# COMMANDS #14 ps -eZ |grep sshd ls -Z /etc/shadow id -Z #15 ls -Z /root/my_secrets getfattr -n security.selinux /root/my_secrets selinuxrun sshd cat /etc/hostname selinuxrun sshd ls /root/my_secrets #28 semodule -d hddtemp for i in `rpm -ql hddtemp`;do restorecon -R -v $i;done systemctl restart hddtemp ps -eZ |grep hddtemp #30 sepolicy generate -n myhddtemp --init `which hddtemp` make -f /usr/share/selinux/deve/Makefile myhddtemp.pp systemctl stop hddtemp semodule -i myhddtemp.pp for i in `rpm -ql hddtemp`;do restorecon -R -v $i;done #32 semodule -l | grep hddtemp ls -Z `which hddtemp` systemctl start hddtemp ps -eZ | grep hddtemp ausearch -m avc -ts recent #33 sed -i s/^permissive/#permissive/ myhddtemp.te make -f /usr/share/selinux/devel/Makefile myhddtemp.pp semodule -i myhddtemp.pp systemctl restart hddtemp systemctl status hddtemp sed -i s/^#permissive/permissive/ myhddtemp.te make -f /usr/share/selinux/devel/Makefile myhddtemp.pp semodule -i myhddtemp.pp systemctl restart hddtemp systemctl status hddtemp #36 ausearch -m avc -ts today | grep myhddtemp | audit2allow -R >> myhddtemp.te make -f /usr/share/selinux/devel/Makefile myhddtemp.pp semodule -i myhddtemp.pp # SELINUX IS ALL ABOUT LABELING ls -Z /usr/sbin/hddtemp systemctl start hddtemp ps -eZ |grep hddtemp chcon -t bin_t /usr/sbin/hddtemp systemctl restart hddtemp ps -eZ |grep hddtemp restorecon -v /usr/sbin/hddtemp systemctl restart hddtemp # HDDTEMP INJECTION ps -eZ |grep hddtemp ls /root/my_secrets cat /etc/hostname setsebool daemons_use_tty on selinuxrun myhddtemp ls /root/my_secrets selinuxrun myhddtemp cat /etc/hostname #44 - backup semodule -r myhddtemp -e hddtemp cd /root make -f /usr/share/selinux/devel/Makefile clean rm -rf myhddtemp* for i in `rpm -ql hddtemp`;do restorecon -R -v $i;done systemctl restart hddtemp semanage permissive -d hddtemp_t # CREATE OWN POLICY AND YOU WILL HELP US ;-)