{"id":8980,"date":"2012-03-12T21:00:16","date_gmt":"2012-03-12T12:00:16","guid":{"rendered":"http:\/\/www.sssg.org\/blogs\/hiro345\/?p=8980"},"modified":"2012-03-13T10:29:21","modified_gmt":"2012-03-13T01:29:21","slug":"selinux%e3%81%a7%e3%82%a8%e3%83%a9%e3%83%bc%e3%81%8c%e3%81%8a%e3%81%8d%e3%81%9f%e3%81%a8%e3%81%8d%e3%81%af","status":"publish","type":"post","link":"https:\/\/www.hiro345.net\/blogs\/hiro345\/archives\/8980.html","title":{"rendered":"SELinux\u3067\u30a8\u30e9\u30fc\u304c\u304a\u304d\u305f\u3068\u304d\u306f&#8230;"},"content":{"rendered":"<p>yum\u306e\u81ea\u52d5\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u306a\u3069\u3067\u3001SELinux\u3067\u30a8\u30e9\u30fc\u304c\u304a\u304d\u305f\u3068\u304d\u306f\u3001\u3042\u308f\u3066\u3066\u518d\u8d77\u52d5\u3059\u308b\u3068\u30cf\u30f3\u30b0\u30a2\u30c3\u30d7\u3057\u3066\u3057\u307e\u3046\u3053\u3068\u304c\u3042\u308a\u307e\u3059\u3002permissive\u30e2\u30fc\u30c9\u3067\u8d77\u52d5\u3057\u3066\u3001avc\u30a8\u30e9\u30fc\u304c\u3067\u306a\u3044\u3053\u3068\u3092\u78ba\u8a8d\u3057\u3066\u304b\u3089 enforcing \u306b\u3057\u306a\u3044\u3068\u8d77\u52d5\u3057\u306a\u304f\u306a\u3063\u305f\u308a\u3059\u308b\u306e\u3067\u6ce8\u610f\u304c\u5fc5\u8981\u3067\u3059\u3002auditd \u304c\u8d77\u52d5\u3057\u3066\u3044\u306a\u3044\u5834\u5408\u306f\u3001\u30ed\u30b0\u306f \/var\/log\/messages \u3084 dmesg \u3067\u78ba\u8a8d\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<pre class=\"brush: bash; gutter: true\">\r\n$ sudo sealert -a \/var\/log\/audit\/audit.log\r\n<\/pre>\n<p><!--more--><br \/>\n\/etc\/selinux\/config \u3092\u66f8\u304d\u63db\u3048\u308c\u3070\u3001permissive\u30e2\u30fc\u30c9\u3067\u8d77\u52d5\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: bash; gutter: true\">\r\n#SELINUX=disabled\r\nSELINUX=permissive\r\n<\/pre>\n<p>\u3068\u3044\u3046\u3053\u3068\u3067\u3001\u6b21\u56de\u8d77\u52d5\u6642\u306b\u30e9\u30d9\u30eb\u306e\u518d\u4ed8\u4e0e\u3067\u304d\u308b\u3088\u3046\u306b\u3001.autorelabel \u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3002\u3053\u306e\u3068\u304d\u3001restorecond \u304c\u81ea\u52d5\u8d77\u52d5\u306b\u306a\u3063\u3066\u3044\u308b\u3053\u3068\u3082\u78ba\u8a8d\u3057\u3066\u304a\u304d\u307e\u3057\u3087\u3046\u3002\u3053\u308c\u304c\u7a3c\u50cd\u3057\u3066\u3044\u306a\u3044\u3068\u3001\u65b0\u3057\u3044\u30d5\u30a1\u30a4\u30eb\u304c\u4f5c\u6210\u3055\u308c\u305f\u3068\u304d\u306b\u9593\u9055\u3063\u305f\u30e9\u30d9\u30eb\u3067\u30d5\u30a1\u30a4\u30eb\u304c\u4f5c\u6210\u3055\u308c\u3066\u3057\u307e\u3046\u3053\u3068\u304c\u3042\u308a\u307e\u3059\u3002\u81ea\u52d5\u8d77\u52d5\u306b\u306a\u3063\u3066\u3044\u306a\u304b\u3063\u305f\u3089\u3001chkconfig \u3067 on \u306b\u3057\u3066\u304a\u304d\u307e\u3057\u3087\u3046\u3002<\/p>\n<pre class=\"brush: bash; gutter: true\">\r\n$ sudo touch \/.autorelabel\r\n$ chkconfig --list | grep restorecond\r\n<\/pre>\n<p>\u518d\u8d77\u52d5\u3059\u308b\u3068\u8d77\u52d5\u4e2d\u306b\u518d\u30e9\u30d9\u30eb\u4ed8\u3051\u304c\u3055\u308c\u307e\u3059\u3002\u3061\u3087\u3063\u3068\u6642\u9593\u304c\u304b\u304b\u308a\u307e\u3059\u3002setenforce\u30b3\u30de\u30f3\u30c9\u3067SELinux\u3092enfocing\u3068\u3057\u3066\u3082\u826f\u3044\u3067\u3059\u304c\u3001\/etc\/selinux\/config \u3092\u66f8\u304d\u63db\u3048\u3066\u518d\u8d77\u52d5\u3059\u308b\u3068\u3053\u308d\u307e\u3067\u78ba\u8a8d\u3057\u3066\u304a\u3044\u305f\u65b9\u304c\u3001\u306e\u3061\u306e\u3061\u5b89\u5fc3\u3067\u3059\u3002\u4f55\u304b\u30c8\u30e9\u30d6\u30eb\u304c\u3042\u3063\u3066\u518d\u8d77\u52d5\u3057\u305f\u3089\u3001\u3053\u308c\u304c\u539f\u56e0\u3067\u518d\u8d77\u52d5\u3057\u306a\u304b\u3063\u305f\u3001\u3068\u3044\u3063\u305f\u3089\u56f0\u308a\u307e\u3059\u304b\u3089\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>yum\u306e\u81ea\u52d5\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u306a\u3069\u3067\u3001SELinux\u3067\u30a8\u30e9\u30fc\u304c\u304a\u304d\u305f\u3068\u304d\u306f\u3001\u3042\u308f\u3066\u3066\u518d\u8d77\u52d5\u3059\u308b\u3068\u30cf\u30f3\u30b0\u30a2\u30c3\u30d7\u3057\u3066\u3057\u307e\u3046\u3053\u3068\u304c\u3042\u308a\u307e\u3059\u3002permissive\u30e2\u30fc\u30c9\u3067\u8d77\u52d5\u3057\u3066\u3001avc\u30a8\u30e9\u30fc\u304c\u3067\u306a\u3044\u3053\u3068\u3092\u78ba\u8a8d\u3057\u3066\u304b\u3089 enforci &hellip; <a href=\"https:\/\/www.hiro345.net\/blogs\/hiro345\/archives\/8980.html\">\u7d9a\u304d\u3092\u8aad\u3080 <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[1209,128],"class_list":["post-8980","post","type-post","status-publish","format-standard","hentry","category-linux","tag-linux","tag-selinux"],"_links":{"self":[{"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/posts\/8980","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/comments?post=8980"}],"version-history":[{"count":7,"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/posts\/8980\/revisions"}],"predecessor-version":[{"id":9172,"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/posts\/8980\/revisions\/9172"}],"wp:attachment":[{"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/media?parent=8980"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/categories?post=8980"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/tags?post=8980"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}