valentin/ocanary-setup
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added restoreconf line to apply semanage policy

Browse Source
This commit is contained in:
valentin 2021-11-10 14:57:19 +01:00
parent d6554579fa
commit 17caa563ab
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ocanary-setup.sh
View File

@ -121,8 +121,9 @@ sudo semanage port -a -t ssh_port_t -p tcp 2222
# Change opencanaryd file type to a 'bin_t' type. Will ensure that the file type does not trisition to a confined domain
# Without this instruction, SELinux will block many actions
echo "Adding rules for SELinux to let opencanaryd service run..."
sudo chcon -t bin_t /var/lib/canary-env/bin/opencanaryd
#sudo semanage fcontext -a -t bin_t /var/lib/canary-env/bin/opencanaryd
#sudo chcon -t bin_t /var/lib/canary-env/bin/opencanaryd
semanage fcontext -a -t bin_t /var/lib/canary-env/bin/opencanaryd
/sbin/restorecon -v /var/lib/canary-env/bin/opencanaryd
echo "Setting SELinux to permisive - IMPORTANT - This action must be removed for production"
# ----- TODO Change this setting -----