≡ Menu

SELinux

CentOS / RHEL: Disable or Enable SELinux Policy Modules

How do I disable or enable SELinux policy modules under Red Hat Enterprise Linux running on Dell hardware?
[click to continue…]

Sysadmin because even developers need heroes!!!

CentOS / RHEL: Change / Copy File SELinux Security Context Command

I‘ve created a file as follows:

ls -l -Z /etc/cron.d/vnstat
-rw-r–r–. root root system_u:object_r:system_cron_spool_t:s0 /etc/cron.d/vnstat

I’ve created a new file /etc/cron.d/vnstat.custom.interface:

ls -l -Z /etc/cron.d/vnstat.custom.interface
-rw-r–r–. root root unconfined_u:object_r:system_cron_spool_t:s0 /etc/cron.d/vnstat.custom.interface

The /etc/cron.d/vnstat is part of default vnstat package. I’ve installed my own version of the same. But, due to SELinux security cron job is not running. How do I change file SELinux security contex under RHEL / CentOS 6 Linux server to system_u:object_r:system_cron_spool_t:s0 from unconfined_u:object_r:system_cron_spool_t:s0 for /etc/cron.d/vnstat.custom.interface file?
[click to continue…]

RHEL 6: Change OpenSSH Port To 1255 ( SELinux Config )

I’ve edited /etc/ssh/sshd_config to change the port number:

Port 1255

However, I’m getting an error as follows:

sshd[26792]: error: Bind to port 1255 on 192.168.1.100 failed: Permission denied

How do I change default OpenSSH port number from 22 to 1255 under RedHat Enterprise Linux server version 6 and SELinux?
[click to continue…]

Linux Syslogd: Nothing Gets Logged Using /dev/log And /jail/apache/dev/log

I‘ve configured my Apache in chrooted jail at /jail/apache directory. However, my syslogd is not working and nothing gets logged using /dev/log and /jail/apache/dev/log. How do I fix this problem under CentOS 5.x AMD64 with SELinux?
[click to continue…]

I’ve setup Squid Proxy server as described here, but I’m getting errors which read as follows:

Jul 14 15:09:02 server1 squid[5315]: Squid Parent: child process 5317 started
Jul 14 15:09:02 server1 squid[5317]: Cannot open HTTP Port
Jul 14 15:09:02 server1 squid[5315]: Squid Parent: child process 5317 exited due to signal 6
Jul 14 15:09:02 server1 setroubleshoot: SELinux is preventing the squid (squid_t) from binding to port 5000. For complete SELinux messages. run sealert -l 1cf3c788-35f7-4752-8439-92a1d0719466

How do I fix this problem?
[click to continue…]

I see the following error in my SELinux enabled CentOS or RHEL server:

Jun 21 13:58:43 server3 restorecond: Will not restore a file with more than one hard link (/etc/resolv.conf) No such file or directory
Jun 21 16:14:51 server3 restorecond: Will not restore a file with more than one hard link (/etc/resolv.conf) No such file or directory
Jun 22 13:32:23 server3 restorecond: Will not restore a file with more than one hard link (/etc/resolv.conf) No such file or directory

How do I fix this problem?
[click to continue…]

Turn on SELinux in Redhat or CentOS Linux Over Remote SSH Session

My hosting company disabled SELinux protection. How do I turn on SELinux over remote ssh session without distributing existing networking services?
[click to continue…]

I‘m using RHEL and whenever I type the command lsnrctl; I get the following error:

lsnrctl: error while loading shared libraries: /u01/app/oracle/product/11.2.0/dbhome_1/lib/libclntsh.so.11.1:
cannot restore segment prot after reloc: Permission denied

How do I fix this problem?
[click to continue…]

Squid Listen on Other Port ( Squid Configure Port Listing with SELinux)

My Squid proxy server running on port 3128. Since this is frequently scanned by adversaries looking for proxy servers; I’ve changed port to 10000 and restart squid. But my squid is not working on port # 10000 it only works on port # 3128? How do I force Squid to listen on uncommon port under CentOS Linux v5.3?
[click to continue…]

Configure HTTPD To Listen on Multiple Ports

How do I configure Apache HTTPD to listen on multiple ports under RHEL / Fedora / CentOS Linux Server?
[click to continue…]