Questions tagged [selinux]
Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies.
132
questions
1
vote
0
answers
68
views
Selinux policy to allow all access to script or to not log anything done by this script
I have a bash script running every 5 minutes in cron, that basically runs some commands like: mkdir, top, grep, date, wait, sleep, jstack. It runs on user bob.
It generates a lot of logs and I want to ...
- 11
0
votes
0
answers
35
views
Creating a hybrid SELinux policy for a specific directory?
I have a machine "NFS-Server", a machine "Hybrid", and a machine "TFTP-Client" which I would like to connect in the following way:
NFS-Server allows Hybrid to mount to a ...
- 1
0
votes
0
answers
198
views
Enabling Selinux on debian-based system
I just want to know if there is a way to enable SElinux on a Debian-based system. I'm currently running parrot OS with what a think is Debian 10 and I'm having problem enabling Selinux on it. When I ...
2
votes
1
answer
873
views
Tomcat runs from the command line, but will not start as a systemd service
I have built an Apache Tomcat 9.0.83 server on Oracle Linux 9 which will not start as a systemd service, but it does work if you run it from the command line.
sudo su - tomcat /u01/tomcat/my_server/...
- 131
1
vote
0
answers
46
views
finer-grained role/type access (specifically auditd_log_t)
Suppose I want to use SELinux to lock down audit logs even more tightly than ordinary logs. Ordinary logs typically have type var_log_t, but audit logs have type auditd_log_t. So there's at least a ...
- 317
0
votes
0
answers
85
views
Almalinux9 SSH port change is not accepting connections
can someone please give a hint what else may be wrong.
System Almalinux9, located at VPS.
I wanted to change a port of SSHD to 60022, but when i try to connect to it, it does not respond anyhow when i'...
- 1
1
vote
1
answer
59
views
docker/podman issue when building in a golang:1.20 container
Anyone know why podman fails and docker works?
podman:
$ podman run --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp golang:1.20 go build -v
go: go.mod file not found in current directory or ...
- 34.6k
1
vote
1
answer
4k
views
How do I disable "suspend to RAM", and enable "suspend to idle"?
I found some threads and articles with lots of info on this topic but I can't seem to make sense of it just yet. I'm running Fedora workstation with secure boot and full disk encryption on an Asus tuf ...
forestsounds89
1
vote
0
answers
110
views
Restarting Apache after installing RSA Web Agent
Good afternoon,
We are currently attempting to install the RSA Web agent on our Apache web server, but run into problems after installation, when restarting the web server.
The error we get is the ...
- 43
0
votes
2
answers
134
views
How do I configure/secure LAMP stack on Fedora 37 without permissive SELinux confguration?
I've installed all the LAMP components (Apache, MySQL, and PHP) on Fedora 37, but for now I haven't changed my SELinux configuration from enforcing to permissive because I don't know what problems ...
1
vote
1
answer
206
views
Ubuntu - ls -Z only shows question marks and file names
When I'm using ls -Z /etc I only get question marks and filenames. I don't get anything about the security context. Does anyone know anything about this?
0
votes
1
answer
798
views
Arch: unable to write to pipe (Broken pipe) when installing selinux-refpoicy-arch
I'm setting up selinux on my arch system, every library successfully built and the modules were installed, but attempting to apply the reference policies supplied by selinux-refpolicy-arch fails after ...
- 11
0
votes
1
answer
566
views
VirtualBox guest additions update got error missing SELinux target policy file
While updating VirtualBox guest additions on a Red Hat Linux 7 (RHEL7) virtual machine, we got the below error about missing a target policy file of SELinux.
We checked the virtual machine:
We tried ...
- 399
1
vote
1
answer
9k
views
Rsyslog forward logs cannot connect Permission Denied
Have configured Rsyslog to ship logs to a remote location through an SSH tunnel.
However rsyslog complains with "Permission denied":
rsyslogd[28412]: cannot connect to 127.0.0.1:10601: ...
- 171
1
vote
1
answer
485
views
Can environment variables be made immutable?
With the recent discovery of the Symbiote vulnerability, it is now apparent that we need a mitigation for LD_PRELOAD injection attacks and similar. One way we may be able to prevent this exploitation ...
- 1,017