Difference between revisions of "SE Linux Troubleshooting"
Jump to navigation
Jump to search
Michael.mast (talk | contribs) |
Michael.mast (talk | contribs) |
||
| Line 45: | Line 45: | ||
Policy deny_unknown status: allowed | Policy deny_unknown status: allowed | ||
Max kernel policy version: 30 | Max kernel policy version: 30 | ||
| + | </pre> | ||
| + | ==Apache Settings== | ||
| + | Needed to allow apache to write to the web directory for a NextCloud update. | ||
| + | <pre> | ||
| + | chcon -R -t httpd_sys_rw_content_t /var/www/html | ||
</pre> | </pre> | ||
Revision as of 08:14, 9 October 2019
Contents
Setroubleshoot
yum install setroubleshoot setools sealert -a /var/log/audit/audit.log
Audit2allow (without setroubleshoot)
sudo grep fail2ban /var/log/audit/audit.log | audit2allow -M fail2ban2 ******************** IMPORTANT *********************** To make this policy package active, execute: semodule -i fail2ban2.pp [ec2-user@ip-172-26-5-161 ~]$ nano fail2ban2. [ec2-user@ip-172-26-5-161 ~]$ nano fail2ban2.pp [ec2-user@ip-172-26-5-161 ~]$ sudo semodule -i fail2ban2.pp
Configure SELinux on Amazon Linux AMI
- Install packages
yum install libselinux libselinux-utils selinux-policy-minimum selinux-policy-mls selinux-policy-targeted policycoreutils
- Edit grub boot options
Edit /etc/grub.conf and change selinux=0 to selinux=1, then add security=selinux enforcing=1
- [4]Then tell selinux you want to relable the filesystem
touch /.autorelabel
- Reboot and check selinux status
sestatus SELinux status: enabled SELinuxfs mount: /selinux SELinux root directory: /etc/selinux/ Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 30
Apache Settings
Needed to allow apache to write to the web directory for a NextCloud update.
chcon -R -t httpd_sys_rw_content_t /var/www/html
- ↑ http://www.serverlab.ca/tutorials/linux/administration-linux/troubleshooting-selinux-centos-red-hat/
- ↑ https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security-enhanced_linux/sect-security-enhanced_linux-fixing_problems-allowing_access_audit2allow
- ↑ http://www.chrisumbel.com/article/selinux_amazon_aws_ec2_ami_linux
- ↑ https://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-sel-fsrelabel.html
