Logbook + Scratchpad

Today I was still configuring a Fedora-based server, and I noticed that SELinux was not enabled by default. To make sure not to mess up and lose access to the server, I followed the guide on the Fedora website and I enabled the Permissive mode first, set the files to be relabeled after reboot, and rebooted. After reboot, I checked for errors using this command:

$ ausearch -m AVC,USER_AVC,SELINUX_ERR,USER_SELINUX_ERR -ts recent

I saw one error related to the SSH port, and I learned that I needed to explicitly tell SELinux when SSH runs on a different port (which, in this case, I had changed as part of the setting up process):

$ semanage port -a -t ssh_port_t -p tcp 2222

Having fixed this, I finally set SELinux to Enforcing.

#TIL #tech #sysadmin