Alternate OpenSSH ports
Stephen Smalley
sds at tycho.nsa.gov
Tue Sep 30 13:18:04 UTC 2008
On Tue, 2008-09-30 at 08:41 -0400, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Arthur Pemberton wrote:
> > On Mon, Sep 29, 2008 at 3:40 PM, Stephen Smalley <sds at tycho.nsa.gov> wrote:
> >> On Mon, 2008-09-29 at 15:31 -0500, Arthur Pemberton wrote:
> >>> I'm getting an denial when I attempt o use port 23 as an additional
> >>> port for sshd. That makes sense. What's the best way to define
> >>> alternate SSHd ports?
> >> semanage port -m -t ssh_port_t -p tcp 23
> >
> >
> >
> > When trying this, I get:
> > sealert -l 819f882a-3d08-41da-bc19-4168c9b8b4cb
> >
> > Even after doing that, I get this on `service sshd restart`:
> > sealert -l 82267d8b-d557-4891-bdb0-26e0feb1e986
> >
> >
> Please send the output from that command, that number is only local to
> your machine.
Wondering if libsemanage does the right thing when the port already
exists in the base policy, as in this case. It should override the base
policy definition with the local one, but I'm not 100% sure it does.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list