关于linux:Selinux

89次阅读

共计 2033 个字符,预计需要花费 6 分钟才能阅读完成。

生成补丁:


cat /var/log/audit/audit.log | grep zabbix_agent | grep denied | audit2allow -M zabbix_agent_redis

打补丁:semodule  -i  zabbix_agent_redis.pp


剖析工具

yum install setroubleshoot-server
sealert -a /var/log/audit/audit.log

vi 11.txt

<code>
type=AVC msg=audit(1542879761.103:12204): avc: denied {name_connect} for pid=9766 comm="python" dest=9001 scontext=system_u:system_r:zabbix_agent_t:s0 tcontext=system_u:object_r:tor_port_t:s0 tclass=tcp_socket
type=SYSCALL msg=audit(1542879761.103:12204): arch=c000003e syscall=42 success=no exit=-13 a0=3 a1=7ffd89185810 a2=10 a3=fa items=0 ppid=7405 pid=9766 auid=4294967295 uid=997 gid=994 euid=997 suid=997 fsuid=997 egid=994 sgid=994 fsgid=994 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj=system_u:system_r:zabbix_agent_t:s0 key=(null)
type=PROCTITLE msg=audit(1542879761.103:12204): proctitle=2F7573722F62696E2F707974686F6E002F6574632F7A61626269782F7A61626269785F6167656E74642E642F736372697074732F7461736B6D712E7079002D480031302E312E352E323530002D500039303031
type=AVC msg=audit(1542879770.143:12205): avc: denied {name_connect} for pid=9776 comm="python" dest=9010 scontext=system_u:system_r:zabbix_agent_t:s0 tcontext=system_u:object_r:i18n_input_port_t:s0 tclass=tcp_socket
type=SYSCALL msg=audit(1542879770.143:12205): arch=c000003e syscall=42 success=no exit=-13 a0=3 a1=7ffe8e88a0b0 a2=10 a3=fa items=0 ppid=7405 pid=9776 auid=4294967295 uid=997 gid=994 euid=997 suid=997 fsuid=997 egid=994 sgid=994 fsgid=994 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python2.7" subj=system_u:system_r:zabbix_agent_t:s0 key=(null)
type=PROCTITLE msg=audit(1542879770.143:12205): proctitle=2F7573722F62696E2F707974686F6E002F6574632F7A61626269782F7A61626269785F6167656E74642E642F736372697074732F7461736B6D712E7079002D480031302E312E352E323530002D500039303130
</code>

sealert -a 11.txt
ausearch -c 'python' --raw | audit2allow -M my-python



========= 批改文件属性 =============

semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/erp/company/0/js_cache(/.*)?";

restorecon -R /var/www/html/erp/company/0/js_cache/


========= 批改类型宽容属性 =========

semanage fcontext -l|grep zabbix
semanage permissive -a zabbix_agent_t

正文完
 0