[prev in list] [next in list] [prev in thread] [next in thread]
List: fwknop-discuss
Subject: Re: [Fwknop-discuss] SELinux & fwknop
From: Michael Rash <mbr () cipherdyne ! org>
Date: 2008-07-19 3:23:46
Message-ID: 20080719032346.GC14632 () cipherdyne ! org
[Download RAW message or body]
On Jul 18, 2008, Jesper Engman wrote:
> Does anyone have a (short) 360 on fwknop and SELinux? I got fwknop to
> work on the server with SELinux in enforcing mode after the following
> adjustment but I wonder if there is more to it?
>
> chcon -v -R -t iptables_t /var/log/fwknop
>
> There are still SELinux alerts caused by iptables - sockfs stuff.
I don't have a comprehensive list of things to change in SELinux to
ensure that fwknopd functions correctly. Depending on how you configure
fwknopd, it could need to interface with GnuPG, so that might be an
extra wrinkle. Also, assuming that you are running in an SPA mode as
opposed to a port knocking mode, then fwknopd will need to sniff the
network (either promiscuously or not - see the ENABLE_PCAP_PROMISC
variable in /etc/fwknop/fwknop.conf), but it sounds like you already have
that working.
If you generate a set of SELinux rules for fwknop compatibility, and you
don't mind sharing, I would be happy to post the series of steps you
needed to perform on cipherdyne.org.
Thanks,
--
Michael Rash
http://www.cipherdyne.org/
Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Fwknop-discuss mailing list
Fwknop-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic