Search found 16 matches
- 2020/06/19 21:10:53
- Forum: CentOS 7 - Networking Support
- Topic: define route in route-eth0:x file for virtual network
- Replies: 6
- Views: 1599
Re: define route in route-eth0:x file for virtual network
Yes, it's an IPSec VPN providing IP to port communications. For example, I use ncat to test if the connection is alive: nc -w 3 -zs ${LOCAL_IP} ${REMOTE_IP} ${REMOTE_PORT} ; SUCCESS=$? Route print from the working example using the newer tool: $ ip ro default via 192.168.2.1 dev eth0 proto static me...
- 2018/06/19 17:47:38
- Forum: CentOS 7 - Security Support
- Topic: 'setsebool -P' works but throws errors; changes not permanent
- Replies: 11
- Views: 3116
Re: 'setsebool -P' works but throws errors; changes not permanent
Thanks for the guidance TrevorH. I received good suggestions there. The solution was dirt simple: yum reinstall selinux-policy-targeted After this I was able to set the Boolean without errors and show that it has set the default value correctly: [Cent-7:root@my_server ~]# getsebool authlogin_yubikey...
- 2018/06/18 18:16:55
- Forum: CentOS 7 - Security Support
- Topic: 'setsebool -P' works but throws errors; changes not permanent
- Replies: 11
- Views: 3116
Re: 'setsebool -P' works but throws errors; changes not permanent
Found this bug on Red Hat's site which has very similar symptoms and is resolved in policycoreutils-2.7-6.fc27. Unfortunately CentOS's version is at 2.5-22.el7. Verified that the default of the Boolean is set to "off" using semanage: [Cent-7:root@my_server ~]# semanage boolean -l | grep "authlogin_y...
- 2018/06/15 20:54:02
- Forum: CentOS 7 - Security Support
- Topic: 'setsebool -P' works but throws errors; changes not permanent
- Replies: 11
- Views: 3116
Re: 'setsebool -P' works but throws errors; changes not permanent
UPDATE - the sebool policy reverts to off without needing a reboot. I do not know what is causing this. [Cent-7:root@my_server ~]# getsebool authlogin_yubikey authlogin_yubikey --> off [Cent-7:root@my_server ~]# uptime 15:48:10 up 3 days, 8:11, 1 user, load average: 0.35, 0.39, 0.40 [Cent-7:root@my_...
- 2018/06/15 18:58:37
- Forum: CentOS 7 - Security Support
- Topic: 'setsebool -P' works but throws errors; changes not permanent
- Replies: 11
- Views: 3116
Re: 'setsebool -P' works but throws errors; changes not permanent
This machine was built in Azure using one of their 'vanilla' templates. I suspect the repo was modified by the builder.
Has anyone attempted pointing back to the official centos repos? What kind of mess might I create by switching now?
Has anyone attempted pointing back to the official centos repos? What kind of mess might I create by switching now?
- 2018/06/15 16:31:48
- Forum: CentOS 7 - Security Support
- Topic: 'setsebool -P' works but throws errors; changes not permanent
- Replies: 11
- Views: 3116
Re: 'setsebool -P' works but throws errors; changes not permanent
Good thought but no, there are no custom semanage policies on this machine. Just ran 'rpm -Va' to check the entire system and found this difference of interest: S.5....T. c /etc/yum.repos.d/CentOS-Base.repo Affected server: [base] name=CentOS-$releasever - Base #mirrorlist=http://mirrorlist.centos.o...
- 2018/06/15 13:52:05
- Forum: CentOS 7 - Security Support
- Topic: 'setsebool -P' works but throws errors; changes not permanent
- Replies: 11
- Views: 3116
Re: 'setsebool -P' works but throws errors; changes not permanent
Similar:
Code: Select all
[Cent-7:root@my_server ~]# rpm -V $(rpm -qa selinux\* policy\*)
.M....... g /etc/selinux/targeted/active/policy.linked
.M....... g /etc/selinux/targeted/active/seusers
- 2018/06/15 12:42:59
- Forum: CentOS 7 - Security Support
- Topic: 'setsebool -P' works but throws errors; changes not permanent
- Replies: 11
- Views: 3116
Re: 'setsebool -P' works but throws errors; changes not permanent
Ruh Roh! I don't like the sound of that! Here's the output:
Thanks Trevor!
Code: Select all
[Cent-7:root@my_server ~]# rpm -qa selinux\* policy\*
selinux-policy-targeted-3.13.1-192.el7_5.3.noarch
selinux-policy-3.13.1-192.el7_5.3.noarch
policycoreutils-2.5-22.el7.x86_64
policycoreutils-python-2.5-22.el7.x86_64
- 2018/06/14 20:30:03
- Forum: CentOS 7 - Security Support
- Topic: 'setsebool -P' works but throws errors; changes not permanent
- Replies: 11
- Views: 3116
'setsebool -P' works but throws errors; changes not permanent
I log in w/ssh keys so didn't notice this immediately, but others login with a password plus a two-factor using YubiKey and they started failing at some point after the last updates were installed. After running: setsebool -P authlogin_yubikey on it works again until the next reboot, however it does...
- 2018/02/08 19:59:18
- Forum: CentOS 7 - Networking Support
- Topic: SSSD using POSIX attributes
- Replies: 1
- Views: 1338
Re: SSSD using POSIX attributes
It looks like we've had a breakthrough! The attributes mentioned above were not published for all users (nor the user I was testing with). By manually updating those attributes through the AD Users & Computers tool the results are positive! Now to find a script to automate updating the attributes fo...