Search This Blog

2015-01-21

Working with SELinux

Example scenario.

SSHD will not start due to it not being able to read a file:

[root@TPC-E9-06-004 ~]# service sshd restart
service sshd restart
Stopping sshd: [ OK ]
Starting sshd: Could not load host key: /etc/ssh/ssh_host_dsa_key
[ OK ]


File is clearly there:

[root@TPC-E9-06-004 ~]# ls -l /etc/ssh/ssh_host_dsa_key
ls -l /etc/ssh/ssh_host_dsa_key


Check to see if selinux is enabled:

[root@TPC-E9-06-004 ~]# getenforce
getenforce
Enforcing


Check SELinux Type:

[root@TPC-E9-06-004 ~]# ls -lZ /etc/ssh/ssh_host_dsa_key
-rw-------. root wheel system_u:object_r:initrc_tmp_t:s0 /etc/ssh/ssh_host_dsa_key


Change context:

[root@TPC-E9-06-004 ~]# chcon -t etc_t /etc/ssh/ssh_host_dsa_key


Restart sshd:

[root@TPC-E9-06-004 ~]# service sshd restart
service sshd restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]


Solved my issue by restoring contexts after the move:

restorecon -R -v /etc/ssh/



ls -lZ /etc/ssh/
-rw-------. root root system_u:object_r:etc_t:s0 moduli
-rw-------. root root system_u:object_r:etc_t:s0 moduli.orig
-rw-r--r--. root root system_u:object_r:etc_t:s0 ssh_config
-rw-r--r--. root root system_u:object_r:etc_t:s0 ssh_config.orig
-rw-------. root root system_u:object_r:etc_t:s0 sshd_config
-rw-------. root root system_u:object_r:etc_t:s0 sshd_config.orig
-rw-------. root wheel system_u:object_r:sshd_key_t:s0 ssh_host_dsa_key
-rw-------. root root system_u:object_r:etc_t:s0 ssh_host_dsa_key.orig
-rw-r--r--. root wheel system_u:object_r:sshd_key_t:s0 ssh_host_dsa_key.pub
-rw-r--r--. root root system_u:object_r:etc_t:s0 ssh_host_dsa_key.pub.orig
-rw-------. root wheel system_u:object_r:sshd_key_t:s0 ssh_host_key
-rw-------. root root system_u:object_r:etc_t:s0 ssh_host_key.orig
-rw-r--r--. root wheel system_u:object_r:sshd_key_t:s0 ssh_host_key.pub
-rw-r--r--. root root system_u:object_r:etc_t:s0 ssh_host_key.pub.orig
-rw-------. root wheel system_u:object_r:sshd_key_t:s0 ssh_host_rsa_key
-rw-------. root root system_u:object_r:etc_t:s0 ssh_host_rsa_key.orig
-rw-r--r--. root wheel system_u:object_r:sshd_key_t:s0 ssh_host_rsa_key.pub
-rw-r--r--. root root system_u:object_r:etc_t:s0 ssh_host_rsa_key.pub.orig

No comments:

Post a Comment