Questions tagged [selinux]
Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies.
132
questions
0
votes
2
answers
4k
views
Unable to ssh into server: No supported authentication methods available
After trying some tips from various blogs on how to secure ssh connections to a server, I’m now unable to access my server. I receive this error message:
(Disconnected: No supported authentication ...
CommunityBot
- 1
1
vote
1
answer
4k
views
How do I disable "suspend to RAM", and enable "suspend to idle"?
I found some threads and articles with lots of info on this topic but I can't seem to make sense of it just yet. I'm running Fedora workstation with secure boot and full disk encryption on an Asus tuf ...
CommunityBot
- 1
3
votes
1
answer
7k
views
Configuring SELINUX to allow logging to a file that's outside /var/log
I have a daemon that uses syslog(3) to log to a file that is not a descendant of /var/log. Currently, this requires that SELINUX be disabled. How can I configure an enabled SELINUX to allow this ...
CommunityBot
- 1
1
vote
2
answers
5k
views
SELinux issues when adding rules
On my laptop I use Fedora 17 distro for the first time and I'm having some issues adding rules to semodule
An example:
# grep httpd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i ...
CommunityBot
- 1
1
vote
0
answers
74
views
Selinux policy to allow all access to script or to not log anything done by this script
I have a bash script running every 5 minutes in cron, that basically runs some commands like: mkdir, top, grep, date, wait, sleep, jstack. It runs on user bob.
It generates a lot of logs and I want to ...
- 13.2k
0
votes
0
answers
37
views
Creating a hybrid SELinux policy for a specific directory?
I have a machine "NFS-Server", a machine "Hybrid", and a machine "TFTP-Client" which I would like to connect in the following way:
NFS-Server allows Hybrid to mount to a ...
- 1
0
votes
0
answers
210
views
Enabling Selinux on debian-based system
I just want to know if there is a way to enable SElinux on a Debian-based system. I'm currently running parrot OS with what a think is Debian 10 and I'm having problem enabling Selinux on it. When I ...
2
votes
1
answer
937
views
Tomcat runs from the command line, but will not start as a systemd service
I have built an Apache Tomcat 9.0.83 server on Oracle Linux 9 which will not start as a systemd service, but it does work if you run it from the command line.
sudo su - tomcat /u01/tomcat/my_server/...
- 56.1k
1
vote
0
answers
219
views
Use SELinux(?) to disable root access to iptables for procrastination
This might not be a problem for you but I suffer from poor impulse control and as a result constant procrastination while in front of a computer. I can't procrastinate much on my phone because I ...
- 1
1
vote
0
answers
46
views
finer-grained role/type access (specifically auditd_log_t)
Suppose I want to use SELinux to lock down audit logs even more tightly than ordinary logs. Ordinary logs typically have type var_log_t, but audit logs have type auditd_log_t. So there's at least a ...
- 317
0
votes
0
answers
98
views
Almalinux9 SSH port change is not accepting connections
can someone please give a hint what else may be wrong.
System Almalinux9, located at VPS.
I wanted to change a port of SSHD to 60022, but when i try to connect to it, it does not respond anyhow when i'...
- 6,455
1
vote
1
answer
63
views
docker/podman issue when building in a golang:1.20 container
Anyone know why podman fails and docker works?
podman:
$ podman run --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp golang:1.20 go build -v
go: go.mod file not found in current directory or ...
- 34.6k
4
votes
2
answers
10k
views
How to run an X11 application (xclock) on podman?
podman says Error: Can't open display: localhost:10.0 when I try to run xclock in a container with the command
podman run -ti -e DISPLAY --rm -v
~/.Xauthority:/root/.Xauthority:Z localhost/...
- 103
0
votes
2
answers
135
views
How do I configure/secure LAMP stack on Fedora 37 without permissive SELinux confguration?
I've installed all the LAMP components (Apache, MySQL, and PHP) on Fedora 37, but for now I haven't changed my SELinux configuration from enforcing to permissive because I don't know what problems ...
- 294
4
votes
2
answers
6k
views
Installing selinux headers
I'm trying to build the newest version of glibc (2.19) on CentOS 5.6 and I've run into some issues
The documentation of glibc says that I need at minimum the linux kernel headers 2.6.19 (even if this ...
- 944