[redhat-lspp] LSPP kickstart config v0.20 released
Klaus Weidner
klaus at atsec.com
Tue Feb 13 07:05:28 UTC 2007
Hello,
a mostly bugfix release. IMPORTANT: the labeled sshd has moved from port
2222 to port 222. The old port was reserved, and it's more secure to use
a low port in any case. Use the following to access it:
ssh -p 222 user at host
The only rule patch left in lspp_policy.te is:
auth_rw_faillog(ftpd_t)
This is a workaround for the following bug which is marked closed but
should IMHO be reopened:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=220085
Known bugs:
mcstransd from mcstrans-0.2.2-1.el5.i386.rpm doesn't seem to be
translating any labels?
Changes (thanks especially to Dan Walsh, Klaus Kiwi, Linda Knippers,
Debbie Velarde, and Matt Anderson for their testing and contributions):
Add "capp-lspp" service to shut down udevd to ensure it's off in
interactive mode
config script: add (optional) pretty PS1 prompt containing role/level
(thanks Matt)
Remove obsolete lspp_policy rules
Declare port 222 (used by labeled sshd) to be ssh_port_t type
Move labeled sshd to port 222 (was on port 2222)
Add "semanage login" and restorecon for admin user creation again.
I recommend updating the following packages from
http://people.redhat.com/dwalsh/SELinux/RHEL5/ and/or
http://people.redhat.com/sgrubb/files/lspp in the postinstall phase:
kernel-2.6.18-6.el5.lspp.64.i686.rpm
kernel-devel-2.6.18-6.el5.lspp.64.i686.rpm
libselinux-1.33.4-4.el5.i386.rpm
libselinux-devel-1.33.4-4.el5.i386.rpm
libselinux-python-1.33.4-4.el5.i386.rpm
mcstrans-0.2.2-1.el5.i386.rpm
openssh-4.3p2-17.el5.i386.rpm
openssh-clients-4.3p2-17.el5.i386.rpm
openssh-server-4.3p2-17.el5.i386.rpm
policycoreutils-1.33.12-4.el5.i386.rpm
policycoreutils-newrole-1.33.12-4.el5.i386.rpm
selinux-policy-2.4.6-37.el5.noarch.rpm
selinux-policy-devel-2.4.6-37.el5.noarch.rpm
selinux-policy-mls-2.4.6-37.el5.noarch.rpm
selinux-policy-strict-2.4.6-37.el5.noarch.rpm
selinux-policy-targeted-2.4.6-37.el5.noarch.rpm
You'll need to run "rpm -Uvh --oldpackage *.rpm" to install them since
the kernel version number looks older than the installed one.
You can also do this once the system is installed. The installer should
work with the plain RC versions.
RPM download:
http://klaus.vh.swiftco.net/lspp/SRPMS/
http://klaus.vh.swiftco.net/lspp/RPMS/noarch/
Git repository:
http://klaus.vh.swiftco.net/lspp/git/
-Klaus
More information about the redhat-lspp
mailing list