedora sshd[13188]: Server listening on 0.0.0.0 port 8472.
Jan 12 15:11:46 fedora sshd[13188]: Server listening on :: port 8472.
Jan 12 15:11:46 fedora systemd[1]: Started sshd.service - OpenSSH server daemon.
- grep "set allowed_tcp_dports" --after-context=3 /etc/nftables/main.nft
set allowed_tcp_dports {
type inet_service
elements = { ssh, 9090, 90 }
}
- systemctl restart nftables
- mkdir -p /web/html
- cd /etc/httpd/conf
- cp httpd.conf{,.orig}
- sed 's/var\/www/web/g' httpd.conf.orig > httpd.conf
- systemctl start httpd
- semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
- restorecon -R /web
- ls -dlZ /web
- curl localhost/test
Hello, world!