Difference between revisions of "Selinux"

From KeegansWiki
Jump to navigation Jump to search
Line 11: Line 11:
 
  sealert -a /var/log/audit/audit.log
 
  sealert -a /var/log/audit/audit.log
 
* sealert is provided by the package ''setroubleshoot''
 
* sealert is provided by the package ''setroubleshoot''
 +
 +
=Allowing stuff to do stuff=
 +
==Httpd==
 +
===Multiviews & permission to folders===
 +
*''semanage fcontext -a -t httpd_sys_content_t '/www/files/admin/site' ''
 +
*''restorecon -v '/www/files/admin/site' ''

Revision as of 11:55, 5 April 2012

Create Custom Modules

Requires package selinux-policy-devel 

grep http /var/log/audit/audit.log | audit2allow -m newrelicsock > /tmp/newrelic.te
make -f /usr/share/selinux/devel/Makefile
semodule -i newrelic

Alternative

grep httpd /var/log/audit/audit.log | audit2allow -M newrelic
semodule -i newrelic.pp

Show why selinux is being an asshole

sealert -a /var/log/audit/audit.log
  • sealert is provided by the package setroubleshoot

Allowing stuff to do stuff

Httpd

Multiviews & permission to folders

  • semanage fcontext -a -t httpd_sys_content_t '/www/files/admin/site'
  • restorecon -v '/www/files/admin/site'
Retrieved from "http://wiki.keeganm.com/index.php?title=Selinux&oldid=290"