SELinux Konfiguration: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| (10 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
| + | [[Kategorie:SELinux]] | ||
<span id="verlegen-eines-netzwerkports"></span> | <span id="verlegen-eines-netzwerkports"></span> | ||
= Verlegen eines Netzwerkports = | = Verlegen eines Netzwerkports = | ||
| Zeile 10: | Zeile 11: | ||
'''ssh_port_t''' tcp 22 | '''ssh_port_t''' tcp 22 | ||
* semanage port -a -p tcp '''9922''' -t '''ssh_port_t''' | * semanage port -a -p tcp '''9922''' -t '''ssh_port_t''' | ||
| + | |||
| + | <!-----> | ||
| + | <span id="booleans"></span> | ||
| + | = Booleans = | ||
| + | |||
| + | <span id="booleans-anzeigen"></span> | ||
| + | == Booleans anzeigen == | ||
| + | |||
| + | * getsebool -a | ||
| + | |||
| + | <!-----> | ||
| + | <span id="regeln-zu-booleans-anzeigen"></span> | ||
| + | == Regeln zu Booleans anzeigen == | ||
| + | |||
| + | * sesearch -b ''boolean'' --allow | ||
| + | * sesearch -b ''boolean'' -T | ||
| + | |||
| + | <!-----> | ||
| + | <span id="booleans-an-ausschalten"></span> | ||
| + | == Booleans an-/ausschalten == | ||
| + | |||
| + | * setsebool ''boolean'' 1 | ||
| + | * setsebool ''boolean'' 0 | ||
| + | |||
| + | <!-----> | ||
| + | <span id="dateityp-ändern"></span> | ||
| + | = Dateityp ändern = | ||
| + | |||
| + | <span id="temporär"></span> | ||
| + | == Temporär == | ||
| + | |||
| + | * chcon -t ''httpd_sys_content_t'' "/web(/.*)?" | ||
| + | * ls -dlZ /web | ||
| + | |||
| + | <!-----> | ||
| + | drwxr-xr-x. 3 root root unconfined_u:object_r:httpd_sys_content_t:s0 18 12. Jan 13:17 /web | ||
| + | * restorecon -R -v /web | ||
| + | |||
| + | <!-----> | ||
| + | Relabeled /web from unconfined_u:object_r:httpd_sys_content_t:s0 to unconfined_u:object_r:default_t:s0 | ||
| + | Relabeled /web/html from unconfined_u:object_r:httpd_sys_content_t:s0 to unconfined_u:object_r:default_t:s0 | ||
| + | Relabeled /web/html/test from unconfined_u:object_r:httpd_sys_content_t:s0 to unconfined_u:object_r:default_t:s0 | ||
| + | <span id="rebootfähig"></span> | ||
| + | == Rebootfähig == | ||
| + | |||
| + | * semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?" | ||
| + | * restorecon -R /web | ||
| + | * ls -dlZ /web | ||
| + | |||
| + | <!-----> | ||
| + | drwxr-xr-x. 3 root root unconfined_u:object_r:httpd_sys_content_t:s0 18 12. Jan 13:17 /web | ||
Aktuelle Version vom 11. Oktober 2024, 07:47 Uhr
Verlegen eines Netzwerkports
- SSH soll den Port 9922 statt 22 benutzen
- Standardmäßig werden Ports nach ihrem Programm benannt, also: programm_port_t
- Zur Überprüfung kann auch über semanage nachgeschaut werden
- semanage port -l | grep ssh
ssh_port_t tcp 22
- semanage port -a -p tcp 9922 -t ssh_port_t
Booleans
Booleans anzeigen
- getsebool -a
Regeln zu Booleans anzeigen
- sesearch -b boolean --allow
- sesearch -b boolean -T
Booleans an-/ausschalten
- setsebool boolean 1
- setsebool boolean 0
Dateityp ändern
Temporär
- chcon -t httpd_sys_content_t "/web(/.*)?"
- ls -dlZ /web
drwxr-xr-x. 3 root root unconfined_u:object_r:httpd_sys_content_t:s0 18 12. Jan 13:17 /web
- restorecon -R -v /web
Relabeled /web from unconfined_u:object_r:httpd_sys_content_t:s0 to unconfined_u:object_r:default_t:s0 Relabeled /web/html from unconfined_u:object_r:httpd_sys_content_t:s0 to unconfined_u:object_r:default_t:s0 Relabeled /web/html/test from unconfined_u:object_r:httpd_sys_content_t:s0 to unconfined_u:object_r:default_t:s0
Rebootfähig
- semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
- restorecon -R /web
- ls -dlZ /web
drwxr-xr-x. 3 root root unconfined_u:object_r:httpd_sys_content_t:s0 18 12. Jan 13:17 /web