sudo semanage port -l | grep ssh sudo semanage port -a -t ssh_port_t -p tcp 2222 sudo systemctl restart sshd firewall-cmd --permanent --add-port=2222/tcp firewall-cmd --reload sudo nano /etc/ssh/sshd_config

Comment out 22, add 2222

sudo systemctl restart sshd

semanage login -a -s user_u regularuser ssh [email protected] -p 2222 id -Z su - miles

sudo semanage login -a -s guest_u guestuser nano friendly.sh chmod +x friendly.sh sudo setsebool -P guest_exec_content false

SSH to Web01 via guestuser

./friendly.sh (should fail)

On web01

cat /var/log/audit/audit.log | grep friendly

sudo semange login -a -s user_u restricteduser