-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathhh_selinux.txt
38 lines (24 loc) · 1.12 KB
/
hh_selinux.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
listado modulos
semodule -l | grep -i keepalived
semodule --list-modules=full | grep -i keepalived
Crear Modulos (tools)
yum install policycoreutils-python setools-console
seauditor.sh all
cat * | grep -v "#" | sort -u > all-module.txt
allow2te all.txt
semerge keepalived (EN CASO QUE HAYA DUPLICADOS)
Instalar modulos
#checkmodule -C -m -o keepalived.cil keepalived_t.te (no hace falta crear el .cil)
checkmodule -M -m -o keepalived.mod keepalived_t.te
semodule_package -m keepalived.mod -o module_name.pp
semodule -l | grep -i keepalived
semodule -vi keepalived.pp
semodule -l | grep -i keepalived
modulo=;checkmodule -M -m -o "$modulo".mod "$modulo".te && semodule_package -m "$modulo".mod -o "$modulo".pp && semodule -vi "$modulo".pp
Buscar errores
ausearch --debug -i -m AVC,USER_AVC,SELINUX_ERR,USER_SELINUX_ERR -ts today
ausearch --debug -i -m AVC,USER_AVC,SELINUX_ERR,USER_SELINUX_ERR -ts today | awk -F 'comm=' '{print $2}' | awk '{print $1}' | sort -u | xargs
Hacer que todos los modulos escupan al don audit (disable don audit)
semodule -DB
Dejar los modulos como estaban en un inicio
semodule -B