LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Blogs
User Name
Password

Notices


Old

sshd chroot jails based on hostname and SELinux

Posted 04-01-2013 at 10:46 AM by sag47
Updated 04-01-2013 at 10:51 AM by sag47

Why chroot jails based on host name?
If you don't care about the background info just jump to Setting up sshd chroot jail and SELinux.

So I have started configuring automated deployments through my organization using a continuous integration server called Jenkins. I'll post more on Jenkins regularly so that eventually you can have a series of posts which wrap up into a nice and secure howto for Jenkins. So here's why I want chroot jails based on host names.

...
Senior Member
Views 8737 Comments 0 sag47 is offline
Old

SELinux and Icinga

Posted 08-05-2012 at 12:39 AM by sag47
Updated 08-05-2012 at 12:57 AM by sag47

Today I ran into an SELinux problem when installing icinga. I followed their documentation "Adjusting the SELinux settings". However my cgis still would not run. When I ran,
Code:
cat /var/log/audit/audit.log | audit2allow -v
I received the following output,
Code:
#============= httpd_sys_script_t ==============
# src="httpd_sys_script_t" tgt="initrc_tmp_t" class="file", perms="{ read getattr open }"
# comm="tac.cgi"
...
Senior Member
Views 118639 Comments 3 sag47 is offline
Old

Fedora 17 and the brother printer

Posted 07-13-2012 at 07:41 PM by subvertigo
Updated 08-16-2012 at 08:39 AM by subvertigo

The Brother printer driver for my printer runs into SELinux problems post-install. Fortunately, the selinux troubleshooter made this a trivial fix:
Code:
semanage fcontext -a -t cupsd_etc_t /etc/opt/brother/Printers/mfcj6710dw/inf
restorecon -v /etc/opt/brother/Printers/mfcj6710dw/inf
semanage fcontext -a -t cupsd_var_run_t /etc/opt/brother/Printers/mfcj6710dw/inf/brmfcj6710dwrc
restorecon -v /etc/opt/brother/Printers/mfcj6710dw/inf/brmfcj6710dwrc
The remaining files...
LQ Newbie
Posted in Fedora
Views 9915 Comments 0 subvertigo is offline
Old

SELinux, syslog-ng, and the like

Posted 06-19-2012 at 10:12 AM by sag47
Updated 08-05-2012 at 12:58 AM by sag47

So recently in my home setup I installed a scheme for centralized logging. I use rsyslog or syslog on the client servers and syslog-ng on the central server. This is nothing new and has been done before.

rsyslog + syslog-ng = gold.

I have a script which parses the syslog-ng logs across all the servers, filters them, and then sends and email with a summary and unusual logs. Each time I got an email I would get, on average, ~200-500 log messages of SELinux errors and...
Senior Member
Views 10975 Comments 1 sag47 is offline
Old

SELinux and sshd

Posted 01-02-2012 at 04:55 PM by sag47
Updated 08-05-2012 at 12:58 AM by sag47

So I've started using the new Fedora 16 on my main media server (previously F14) and decided to try something new this time. I've always set SELinux to permissive which is a bad idea normally for anything public (which this server isn't but I still want it). Anyway I believe I was testing something before I left for the holidays and ran
Code:
setenforce 0
which disables SELinux. I guess at some point it turned back on somehow and I was locked out of ssh. I dug through my logs (/var/log/messages,...
Senior Member
Views 12661 Comments 1 sag47 is offline

  



All times are GMT -5. The time now is 11:36 PM.

Main Menu
Advertisement
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration