Comments (7)
Sorry, issue resolved. SELinux need to be disabled or configured.
from flan.
could you share your selinux settings maybe?
:edit:
this should do the trick:
ausearch -c 'mkdir' --raw | audit2allow -M my-mkdir
semodule -X 300 -i my-mkdir.pp
ausearch -c 'run.sh' --raw | audit2allow -M my-runsh
semodule -X 300 -i my-runsh.pp
from flan.
I`ve just used flan in test environment, so i simply disabled it
selinux=disabled instead of selinux=enforcing
from flan.
I`ve just used flan in test environment, so i simply disabled it
selinux=disabled instead of selinux=enforcing
Well yeah, might be okay for test systems, but is not really an option for many other systems.
I would be interested in keeping this open and maybe add a real fix?
Don't know if this would be out of scope, though?
I actually gave up on this issue last week, because I kept getting avc denials.
from flan.
We can try together to find solution to add it to user manual. I think it would be better option for others. I`ll try your solution and check it.
from flan.
As SvenMW suggested earlier - there is a solution to work with SElinux enforcing mode.
After some investigation
ausearch -c 'mkdir' --raw | audit2allow -M my-mkdir
semodule -X 300 -i my-mkdir.pp
ausearch -c 'nmap' --raw | audit2allow -M my-nmap
semodule -X 300 -i my-nmap.pp
But there were one more issue with sed.
And last one step was:
grep sed /var/log/audit/audit.log | audit2allow -M flan_scan
semodule -X 300 -i flan_scan.pp
Resultant policies are:
flan_scan.te
module flan_scan 1.0;
require {
type container_t;
type usr_t;
class file { rename setattr unlink };
class dir remove_name;
}
#============= container_t ==============
#!!!! This avc is allowed in the current policy
allow container_t usr_t:dir remove_name;
#!!!! This avc is allowed in the current policy
allow container_t usr_t:file setattr;
allow container_t usr_t:file { rename unlink };
my-nmap.te
module my-nmap 1.0;
require {
type usr_t;
type container_t;
class dir add_name;
class file { create write };
}
#============= container_t ==============
#!!!! This avc is allowed in the current policy
allow container_t usr_t:dir add_name;
allow container_t usr_t:file { create write };
my-mkdir.te
module my-mkdir 1.0;
require {
type usr_t;
type container_t;
class dir { add_name create write };
}
#============= container_t ==============
#!!!! This avc is allowed in the current policy
allow container_t usr_t:dir write;
allow container_t usr_t:dir { add_name create };
from flan.
Thank you so much!
I currently can't test, but will do so later.
As I said earlier: My solution was incomplete, so thanks for taking the time to test this.
I also agree this could be put into the manual, as it is environment specific.
from flan.
Related Issues (20)
- Report generation failure HOT 2
- Vulners script does not appear to execute HOT 5
- Error on first run HOT 16
- docker: invalid reference format: repository name must be lowercase. HOT 1
- Produce the report in HTML, not LaTeX. HOT 4
- Set default ips.txt to 192.168.1.0/24. HOT 1
- nmap port not in output for hosts that are down - KeyError HOT 4
- connection error HOT 1
- Error generating report HOT 2
- Feature request
- CVE/IP Exception list
- Issue with IPs in list not resolving
- Help!There is no CVE after scanning...
- Multiple output files
- Project Status? HOT 3
- Issue when deploying on Rasbian HOT 1
- mkdir: can't create directory '/shared/xml_files/2022.02.24-09.54': Permission denied HOT 5
- Feedback and Feature Request - Flan Reporting Data Model and content
- Issue with multiple tables inside port's script
- ⠀ HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from flan.