Skip to content

bechampion/vault_selinux

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
init.d
init.d
 
 
README.md
README.md
 
 
vault.conf
vault.conf
 
 
vault.fc
vault.fc
 
 
vault.te
vault.te
 
 

Repository files navigation

to compile

make -f /usr/share/selinux/devel/Makefile

make sure you're have:

yum install libselinux-policy-devel       
yum install selinux-policy-devel.noarch

Some notes: unfortunatelly so far there's now way to do portcon from module policy def , so we need to do it from shell or CIL

so after installing the module with

semodule -i vault.pp

we need to do

semanage port -a -t vault_port_t -p tcp 5200

to tag the port with the type we've created in the policy definition.

To remove the module is tricky too , as the type is defined in the policy

semanage port -d -t vault_port_t -p tcp 5200

and remove the module

semodule -r vault

and you're clean.

Relabel the vault binary with

restorecon -r /usr/sbin/vault

This goes to uncofined when you remove the module so no issues here.

#Init files

cp vault  /etc/init.d
mkdir /etc/vault && cp vault.conf /etc/vault
chkconfig --add vault
systemctl daemon-relad

Usage:

service vault start
service vault stop
service vault status

log files:

  • /var/log/vault.log
  • /var/run/vault.pid

About

Selinux Module for Vault

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages