custom ssh port - selinux hate me

Support for security such as Firewalls and securing linux
hastar
Posts: 7
Joined: 2017/09/21 13:13:37

custom ssh port - selinux hate me

Postby hastar » 2017/09/21 13:31:46

Hi

never faced before with linux so my question could be stupid. Sorry in advance :).

Yesterday ordered VPS and today been trying to set up my server on centos. I found a lot of similiar manuals like here https://www.globo.tech/learning-center/ ... entos-7/or https://www.liberiangeek.net/2014/11/ch ... -centos-7/ where is written how to change ssh port. And on the step
semanage port -a -t ssh_port_t -p tcp 2222


i got this message

Image
https://ru.imgbb.com/

What is it and how to fix it?

mghe
Posts: 625
Joined: 2015/11/24 12:04:43
Location: Katowice, Poland

Re: custom ssh port - selinux hate me

Postby mghe » 2017/09/21 14:52:31

Probably You have disable SELinux,

Check it:

$ vi /etc/selinux/config

User avatar
TrevorH
Forum Moderator
Posts: 20596
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: custom ssh port - selinux hate me

Postby TrevorH » 2017/09/21 14:54:59

Or your VPS supplied kernel is not a CentOS one and does not have selinux support? What does uname -a say?
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

hastar
Posts: 7
Joined: 2017/09/21 13:13:37

Re: custom ssh port - selinux hate me

Postby hastar » 2017/09/21 16:47:24

Centos 7 100%

Code: Select all

getenforce
Disabled



Code: Select all

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

hunter86_bg
Posts: 735
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: custom ssh port - selinux hate me

Postby hunter86_bg » 2017/09/21 18:21:13

Could you check /proc/cmdline ?

hastar
Posts: 7
Joined: 2017/09/21 13:13:37

Re: custom ssh port - selinux hate me

Postby hastar » 2017/09/21 18:23:55

Code: Select all

BOOT_IMAGE=/vmlinuz-3.10.0-693.2.2.el7.x86_64 root=UUID=8b418802-e75d-4895-b14a-8b95c1fbadb1 ro consoleblank=0 fsck.repair=yes crashkernel=auto selinux=0 rhgb quiet LANG=en_US.UTF-8 elevator=noop

User avatar
TrevorH
Forum Moderator
Posts: 20596
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: custom ssh port - selinux hate me

Postby TrevorH » 2017/09/21 18:38:09

"selinux=0"
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

hastar
Posts: 7
Joined: 2017/09/21 13:13:37

Re: custom ssh port - selinux hate me

Postby hastar » 2017/09/21 18:52:47

That's read only file
does it mean that it will be always disabled on this centos (was installed automaticaly after i ordered vps)? and if i want to enable i have to install another version of centos?

User avatar
TrevorH
Forum Moderator
Posts: 20596
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: custom ssh port - selinux hate me

Postby TrevorH » 2017/09/21 19:22:27

That's the record the kernel keeps of the parameters that were passed to it by grub. To change it, you need to change /boot/grub2/grub.cfg or its EFI equivalent.
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

hastar
Posts: 7
Joined: 2017/09/21 13:13:37

Re: custom ssh port - selinux hate me

Postby hastar » 2017/09/22 08:57:43

hi
at the top of /boot/grub2/grub.cfg :

Code: Select all

# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub2-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#


i opened /etc/default/grub :

Code: Select all

GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="consoleblank=0 fsck.repair=yes crashkernel=auto selinux=0 rhgb quiet"
GRUB_DISABLE_RECOVERY="true"


changed selinux=0 to selinux=1

rebooted system

still geting

Code: Select all

BOOT_IMAGE=/vmlinuz-3.10.0-693.2.2.el7.x86_64 root=UUID=8b418802-e75d-4895-b14a-8b95c1fbadb1 ro consoleblank=0 fsck.repair=yes crashkernel=auto selinux=0 rhgb quiet LANG=en_US.UTF-8 elevator=noop

in /proc/cmdline

even if i delete this parameter selinux=0 from /etc/default/grub