Search found 16 matches

by neutronsnowball
2020/06/19 21:10:53
Forum: CentOS 7 - Networking Support
Topic: define route in route-eth0:x file for virtual network
Replies: 6
Views: 1599

Re: define route in route-eth0:x file for virtual network

Yes, it's an IPSec VPN providing IP to port communications. For example, I use ncat to test if the connection is alive: nc -w 3 -zs ${LOCAL_IP} ${REMOTE_IP} ${REMOTE_PORT} ; SUCCESS=$? Route print from the working example using the newer tool: $ ip ro default via 192.168.2.1 dev eth0 proto static me...
by neutronsnowball
2018/06/19 17:47:38
Forum: CentOS 7 - Security Support
Topic: 'setsebool -P' works but throws errors; changes not permanent
Replies: 11
Views: 3116

Re: 'setsebool -P' works but throws errors; changes not permanent

Thanks for the guidance TrevorH. I received good suggestions there. The solution was dirt simple: yum reinstall selinux-policy-targeted After this I was able to set the Boolean without errors and show that it has set the default value correctly: [Cent-7:root@my_server ~]# getsebool authlogin_yubikey...
by neutronsnowball
2018/06/18 18:16:55
Forum: CentOS 7 - Security Support
Topic: 'setsebool -P' works but throws errors; changes not permanent
Replies: 11
Views: 3116

Re: 'setsebool -P' works but throws errors; changes not permanent

Found this bug on Red Hat's site which has very similar symptoms and is resolved in policycoreutils-2.7-6.fc27. Unfortunately CentOS's version is at 2.5-22.el7. Verified that the default of the Boolean is set to "off" using semanage: [Cent-7:root@my_server ~]# semanage boolean -l | grep "authlogin_y...
by neutronsnowball
2018/06/15 20:54:02
Forum: CentOS 7 - Security Support
Topic: 'setsebool -P' works but throws errors; changes not permanent
Replies: 11
Views: 3116

Re: 'setsebool -P' works but throws errors; changes not permanent

UPDATE - the sebool policy reverts to off without needing a reboot. I do not know what is causing this. [Cent-7:root@my_server ~]# getsebool authlogin_yubikey authlogin_yubikey --> off [Cent-7:root@my_server ~]# uptime 15:48:10 up 3 days, 8:11, 1 user, load average: 0.35, 0.39, 0.40 [Cent-7:root@my_...
by neutronsnowball
2018/06/15 18:58:37
Forum: CentOS 7 - Security Support
Topic: 'setsebool -P' works but throws errors; changes not permanent
Replies: 11
Views: 3116

Re: 'setsebool -P' works but throws errors; changes not permanent

This machine was built in Azure using one of their 'vanilla' templates. I suspect the repo was modified by the builder.
Has anyone attempted pointing back to the official centos repos? What kind of mess might I create by switching now?
by neutronsnowball
2018/06/15 16:31:48
Forum: CentOS 7 - Security Support
Topic: 'setsebool -P' works but throws errors; changes not permanent
Replies: 11
Views: 3116

Re: 'setsebool -P' works but throws errors; changes not permanent

Good thought but no, there are no custom semanage policies on this machine. Just ran 'rpm -Va' to check the entire system and found this difference of interest: S.5....T. c /etc/yum.repos.d/CentOS-Base.repo Affected server: [base] name=CentOS-$releasever - Base #mirrorlist=http://mirrorlist.centos.o...
by neutronsnowball
2018/06/15 13:52:05
Forum: CentOS 7 - Security Support
Topic: 'setsebool -P' works but throws errors; changes not permanent
Replies: 11
Views: 3116

Re: 'setsebool -P' works but throws errors; changes not permanent

Similar:

Code: Select all

[Cent-7:root@my_server ~]# rpm -V $(rpm -qa selinux\* policy\*)
.M.......  g /etc/selinux/targeted/active/policy.linked
.M.......  g /etc/selinux/targeted/active/seusers
by neutronsnowball
2018/06/15 12:42:59
Forum: CentOS 7 - Security Support
Topic: 'setsebool -P' works but throws errors; changes not permanent
Replies: 11
Views: 3116

Re: 'setsebool -P' works but throws errors; changes not permanent

Ruh Roh! I don't like the sound of that! Here's the output:

Code: Select all

[Cent-7:root@my_server ~]# rpm -qa selinux\* policy\*
selinux-policy-targeted-3.13.1-192.el7_5.3.noarch
selinux-policy-3.13.1-192.el7_5.3.noarch
policycoreutils-2.5-22.el7.x86_64
policycoreutils-python-2.5-22.el7.x86_64
Thanks Trevor!
by neutronsnowball
2018/06/14 20:30:03
Forum: CentOS 7 - Security Support
Topic: 'setsebool -P' works but throws errors; changes not permanent
Replies: 11
Views: 3116

'setsebool -P' works but throws errors; changes not permanent

I log in w/ssh keys so didn't notice this immediately, but others login with a password plus a two-factor using YubiKey and they started failing at some point after the last updates were installed. After running: setsebool -P authlogin_yubikey on it works again until the next reboot, however it does...
by neutronsnowball
2018/02/08 19:59:18
Forum: CentOS 7 - Networking Support
Topic: SSSD using POSIX attributes
Replies: 1
Views: 1338

Re: SSSD using POSIX attributes

It looks like we've had a breakthrough! The attributes mentioned above were not published for all users (nor the user I was testing with). By manually updating those attributes through the AD Users & Computers tool the results are positive! Now to find a script to automate updating the attributes fo...