__ __ __ __ _____ _ _ _____ _ _ _ | \/ | \ \ / / | __ \ (_) | | / ____| | | | | | \ / |_ __\ V / | |__) | __ ___ ____ _| |_ ___ | (___ | |__ ___| | | | |\/| | '__|> < | ___/ '__| \ \ / / _` | __/ _ \ \___ \| '_ \ / _ \ | | | | | | |_ / . \ | | | | | |\ V / (_| | || __/ ____) | | | | __/ | | |_| |_|_(_)_/ \_\ |_| |_| |_| \_/ \__,_|\__\___| |_____/|_| |_|\___V 2.1 if you need WebShell for Seo everyday contact me on Telegram Telegram Address : @jackleetFor_More_Tools:
#
# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com>
#
# Copyright (C) 2006 Red Hat, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
import gettext
translation=gettext.translation('setroubleshoot-plugins', fallback=True)
_=translation.gettext
from setroubleshoot.util import *
from setroubleshoot.Plugin import Plugin
class plugin(Plugin):
summary = _('''
SELinux prevented the ftp daemon from $ACCESS files stored on a NFS filesystem.
''')
problem_description = _('''
SELinux prevented the ftp daemon from $ACCESS files stored on a NFS filesystem.
NFS (Network Filesystem) is a network filesystem commonly used on Unix / Linux
systems.
The ftp daemon attempted to read one or more files or directories from
a mounted filesystem of this type. As NFS filesystems do not support
fine-grained SELinux labeling, all files and directories in the
filesystem will have the same security context.
If you have not configured the ftp daemon to read files from a NFS filesystem
this access attempt could signal an intrusion attempt.
''')
fix_description = _('''
Changing the "allow_ftpd_use_nfs" boolean to true will allow this access:
"setsebool -P allow_ftpd_use_nfs=1."
''')
fix_cmd = '/usr/sbin/setsebool -P ftpd_use_nfs=1 ftpd_anon_write=1'
rw_fix_description = _(''' Changing the "allow_ftpd_use_nfs" and
"ftpd_anon_write" booleans to true will allow this access:
"setsebool -P allow_ftpd_use_nfs=1 ftpd_anon_write=1".
warning: setting the "ftpd_anon_write" boolean to true will
allow the ftp daemon to write to all public content (files and
directories with type public_content_t) in addition to writing to
files and directories on NFS filesystems. ''')
rw_fix_cmd = '/usr/sbin/setsebool -P ftpd_use_nfs=1 ftpd_anon_write=1'
if_text = _("If you want to allow ftpd to write to nfs file systems")
then_text = _("you must tell SELinux about this")
do_text = '# setsebool -P ftpd_use_nfs=1 ftpd_anon_write=1'
def __init__(self):
Plugin.__init__(self, __name__)
self.fixable = True
self.button_text = _("Enable booleans.")
def analyze(self, avc):
if (avc.matches_source_types(['ftpd_t']) and
avc.matches_target_types(['nfs_t']) and
avc.has_tclass_in(['file', 'dir'])):
# If only read access is requested then only the
# allow_ftp_use_nfs boolean needs to be set. Write
# access also requires the allow_ftpd_anon_write
if avc.all_accesses_are_in(avc.create_file_perms + avc.rw_dir_perms):
return self.report(args=("ftpd_use_nfs", "ftpd_anon_write"))
return None
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| __pycache__ | Folder | 0755 |
|
|
| __init__.py | File | 2 B | 0644 |
|
| allow_anon_write.py | File | 3.25 KB | 0644 |
|
| allow_execheap.py | File | 2.39 KB | 0644 |
|
| allow_execmem.py | File | 3.07 KB | 0644 |
|
| allow_execmod.py | File | 5.41 KB | 0644 |
|
| allow_execstack.py | File | 4.73 KB | 0644 |
|
| allow_ftpd_use_cifs.py | File | 3.41 KB | 0644 |
|
| allow_ftpd_use_nfs.py | File | 3.3 KB | 0644 |
|
| associate.py | File | 2.15 KB | 0644 |
|
| automount_exec_config.py | File | 2.66 KB | 0644 |
|
| bind_ports.py | File | 2.81 KB | 0644 |
|
| catchall.py | File | 2.89 KB | 0644 |
|
| catchall_boolean.py | File | 2.89 KB | 0644 |
|
| catchall_labels.py | File | 2.2 KB | 0644 |
|
| chrome.py | File | 2.6 KB | 0644 |
|
| connect_ports.py | File | 2.68 KB | 0644 |
|
| cvs_data.py | File | 2.58 KB | 0644 |
|
| dac_override.py | File | 2.1 KB | 0644 |
|
| device.py | File | 2.74 KB | 0644 |
|
| disable_ipv6.py | File | 1.62 KB | 0644 |
|
| file.py | File | 3.21 KB | 0644 |
|
| filesystem_associate.py | File | 2.46 KB | 0644 |
|
| httpd_can_sendmail.py | File | 1.93 KB | 0644 |
|
| httpd_unified.py | File | 2.86 KB | 0644 |
|
| httpd_write_content.py | File | 2.11 KB | 0644 |
|
| kernel_modules.py | File | 2.74 KB | 0644 |
|
| leaks.py | File | 2.49 KB | 0644 |
|
| mmap_zero.py | File | 2.33 KB | 0644 |
|
| mounton.py | File | 2.48 KB | 0644 |
|
| mozplugger.py | File | 2.79 KB | 0644 |
|
| mozplugger_remove.py | File | 2.17 KB | 0644 |
|
| openvpn.py | File | 2.76 KB | 0644 |
|
| public_content.py | File | 2.57 KB | 0644 |
|
| qemu_blk_image.py | File | 2.55 KB | 0644 |
|
| qemu_file_image.py | File | 2.88 KB | 0644 |
|
| restorecon.py | File | 5.34 KB | 0644 |
|
| restorecon_source.py | File | 3.01 KB | 0644 |
|
| rsync_data.py | File | 2.53 KB | 0644 |
|
| samba_share.py | File | 2.94 KB | 0644 |
|
| sandbox_connect.py | File | 2.23 KB | 0644 |
|
| selinuxpolicy.py | File | 3.09 KB | 0644 |
|
| setenforce.py | File | 2.39 KB | 0644 |
|
| sshd_root.py | File | 2.08 KB | 0644 |
|
| swapfile.py | File | 2.23 KB | 0644 |
|
| sys_module.py | File | 2.35 KB | 0644 |
|
| sys_resource.py | File | 2.62 KB | 0644 |
|
| vbetool.py | File | 2.52 KB | 0644 |
|
| wine.py | File | 2.92 KB | 0644 |
|
| xen_image.py | File | 2.8 KB | 0644 |
|