OpenAM

2018年12月5日水曜日

OpenIG冗長化

Webエージェントをインストールする。Agent URL、Agent Profile nameは１号機、２号機を意識する。

＜例：１号機＞
bash-3.00# ./agentadmin --install
Please read the following License Agreement carefully:
[Press <Enter> to continue...] or [Enter n To Finish]
n
Do you completely agree with all the terms and conditions of this License
Agreement (yes/no): [no]: yes

************************************************************************
Welcome to the OpenSSO Policy Agent for Apache Server.
************************************************************************

Enter the complete path to the directory which is used by Apache Server to
store its configuration Files. This directory uniquely identifies the
Apache Server instance that is secured by this Agent.
[ ? : Help, ! : Exit ]
Enter the Apache Server Config Directory Path [/opt/apache22/conf]: /usr/local/apache2/conf

Enter the URL where the OpenSSO server is running. Please include the
deployment URI also as shown below:
(http://opensso.sample.com:58080/opensso)
[ ? : Help, < : Back, ! : Exit ]
OpenSSO server URL: http://sol10-openam-core.openam.net:8080/openam

Enter the Agent URL as shown below: (http://agent1.sample.com:1234)
[ ? : Help, < : Back, ! : Exit ]
Agent URL: http://sol10-agent-openig1.openam.net:80

Enter the Agent profile name
[ ? : Help, < : Back, ! : Exit ]
Enter the Agent Profile name: Agent001

Enter the path to a file that contains the password to be used for identifying
the Agent.
[ ? : Help, < : Back, ! : Exit ]
Enter the path to the password file: /export/home/webservd/apache22/web_agents/pwd.txt

WARNING:
Agent profile/User: Agent001 does not exist in OpenSSO server! Either "Hit
the Back button, and re-enter the correct agent profile name/user name", or
"Create this agent profile when asked(available only in custom-install)",
or "Continue without validating it because agent profile is in sub realm", or
"Continue without validating/creating it, and manually validate/create
it in OpenSSO server after installation".

＜省略＞
1. Continue with Installation
2. Back to the last interaction
3. Start Over
4. Exit
Please make your selection [1]:
＜省略＞
　
　

bash-3.00# /usr/local/apache2/bin/apachectl -k start
bash-3.00# ps -ef|grep http
    root 1660     1   1 21:55:55 ?           0:00 /usr/local/apache2/bin/httpd -k start
webservd 1663 1660   0 21:55:55 ?           0:00 /usr/local/apache2/bin/httpd -k start
webservd 1662 1660   0 21:55:55 ?           0:00 /usr/local/apache2/bin/httpd -k start
webservd 1665 1660   0 21:55:55 ?           0:00 /usr/local/apache2/bin/httpd -k start
webservd 1661 1660   0 21:55:55 ?           0:00 /usr/local/apache2/bin/httpd -k start
webservd 1664 1660   0 21:55:55 ?           0:00 /usr/local/apache2/bin/httpd -k start
bash-3.00# cd /usr/local/apache2/cgi-bin
bash-3.00# chmod 555 printenv
bash-3.00# vi printenv
＜変更前＞
#!/usr/local/bin/perl

＜変更後＞
#!/usr/bin/perl

以降、２号機も同様（Agent002）に設定が必要。

OpenAM管理コンソールの [アクセス制御] - [/(root)レルム] - [エージェント] タブのWebでエージェントを登録する。

　※エージェント名など、agentadmin --installで設定したものと同じにする必要あり。

次に、OpenAM管理コンソールの [アクセス制御] - [/(root)レルム] - [エージェント] タブのWebでAgent001を選択し、[グローバル]タブの一般より "SSO のみモード" にチェックを入れる。　

次に、OpenAM管理コンソールの [アクセス制御] - [/(root)レルム] - [エージェント] タブのWebでAgent001を選択し、[アプリケーション]タブのセッション属性処理より以下を設定する。　

　セッション属性フェッチモード:HTTP_HEADER

　セッション属性マップ:[UserToken]=username、[sunIdentityUserPassword]=password

次に、OpenAM管理コンソールの [アクセス制御] - [/(root)レルム] - [ポリシー] タブでprintenvを設定する。

　サービスタイプ:URLポリシーエージェント
　名前:printenv
　リソース名:http://sol10-agent-openig1.openam.net/cgi-bin/printenv
　アクション:GET（許可）、POST（許可）

　
　対象:認証済みユーザ

次に、OpenAM管理コンソールの [アクセス制御] - [/(root)レルム] - [認証] タブで「すべてのコア設定」を押下し、認証ポストプロセスクラスでcom.sun.identity.authentication.spi.ReplayPasswdを設定する。

以下のとおり、DES暗号化の鍵を生成する。

bash-3.00# java -classpath /usr/local/apache-tomcat-6.0.35/webapps/openam/WEB-INF/lib/forgerock-util-1.1.0.jar:/usr/local/apache-tomcat-6.0.35/webapps/openam/WEB-INF/lib/openam-core-11.0.0.jar:/usr/local/apache-tomcat-6.0.35/webapps/openam/WEB-INF/lib/openam-shared-11.0.0.jar com.sun.identity.common.DESGenKey
Key ==> FaslPmFi96Q=

　次に、OpenAM管理コンソールの [設定] - [サーバーおよびサイト] - [サーバー名（http://sol10-openam-core.openam.net:8080/openam）] - [高度] タブに以下を追加。

プロパティ名：com.sun.am.replaypasswd.key
プロパティ値：FaslPmFi96Q=

apacheを再起動する。

bash-3.00# /usr/local/apache2/bin/apachectl -k stop
bash-3.00# /usr/local/apache2/bin/apachectl -k start
bash-3.00# ps -ef|grep http
webservd 1806 1805   0 22:52:10 ?           0:00 /usr/local/apache2/bin/httpd -k start
    root 1805     1   1 22:52:10 ?           0:00 /usr/local/apache2/bin/httpd -k start
webservd 1808 1805   0 22:52:10 ?           0:00 /usr/local/apache2/bin/httpd -k start
webservd 1807 1805   0 22:52:10 ?           0:00 /usr/local/apache2/bin/httpd -k start
webservd 1809 1805   0 22:52:10 ?           0:00 /usr/local/apache2/bin/httpd -k start
webservd 1810 1805   0 22:52:10 ?           0:00 /usr/local/apache2/bin/httpd -k start

http://sol10-agent-openig1.openam.net:80/cgi-bin/printenv　またはhttp://sol10-agent-openig2.openam.net:80/cgi-bin/printenv　にアクセスして、demo/changeitで認証する。HTTP_USERNAME、HTTP_PASSWORDが表示されることを確認する。

2016年3月2日水曜日

Raspberry Pi2

とりあえず、秋葉原で以下を購入。

・MicroSD(16GB)×２

・ケース

・Wifiドングル

・Raspberry Pi 2 モデルB

https://www.raspberrypi.org/downloads/ からNOOBSを選択し、https://www.raspberrypi.org/downloads/noobs/へ。[Download ZIP] をクリック。NOOBS_v1_8_0.zipをMicroSDカードのMドライブ直下にコピーする。defaultフォルダやosフォルダ等が作成される。

2016年2月14日日曜日

SELinux(slapd)

# ls --context /usr/sbin/slapcat
lrwxrwxrwx. root root system_u:object_r:bin_t:s0       /usr/sbin/slapcat -> slapd

slapcatはシンボリックリンク。これはbin_tドメインで動作することを示している。
slapcatはroot権限があると全データが取り出せてしまう。これを防止したい。
やり方としてはSELinuxを適用し、かつslapcat.cをコンパイルしない。

# ps --context ax|grep slapd
1903 system_u:system_r:slapd_t:s0    /usr/sbin/slapd -h ldap:/// ldapi:/// -u ldap
3151 unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 grep slapd

slapdプロセスはslapd_tドメインで動作することを示している。

# semodule -l | grep ldap
ldap    1.10.0
# strings /tmp/ldap.pp
ここから
...
/etc/ldap/slapd\.conf    --    system_u:object_r:slapd_etc_t:s0
/etc/openldap/certs(/.*)?    system_u:object_r:slapd_cert_t:s0
/etc/openldap/slapd\.d(/.*)?    system_u:object_r:slapd_db_t:s0
/etc/rc\.d/init\.d/slapd    --    system_u:object_r:slapd_initrc_exec_t:s0
/usr/sbin/slapd        --    system_u:object_r:slapd_exec_t:s0
/var/lib/ldap(/.*)?        system_u:object_r:slapd_db_t:s0
/var/lib/ldap/replog(/.*)?    system_u:object_r:slapd_replog_t:s0
/var/run/ldapi        -s    system_u:object_r:slapd_var_run_t:s0
/var/run/openldap(/.*)?        system_u:object_r:slapd_var_run_t:s0
/var/run/slapd\.args    --    system_u:object_r:slapd_var_run_t:s0
/var/run/slapd\.pid    --    system_u:object_r:slapd_var_run_t:s0
#/var/run/slapd.*    -s    gen_context(system_u:object_r:slapd_var_run_t,s0)
ここまで

