Re: [CentOS] shellinabox
On Tue, Jul 10, 2018 at 02:06:10PM +0100, lejeczek via CentOS wrote: > Anybody else? Anybody has gotten shellinabox working witout modification to > SE policies? I haven't (it looks like a horribly insecure thing) but the source includes selinux policies: https://github.com/shellinabox/shellinabox/tree/master/misc/selinux/shellinabox -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] shellinabox
Anybody else? Anybody has gotten shellinabox working witout modification to SE policies? On 05. juli 2018 16:08, lejeczek via CentOS wrote: hi guys, shellinabox, do you use it? I in pretty vanilla setup get selinux denials and cannot login. Selinux says: #= unconfined_service_t == # The file '/usr/bin/bash' is mislabeled on your system. # Fix with $ restorecon -R -v /usr/bin/bash allow unconfined_service_t unconfined_t:process transition; audit2allow suggests to make a new module or restore /usr/bin/bash type context. Try to restore context first, in many cases it helps on "vanilla" setup. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] shellinabox
On 05. juli 2018 16:08, lejeczek via CentOS wrote: hi guys, shellinabox, do you use it? I in pretty vanilla setup get selinux denials and cannot login. Selinux says: #= unconfined_service_t == # The file '/usr/bin/bash' is mislabeled on your system. # Fix with $ restorecon -R -v /usr/bin/bash allow unconfined_service_t unconfined_t:process transition; audit2allow suggests to make a new module or restore /usr/bin/bash type context. Try to restore context first, in many cases it helps on "vanilla" setup. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] shellinabox
hi guys, shellinabox, do you use it? I in pretty vanilla setup get selinux denials and cannot login. Selinux says: #= unconfined_service_t == # The file '/usr/bin/bash' is mislabeled on your system. # Fix with $ restorecon -R -v /usr/bin/bash allow unconfined_service_t unconfined_t:process transition; but that does not seem right to me, to allow such a transition, right? many thanks, L. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] shellinabox via proxy(apache)
hi guys, cannot get it to work - shellinabox - not being programmer nor selinux sorcerer. shellinabox via apache, when I ausearch it all I get is: #= unconfined_service_t == # The file '/usr/bin/bash' is mislabeled on your system. # Fix with $ restorecon -R -v /usr/bin/bash allow unconfined_service_t unconfined_t:process transition; I have shellinabox in Apache's: AuthType Basic AuthName "some more" AuthBasicProvider PAM AuthPAMService rstudio Require valid-user #Requireall granted ProxyPasshttp://localhost:4200/ using: LoadModule authnz_pam_module modules/mod_authnz_pam.so So all seems to work there between apache & shellinabox. Last bit when you login to shell you get denied. I also see: $ ps -FZp 2909167 --cols 999 LABEL UID PIDPPID CSZ RSS PSR STIME TTY TIME CMD system_u:system_r:unconfined_service_t:s0 shellin+ 2909167 1 0 10785 2740 7 Jun11 ? 00:00:00 /usr/sbin/shellinaboxd -u shellinabox -g shellinabox --cert=/var/lib/shellinabox --port=4200 --localhost-only --disable-ssl So it seems that shellinabox runs unconfined and the centos' policy forbids transitions between unconfined domains. Would that be right? Many thanks, L. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] shellinabox
Sorry for the top post. No time to write about this now, but yes and here is the src rpm with patches to make it work. http://client.pdinc.us/shellinabox-239-4.src.rpm -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Piero Sent: Tuesday, March 27, 2012 16:01 To: CentOS mailing list Subject: [CentOS] shellinabox Hi, is there anyone using shellinabox[1] (Web based AJAX terminal emulator): I'm trying to run it on a Centos 6.2 x86_64 but I cannot past inserting username and I get session closed. Actually I'm using SELINUX in Enforcing mode but nothing strange is logged in /var/log/audit/audit.log. Actually nothing strange is logged anywhere but I still get only session closed after inserting username and pressing enter key. I'm trying to escape a very strong firewall/proxy for the purpose of managing such a Centos box via SSH and, if you know alternatives to shellinabox, I'll be very glad to hear something from you. I already tried corkscrew and tor but both cannot escape firewall/proxy rules. Thanks in advance for your help, Bye Piero [1]http://code.google.com/p/shellinabox/ -- Stupid is as stupid does. Forrest Gump ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] shellinabox
On 03/27/2012 11:20 PM, Piero wrote: normally I would use ssh to reach the server I need to manage but actually I'm working in an environment where internet connection is filtered from firewalls and proxies: in a such place it is not possible to use ssh as its connection is closed as soon as I try to open it. How about changing your SSH listening port to 80? -- RMA. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] shellinabox
