Another batch of selinux track notes
Closed this issue · 4 comments
- PWNME - can we make it such that we know we were successful? Maybe can it iterate until it succeeds?
- runcescape - this is quite slow - is it possible to speed it up somehow? maybe by prebaking the container?
- also - in the script there is
dockerused anddnf. That does not compute for me :)dockeris RHEL7 tool,dnfrhel8. - DNS record is slightly different (
cat /etc/hosts), there are no IP adressess - I recommend changing combo "ssh ; getenforce; exit" to
ssh <host> getenforce. It will save some time for the attendees - also, when I did the lab, I got tired of typing / updating those
curlcommandlines. Maybe I would prefer if the lab used bash expansion for these. Likecurl selinux{2,3,5}{,:7070}- is it slightly magical? Maybe. But it will save a lot of time, and you can compare outcomes right away, instead of doing the same operation six times with slightly different outcomes. - 2.3.3.1 is messy - in the paragraph above, you say we will use
selinux2, and then you still touch all machines? - during 2.4.2, when your example says there are permission denied, I have got none - it worked right away. Thus 2.4.2.{3,4,5} were not needed.
-
PWNME - can we make it such that we know we were successful? Maybe can it iterate until it succeeds?
No, problem is that we need to test it first in Enforcing (Where the attack is not sucessful) because container and host became useless after attack. -
runcescape - this is quite slow - is it possible to speed it up somehow? maybe by prebaking the container?
Probably not, container needs to be recreated, beacause of type of attack. -
also - in the script there is docker used and dnf. That does not compute for me :) docker is RHEL7 tool, dnf rhel8.
This demo is based on Fedora (because I was not able to get vulnerable version of docker for RHEL.) -
DNS record is slightly different (cat /etc/hosts), there are no IP adressess
On what system? in selinux1 I see this:
[root@selinux1 ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 selinux2.example.com selinux2 selinux3.example.com selinux3 selinux5.example.com selinux5
-
I recommend changing combo "ssh ; getenforce; exit" to ssh getenforce. It will save some time for the attendees
This is good point, I'll fix that, but hmm maybe it will be confusing for attendees. I'll send PR. Then we can discuss it with Lucy -
also, when I did the lab, I got tired of typing / updating those curl commandlines. Maybe I would prefer if the lab used bash expansion for these. Like curl selinux{2,3,5}{,:7070} - is it slightly magical? Maybe. But it will save a lot of time, and you can compare outcomes right away, instead of doing the same operation six times with slightly different outcomes.
Good point, I'll fix that. -
2.3.3.1 is messy - in the paragraph above, you say we will use selinux2, and then you still touch all machines?
Add fixes. -
during 2.4.2, when your example says there are permission denied, I have got none - it worked right away. Thus 2.4.2.{3,4,5} were not needed.
Are you sure that you provided all the steps? I tested and it worked for me.
DNS record is slightly different (cat /etc/hosts), there are no IP adressess
On what system? in selinux1 I see this:
Yes, this is what I saw in the DNS records as well - in lab track, there are numeric IP addresses.
during 2.4.2, when your example says there are permission denied, I have got none - it worked right away. Thus 2.4.2.{3,4,5} were not needed.
Are you sure that you provided all the steps? I tested and it worked for me.
I don't know :( If it worked for you, I have probably forgot to switch on enforcing or something :)
I'll try it again