# semanage fcontext -l|grep slap
/etc/ldap/slapd\.conf                              regular file       system_u:object_r:slapd_etc_t:s0
/etc/openldap/certs(/.*)?                          all files          system_u:object_r:slapd_cert_t:s0
/etc/openldap/slapd\.d(/.*)?                       all files          system_u:object_r:slapd_db_t:s0
/etc/rc\.d/init\.d/slapd                           regular file       system_u:object_r:slapd_initrc_exec_t:s0
/usr/sbin/ns-slapd                                 regular file       system_u:object_r:dirsrv_exec_t:s0
/usr/sbin/slapd                                    regular file       system_u:object_r:slapd_exec_t:s0
/usr/share/munin/plugins/slapd_.*                  regular file       system_u:object_r:munin_services_plugin_exec_t:s0
/var/lib/ldap(/.*)?                                all files          system_u:object_r:slapd_db_t:s0
/var/lib/ldap/replog(/.*)?                         all files          system_u:object_r:slapd_replog_t:s0
/var/run/ldapi                                     socket             system_u:object_r:slapd_var_run_t:s0
/var/run/openldap(/.*)?                            all files          system_u:object_r:slapd_var_run_t:s0
/var/run/slapd.*                                   socket             system_u:object_r:dirsrv_var_run_t:s0
/var/run/slapd\.args                               regular file       system_u:object_r:slapd_var_run_t:s0
/var/run/slapd\.pid                                regular file       system_u:object_r:slapd_var_run_t:s0
　※/etc/selinux/targeted/contexts/files/file_contextsのファイルの中身の模様。

現時点でモジュールは有効な模様。

この状態でldap_slapcat.teを別モジュールで作る。TEファイルからバイナリ形式のPPファイルという
モジュール・パッケージを作成し、PPファイルをポリシー・ファイルに追加するという手順になる。

# vi ldap_slapcat.te

# cd /usr/share/selinux/devel
# mv /tmp/ldap_slapcat.te .
# make
# semodule -i ldap_slapcat.pp

SELinux(vsftpd)

# yum install vsftpd
Loaded plugins: fastestmirror, priorities, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: ftp.iij.ad.jp
* extras: centos.usonyx.net
* jpackage: ftp.heanet.ie
* updates: centos.usonyx.net
212 packages excluded due to repository priority protections
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package vsftpd.x86_64 0:2.2.2-14.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package          Arch             Version                 Repository      Size
================================================================================
Installing:
vsftpd           x86_64           2.2.2-14.el6            base           152 k

Transaction Summary
================================================================================
Install       1 Package(s)

Total download size: 152 k
Installed size: 332 k
Is this ok [y/N]: y
Downloading Packages:
vsftpd-2.2.2-14.el6.x86_64.rpm                           | 152 kB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : vsftpd-2.2.2-14.el6.x86_64                                   1/1
Verifying : vsftpd-2.2.2-14.el6.x86_64                                   1/1

Installed:
vsftpd.x86_64 0:2.2.2-14.el6

Complete!

# service vsftpd status
vsftpd は停止しています
# chkconfig vsftpd on
# chkconfig --list vsftpd
vsftpd             0:off    1:off    2:on    3:on    4:on    5:on    6:off
# service vsftpd start
vsftpd 用の vsftpd を起動中:                               [ OK ]
# service vsftpd status
vsftpd (pid 4705) を実行中...

