selinux, semanage and ssh on AWS

Support for security such as Firewalls and securing linux
Post Reply
OrsonGarnsey
Posts: 1
Joined: 2015/04/06 20:58:18

selinux, semanage and ssh on AWS

Post by OrsonGarnsey » 2015/04/06 21:12:32

All,

I've recently migrated my MX setup to AWS from a physical machine running CentOS 7. On that machine, I ran ssh on a non-standard port with selinux in enforcing mode. I.E.:

Code: Select all

semanage port -a -t ssh_port_t -p tcp [port]
I initially had trouble with the above on the AWS instance, because the process would die (Killed.) with an out of memory error. I got around this. Here is the current state:

Code: Select all

ssh_port_t                     tcp      [port], 22
I could connect using port 22 with selinux enabled as described above, but now cannot connect through either port with selinux enabled. Both ports work with selinux in permissive mode.

Any thoughts? Thanks.

Orson Garnsey

User avatar
jyoung
Posts: 102
Joined: 2014/09/22 13:40:31
Location: Nashville, TN, USA

Re: selinux, semanage and ssh on AWS

Post by jyoung » 2015/04/22 18:29:59

OrsonGarnsey wrote:Both ports work with selinux in permissive mode.
If that's the case, are you getting any AVCs that may explain what's going on?

Code: Select all

ausearch -m avc | grep "sshd"
-- Jeremy --

Post Reply

Return to “CentOS 7 - Security Support”