SEC 440 SELinux Deepdive - JadenGil/Jaden-Tech-Journal GitHub Wiki

Getting Started:

In Web01 I had some things to do before getting the lab fully underway.

To start I cleared out the /var/www/html directory so I had a clean start. I used rm -rf mediakwiki/ to force remove the MediaWiki dir from the directory and used rm to remove any other files.

Aside from clearing the directory I also had to use nano /etc/httpd/conf/httpd.conf to change the main directory in the file from /var/httpd/conf/mediawiki to /var/httpd/conf/

After all that, I went back into /var/httpd/conf/ and made a new index file using index.html and made this for the web page:

image

Deliverable 1:

image

SELinux Packages:

To get started here I began by installing the SELinux utils and other important features using the following command:

image

Adding Users:

I added the users regularuser, switcheduser, guestuser, and restricteduser on web01 using the following commands:

image

Deliverable 2:

This is the process for sshd on SELinux

image)

Deliverable 3:

image

Deliverable 4:

image

Deliverable 5:

to copy the contents of /etc/redhat-releases I used the command cat /etc/redhat-releases >> /var/www/html/index.html the version reflected is 8.6 and from what I can tell the command pastes exactly what is in the given file to the index file and it is displayed as normal text on the webpage.

When I look at the index.html file this is what it looks like:

image

This suggests that all that is happening is a simple copy-paste from the file and nothing more

Using my sudo user "Jaden" I made the file userhost.txt and moved it into /var/www/html

image

And when I navigate to that page on the 10.0.5.100 website it says I don't have permissions

image

Deliverable 6a:

The file type on userhost.txt is user_home_t which is not the correct file type that should be used in a web directory.

image

Deliverable 6b:

When moving the file userhost.txt the SELinux context stays the same as it was before the file was moved. So since it was originally made in my home directory it has the context of user_home_t after moving it into /var/www/html

Deliverable 7:

This change was made using the command sudo restorecon -v /var/www/html/userhost.txt followed by sudo chcon -t httpd_sys_content_t /var/www/html/userhost.txt

image

Enabling user directories for apache:

To start I checked the books by using the commands sudo getsebool httpd_enable_homedirs sudo getsebool httpd_read_user_content

They should both be off at the moment so to turn them on I used the following commands sudo setsebool -P httpd_enable_homedirs on sudo setsebool -P httpd_read_user_content on

In the file highlighted in the photo make sure the circled content is uncommented (It should be by default but it's better to check)

image

Make the dir public_html I made it using the command mkdir /home/Jaden/public_html

Running the commands chmod 755 /home/Jaden and chmod 755 /home/Jaden/public_html will ensure that the correct permissions are set.

Running sudo semanage fcontext -a -t httpd_user_content_t "/home/*/public_html(/.*)?" is used to modify the SELinux file context configuration.

image

Follow this command with sudo restorecon -Rv /home/*/public_html

Finally enter the command sudo chcon -R -t httpd_user_content_t /home/*/public_html and systemctl restart httpd

And the directory will be read on the website

Deliverable 8:

image

Changing to SSH port 2222

To start this section go into sshd_config file using sudo vi /etc/ssh/sshd_config and uncomment and change the port as shown in the picture:

image

Check and update the ssh port using sudo semanage port -l | grep ssh and sudo semanage port -a -t ssh_port_t -p tcp 2222

image

Update the firewall to allow port 2222:

image

Deliverable 9:

image

Preventing SU:

Deliverable 10:

image

Removing Guest EXE privs:

image

Deliverable 11:

image

Deliverable 12:

image