systeme:selinux
Différences
Ci-dessous, les différences entre deux révisions de la page.
Les deux révisions précédentesRévision précédenteProchaine révision | Révision précédente | ||
systeme:selinux [2020/01/21 22:44] – [Context] root | systeme:selinux [2020/02/21 18:36] (Version actuelle) – [sepolicy network] root | ||
---|---|---|---|
Ligne 810: | Ligne 810: | ||
==== sepolicy network ==== | ==== sepolicy network ==== | ||
Interroger les stratégies SELinux relatives aux information réseau: | Interroger les stratégies SELinux relatives aux information réseau: | ||
- | </xtermrtf> | + | < |
$ sepolicy network -p 22 | $ sepolicy network -p 22 | ||
22: tcp ssh_port_t 22 | 22: tcp ssh_port_t 22 | ||
Ligne 842: | Ligne 842: | ||
$ auditctl -l | $ auditctl -l | ||
</ | </ | ||
+ | |||
+ | |||
+ | ====== Scripts ====== | ||
+ | Download and extract and set the variable **POLICY_LOCATION**. | ||
+ | |||
+ | Add to your '' | ||
+ | <code bash> | ||
+ | POLICY_LOCATION=" | ||
+ | |||
+ | # sefindif - Find interface definitions that have a string that matches the | ||
+ | # given regular expression | ||
+ | sefindif() { | ||
+ | REGEXP=" | ||
+ | pushd ${POLICY_LOCATION}/ | ||
+ | for FILE in */*.if; | ||
+ | do | ||
+ | awk "/ | ||
+ | done | ||
+ | popd > /dev/null 2>& | ||
+ | } | ||
+ | |||
+ | # seshowif - Show the interface definition | ||
+ | seshowif() { | ||
+ | INTERFACE=" | ||
+ | pushd ${POLICY_LOCATION}/ | ||
+ | for FILE in */*.if; | ||
+ | do | ||
+ | grep -A 9999 " | ||
+ | done | ||
+ | popd > /dev/null 2>& | ||
+ | } | ||
+ | |||
+ | # sefinddef - Find macro definitions that have a string that matches the given | ||
+ | # regular expression | ||
+ | sefinddef() { | ||
+ | REGEXP=" | ||
+ | grep -H " | ||
+ | } | ||
+ | |||
+ | # seshowdef - Show the macro definition | ||
+ | seshowdef() { | ||
+ | MACRONAME=" | ||
+ | pushd ${POLICY_LOCATION}/ | ||
+ | for FILE in *.spt; | ||
+ | do | ||
+ | grep -A 9999 " | ||
+ | done | ||
+ | popd > /dev/null 2>& | ||
+ | } | ||
+ | |||
+ | # sefindcon - Find macro definitions for constrains | ||
+ | sefindcon() { | ||
+ | awk "/ | ||
+ | } | ||
+ | |||
+ | # selist - List all templates/ | ||
+ | selist() { | ||
+ | pushd ${POLICY_LOCATION}/ | ||
+ | ( | ||
+ | egrep ' | ||
+ | egrep ' | ||
+ | egrep ' | ||
+ | egrep ' | ||
+ | ) | nl | sed -e "s:$: :g"; | ||
+ | popd > /dev/null 2>& | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | $ sefindif ' | ||
+ | services/ | ||
+ | services/ | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | $ seshowif systemd_tmpfilesd_managed | ||
+ | interface(`systemd_tmpfilesd_managed', | ||
+ | gen_require(` | ||
+ | type systemd_tmpfiles_t; | ||
+ | ') | ||
+ | |||
+ | allow systemd_tmpfiles_t $1:$2 { setattr relabelfrom relabelto create }; | ||
+ | ') | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | $ sefinddef ' | ||
+ | obj_perm_sets.spt: | ||
+ | obj_perm_sets.spt: | ||
+ | obj_perm_sets.spt: | ||
+ | obj_perm_sets.spt: | ||
+ | obj_perm_sets.spt: | ||
+ | obj_perm_sets.spt: | ||
+ | obj_perm_sets.spt: | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | $ seshowdef manage_files_pattern | ||
+ | define(`manage_files_pattern', | ||
+ | allow $1 $2:dir rw_dir_perms; | ||
+ | allow $1 $3:file manage_file_perms; | ||
+ | ') | ||
+ | </ | ||
+ |
systeme/selinux.1579646642.txt.gz · Dernière modification : 2020/01/21 22:44 de root