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Mihamina Rakotomandimby Sent: Tuesday, April 10, 2012 10:19 To: centos@centos.org Subject: Re: [CentOS] shellinabox On 03/27/2012 11:20 PM, Piero wrote: normally I would use ssh to reach the server I need to manage but actually I'm working in an environment where internet connection is filtered from firewalls and proxies: in a such place it is not possible to use ssh as its connection is closed as soon as I try to open it. How about changing your SSH listening port to 80? That is not security. It does not fix the proxy issue, as ssh is not http. And In many places it would be an IA violation to install ssh client. The list can go on... -- RMA. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] shellinabox
On 27.3.2012 22:01, Piero wrote: is there anyone using shellinabox[1] (Web based AJAX terminal emulator): I'm trying to run it on a Centos 6.2 x86_64 but I cannot past inserting username and I get session closed. Actually I'm using SELINUX in Enforcing mode but nothing strange is logged in /var/log/audit/audit.log. Actually nothing strange is logged anywhere but I still get only session closed after inserting username and pressing enter key. There is an open issue regarding public key authentication: http://code.google.com/p/shellinabox/issues/detail?id=112 If you want to see whats going on increase LogLevel. -- Kind Regards, Markus Falb signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] shellinabox
Hi, is there anyone using shellinabox[1] (Web based AJAX terminal emulator): I'm trying to run it on a Centos 6.2 x86_64 but I cannot past inserting username and I get session closed. Actually I'm using SELINUX in Enforcing mode but nothing strange is logged in /var/log/audit/audit.log. Actually nothing strange is logged anywhere but I still get only session closed after inserting username and pressing enter key. I'm trying to escape a very strong firewall/proxy for the purpose of managing such a Centos box via SSH and, if you know alternatives to shellinabox, I'll be very glad to hear something from you. I already tried corkscrew and tor but both cannot escape firewall/proxy rules. Thanks in advance for your help, Bye Piero [1]http://code.google.com/p/shellinabox/ -- Stupid is as stupid does. Forrest Gump ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] shellinabox
Piero wrote: is there anyone using shellinabox[1] (Web based AJAX terminal emulator): I'm trying to run it on a Centos 6.2 x86_64 but I cannot past inserting username and I get session closed. Actually I'm using SELINUX in Enforcing mode but nothing strange is logged in /var/log/audit/audit.log. Actually nothing strange is logged anywhere but I still get only session closed after inserting username and pressing enter key. I'm trying to escape a very strong firewall/proxy for the purpose of managing such a Centos box via SSH and, if you know alternatives to shellinabox, I'll be very glad to hear something from you. I already tried corkscrew and tor but both cannot escape firewall/proxy rules. Never heard of shellinabox. Why do you need that, rather than, say, xterm or rxvt or konsole? mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] shellinabox
Hi, normally I would use ssh to reach the server I need to manage but actually I'm working in an environment where internet connection is filtered from firewalls and proxies: in a such place it is not possible to use ssh as its connection is closed as soon as I try to open it. Shellinabox is a terminal emulator that works in a browser and this looks like the only possibility I have to reach the server I want to manage. Bye Piero 2012/3/27 m.r...@5-cent.us: Piero wrote: is there anyone using shellinabox[1] (Web based AJAX terminal emulator): I'm trying to run it on a Centos 6.2 x86_64 but I cannot past inserting username and I get session closed. Actually I'm using SELINUX in Enforcing mode but nothing strange is logged in /var/log/audit/audit.log. Actually nothing strange is logged anywhere but I still get only session closed after inserting username and pressing enter key. I'm trying to escape a very strong firewall/proxy for the purpose of managing such a Centos box via SSH and, if you know alternatives to shellinabox, I'll be very glad to hear something from you. I already tried corkscrew and tor but both cannot escape firewall/proxy rules. Never heard of shellinabox. Why do you need that, rather than, say, xterm or rxvt or konsole? mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Stupid is as stupid does. Forrest Gump ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] shellinabox
On 03/27/12 1:20 PM, Piero wrote: normally I would use ssh to reach the server I need to manage but actually I'm working in an environment where internet connection is filtered from firewalls and proxies: in a such place it is not possible to use ssh as its connection is closed as soon as I try to open it. Shellinabox is a terminal emulator that works in a browser and this looks like the only possibility I have to reach the server I want to manage. it may be that your restrictive proxy disallows AJAX communications does gmail and google documents work through this restrictive proxy ? google maps? -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
