Re: need howto for SELinux config--ssh on non-standard port
On 01/06/2010 09:29 PM, John Poelstra wrote: I'm running sshd on a high (1024) port number and cannot find a clear step by step guide for configuring this correctly on Fedora 12 on google I've come across lots of random bugs and forum questions, but nothing that starts at the beginning of the process through the end. I'm a total SELinux newbie and usually just disable itall together when things like this happen. I'm trying to change my ways :) Can anyone provide any URLs or the steps? If someone can provide the steps here I'll blog about it to get it documented so others do not have to suffer the same fate. Thanks, John http://docs.fedoraproject.org/selinux-managing-confined-services-guide/en-US/F11/html/sect-Managing_Confined_Services-Configuration_examples-Changing_port_numbers.html If the avc is for an undefined port port_t then you can do the command # semanage port -a -t ssh_port_t PORTNUM If you are listing to a defined port NAME_port_t, then you need to load a custom policy module # grep ssh /var/log/audit/audit.log | audit2allow -m myssh # semodule -i myssh.pp -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
need howto for SELinux config--ssh on non-standard port
I'm running sshd on a high (1024) port number and cannot find a clear step by step guide for configuring this correctly on Fedora 12 on google I've come across lots of random bugs and forum questions, but nothing that starts at the beginning of the process through the end. I'm a total SELinux newbie and usually just disable itall together when things like this happen. I'm trying to change my ways :) Can anyone provide any URLs or the steps? If someone can provide the steps here I'll blog about it to get it documented so others do not have to suffer the same fate. Thanks, John -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: need howto for SELinux config--ssh on non-standard port
John Poelstra said the following on 01/06/2010 06:29 PM Pacific Time: I'm running sshd on a high (1024) port number and cannot find a clear step by step guide for configuring this correctly on Fedora 12 on google I've come across lots of random bugs and forum questions, but nothing that starts at the beginning of the process through the end. Clarification... I've got ssh running fine... it is the SELinux part I can't figure out :) -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: need howto for SELinux config--ssh on non-standard port
On Wed, Jan 6, 2010 at 8:39 PM, John Poelstra poels...@redhat.com wrote: John Poelstra said the following on 01/06/2010 06:29 PM Pacific Time: I'm running sshd on a high (1024) port number and cannot find a clear step by step guide for configuring this correctly on Fedora 12 on google I've come across lots of random bugs and forum questions, but nothing that starts at the beginning of the process through the end. Clarification... I've got ssh running fine... it is the SELinux part I can't figure out :) May be better ways to deal with it but here is generally what I do: grep sshd /var/log/audit/audit.log | audit2allow -M mySshdPort check mySshdPort.te for sanity and if sane semodule -i mySshdPort.pp to install the module created above. John -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines