LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Blogs
User Name
Password

Notices



Old

sshd chroot jails based on hostname and SELinux

Posted 04-01-2013 at 11:46 AM by sag47
Updated 04-01-2013 at 11:51 AM by sag47

Why chroot jails based on host name?
If you don't care about the background info just jump to Setting up sshd chroot jail and SELinux.

So I have started configuring automated deployments through my organization using a continuous integration server called Jenkins. I'll post more on Jenkins regularly so that eventually you can have a series of posts which wrap up into a nice and secure howto for Jenkins. So here's why I want chroot jails based on host names.

...
Senior Member
Views 3782 Comments 0 sag47 is offline
Old

SELinux and Icinga

Posted 08-05-2012 at 01:39 AM by sag47
Updated 08-05-2012 at 01:57 AM by sag47

Today I ran into an SELinux problem when installing icinga. I followed their documentation "Adjusting the SELinux settings". However my cgis still would not run. When I ran,
Code:
cat /var/log/audit/audit.log | audit2allow -v
I received the following output,
Code:
#============= httpd_sys_script_t ==============
# src="httpd_sys_script_t" tgt="initrc_tmp_t" class="file", perms="{ read getattr open }"
# comm="tac.cgi"
...
Senior Member
Views 6195 Comments 3 sag47 is offline
Old

Fedora 17 and the brother printer

Posted 07-13-2012 at 08:41 PM by subvertigo
Updated 08-16-2012 at 09:39 AM by subvertigo

The Brother printer driver for my printer runs into SELinux problems post-install. Fortunately, the selinux troubleshooter made this a trivial fix:
Code:
semanage fcontext -a -t cupsd_etc_t /etc/opt/brother/Printers/mfcj6710dw/inf
restorecon -v /etc/opt/brother/Printers/mfcj6710dw/inf
semanage fcontext -a -t cupsd_var_run_t /etc/opt/brother/Printers/mfcj6710dw/inf/brmfcj6710dwrc
restorecon -v /etc/opt/brother/Printers/mfcj6710dw/inf/brmfcj6710dwrc
The remaining files...
LQ Newbie
Posted in Fedora
Views 1220 Comments 0 subvertigo is offline
Old

SELinux, syslog-ng, and the like

Posted 06-19-2012 at 11:12 AM by sag47
Updated 08-05-2012 at 01:58 AM by sag47

So recently in my home setup I installed a scheme for centralized logging. I use rsyslog or syslog on the client servers and syslog-ng on the central server. This is nothing new and has been done before.

rsyslog + syslog-ng = gold.

I have a script which parses the syslog-ng logs across all the servers, filters them, and then sends and email with a summary and unusual logs. Each time I got an email I would get, on average, ~200-500 log messages of SELinux errors and...
Senior Member
Views 3775 Comments 1 sag47 is offline
Old

SELinux and sshd

Posted 01-02-2012 at 05:55 PM by sag47
Updated 08-05-2012 at 01:58 AM by sag47

So I've started using the new Fedora 16 on my main media server (previously F14) and decided to try something new this time. I've always set SELinux to permissive which is a bad idea normally for anything public (which this server isn't but I still want it). Anyway I believe I was testing something before I left for the holidays and ran
Code:
setenforce 0
which disables SELinux. I guess at some point it turned back on somehow and I was locked out of ssh. I dug through my logs (/var/log/messages,...
Senior Member
Views 6210 Comments 1 sag47 is offline

  



All times are GMT -5. The time now is 09:11 PM.

Main Menu
Advertisement

Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration