On 08/01/2010 06:35 PM, Dominick Grift wrote: > On 08/01/2010 06:22 PM, Ralph Blach wrote: >> To be specific, I want to run sshd on port 443, and not port 22, because >> of all the hackers probe port 22. >> >> port 443 looks like httpd traffic and therefore is not really supicious. >> >> That is what I need to achieve so i need to modify the corenetwork >> module to do this. >> >> How is this done and where is the source for the core network module? > > Try this: > > mkdir ~/mysshd; cd ~/mysshd; > > cat <mysshd.te > policy_module(mysshd, 1.0.0) > gen_require(` > type shorewall_t; > ') > corenet_tcp_bind_http_ports(sshd_t) > D_G > > That custom policy module should allow sshd to bind tcp sockets to http > ports (including tcp:443) Ofcourse you also have to build and install the custom module: ( below is how that is done in Fedora (RHEL5 requires that you also install selinux-policy-devel to build a module) make -f /usr/share/selinux/devel/Makefile mysshd.pp sudo semodule -i mysshd.pp > > You can find source policy in the source package for your policy. > > Here is the policy browser from upstream: > http://oss.tresys.com/projects/refpolicy/browser > > >> Thanks >> >> Chip >> >> >> >> On 08/01/2010 12:02 PM, Dominick Grift wrote: >>> On 08/01/2010 05:43 PM, Ralph Blach wrote: >>>> I have discovered that ports 443 and 22 are in module tcp. >>>> >>>> How do i rewrite module tcp so that I can configure as I want it. >>>> >>>> Where do I find module tcp? >>>> >>>> I did a semanage port -l | grep 22 and module tcp was listed. >>>> I did the same for port 443 >>>> >>>> Thanks >> >>> ports are declared (defined) in the corenetwork module. This module is >>> part of the base module. modules that are part of the base module are >>> not listed with semodule -l. >> >>> What exactly do you want to achieve? If you are specific about your >>> requirements we can try to help you implement it. >> >>>> Chip >>>> >>>> On 07/27/2010 08:29 PM, Jason Axelson wrote: >>>>> On Tue, Jul 27, 2010 at 2:20 PM, Ralph Blach wrote: >>>>>> how do I use semanage to list the policy modules. >>>> >>>>> Hi Chip, >>>> >>>>> Perhaps you are looking for "semodule -l"? That will list out all the >>>>> installed policy modules (besides base). >>>> >>>>> Jason >>>> >>>> >> >>> -- >>> This message was distributed to subscribers of the selinux mailing list. >>> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov >>> with >>> the words "unsubscribe selinux" without quotes as the message. >> >> >> >