On 08/01/2010 06:41 PM, Dominick Grift wrote: > On 08/01/2010 06:35 PM, Dominick Grift wrote: >> On 08/01/2010 06:22 PM, Ralph Blach wrote: >>> To be specific, I want to run sshd on port 443, and not port 22, because >>> of all the hackers probe port 22. >>> >>> port 443 looks like httpd traffic and therefore is not really supicious. >>> >>> That is what I need to achieve so i need to modify the corenetwork >>> module to do this. >>> >>> How is this done and where is the source for the core network module? >> >> Try this: >> >> mkdir ~/mysshd; cd ~/mysshd; >> >> cat <mysshd.te >> policy_module(mysshd, 1.0.0) >> gen_require(` >> type shorewall_t; And this needs to be .. type sshd_t; .. instead >> ') >> corenet_tcp_bind_http_ports(sshd_t) >> D_G >> >> That custom policy module should allow sshd to bind tcp sockets to http >> ports (including tcp:443) > > Ofcourse you also have to build and install the custom module: > > ( below is how that is done in Fedora (RHEL5 requires that you also > install selinux-policy-devel to build a module) > > make -f /usr/share/selinux/devel/Makefile mysshd.pp > sudo semodule -i mysshd.pp > > >> >> You can find source policy in the source package for your policy. >> >> Here is the policy browser from upstream: >> http://oss.tresys.com/projects/refpolicy/browser >> >> >>> Thanks >>> >>> Chip >>> >>> >>> >>> On 08/01/2010 12:02 PM, Dominick Grift wrote: >>>> On 08/01/2010 05:43 PM, Ralph Blach wrote: >>>>> I have discovered that ports 443 and 22 are in module tcp. >>>>> >>>>> How do i rewrite module tcp so that I can configure as I want it. >>>>> >>>>> Where do I find module tcp? >>>>> >>>>> I did a semanage port -l | grep 22 and module tcp was listed. >>>>> I did the same for port 443 >>>>> >>>>> Thanks >>> >>>> ports are declared (defined) in the corenetwork module. This module is >>>> part of the base module. modules that are part of the base module are >>>> not listed with semodule -l. >>> >>>> What exactly do you want to achieve? If you are specific about your >>>> requirements we can try to help you implement it. >>> >>>>> Chip >>>>> >>>>> On 07/27/2010 08:29 PM, Jason Axelson wrote: >>>>>> On Tue, Jul 27, 2010 at 2:20 PM, Ralph Blach wrote: >>>>>>> how do I use semanage to list the policy modules. >>>>> >>>>>> Hi Chip, >>>>> >>>>>> Perhaps you are looking for "semodule -l"? That will list out all the >>>>>> installed policy modules (besides base). >>>>> >>>>>> Jason >>>>> >>>>> >>> >>>> -- >>>> This message was distributed to subscribers of the selinux mailing list. >>>> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov >>>> with >>>> the words "unsubscribe selinux" without quotes as the message. >>> >>> >>> >> > >