C:\WINDOWS\system32>ftp chef-client-selinux.openam.net
chef-client-selinux.openam.net に接続しました。
220 (vsFTPd 2.2.2)
200 Always in UTF8 mode.
ユーザー (chef-client-selinux.openam.net:(none)): goodjob
331 Please specify the password.
パスワード:
500 OOPS: cannot change directory:/home/goodjob
500 OOPS: priv_sock_get_cmd
接続がリモートホストによって閉じられました。
ftp> quit

# getsebool -a | grep ftp
allow_ftpd_anon_write --> off
allow_ftpd_full_access --> off
allow_ftpd_use_cifs --> off
allow_ftpd_use_nfs --> off
ftp_home_dir --> off
ftpd_connect_db --> off
ftpd_use_fusefs --> off
ftpd_use_passive_mode --> off
httpd_enable_ftp_server --> off
tftp_anon_write --> off
tftp_use_cifs --> off
tftp_use_nfs --> off
# setsebool -P ftp_home_dir on
# getsebool -a | grep ftp
allow_ftpd_anon_write --> off
allow_ftpd_full_access --> off
allow_ftpd_use_cifs --> off
allow_ftpd_use_nfs --> off
ftp_home_dir --> on
ftpd_connect_db --> off
ftpd_use_fusefs --> off
ftpd_use_passive_mode --> off
httpd_enable_ftp_server --> off
tftp_anon_write --> off
tftp_use_cifs --> off
tftp_use_nfs --> off

C:\WINDOWS\system32>ftp chef-client-selinux.openam.net
chef-client-selinux.openam.net に接続しました。
220 (vsFTPd 2.2.2)
200 Always in UTF8 mode.
ユーザー (chef-client-selinux.openam.net:(none)): goodjob
331 Please specify the password.
パスワード:
230 Login successful.
ftp> quit

# cd /usr/share/selinux/devel
# audit2allow -i /var/log/audit/audit.log -m vsftpd
～～　ここから　～～
module vsftpd 1.0;

require {
    type slapd_t;
    type bluetooth_conf_t;
    type system_cron_spool_t;
    type portreserve_etc_t;
    type initrc_t;
    type initrc_tmp_t;
    type adjtime_t;
    type insmod_t;
    type locate_t;
    type syslog_conf_t;
    type postfix_master_t;
    type httpd_config_t;
    type modules_conf_t;
    type etc_aliases_t;
    type cupsd_t;
    type NetworkManager_var_lib_t;
    type udev_t;
    type selinux_config_t;
    type nscd_t;
    type hald_t;
    type ftpd_t;
    type prelink_cache_t;
    type auditd_etc_t;
    class process signull;
    class dir { read getattr };
    class file { getattr open };
}

#============= cupsd_t ==============
allow cupsd_t hald_t:process signull;
allow cupsd_t initrc_t:process signull;
allow cupsd_t insmod_t:process signull;
allow cupsd_t nscd_t:process signull;
allow cupsd_t postfix_master_t:process signull;
allow cupsd_t slapd_t:process signull;
allow cupsd_t udev_t:process signull;

#============= ftpd_t ==============

#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'
allow ftpd_t NetworkManager_var_lib_t:dir getattr;

#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'
allow ftpd_t adjtime_t:file getattr;

#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'
allow ftpd_t auditd_etc_t:dir getattr;

#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'
allow ftpd_t bluetooth_conf_t:dir getattr;

#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'
allow ftpd_t etc_aliases_t:file getattr;

#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'
allow ftpd_t httpd_config_t:dir getattr;

#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'
allow ftpd_t modules_conf_t:dir getattr;

#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'
allow ftpd_t portreserve_etc_t:dir getattr;

#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'
allow ftpd_t prelink_cache_t:file getattr;

#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'
allow ftpd_t selinux_config_t:dir read;

#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'
allow ftpd_t syslog_conf_t:dir getattr;

#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'
allow ftpd_t syslog_conf_t:file getattr;

#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'
allow ftpd_t system_cron_spool_t:dir getattr;

#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'
allow ftpd_t system_cron_spool_t:file getattr;

#============= locate_t ==============
allow locate_t initrc_tmp_t:file open;
～～　ここまで　～～

# audit2allow -i /var/log/audit/audit.log -M vsftp
******************** IMPORTANT ***********************
To make this policy package active, execute:

semodule -i vsftp.pp
# ls -l vsftp.*
-rw-r--r--. 1 root root 4732 12月 30 23:48 2015 vsftp.pp
-rw-r--r--. 1 root root 2638 12月 30 23:48 2015 vsftp.te

# semodule -i vsftp.pp
# semodule -l | grep vsftp
vsftp    1.0

SELinuxメモ

任意アクセス制御
　・ファイルの所有者が任意にアクセス権を変更できる
　・rootユーザは任意アクセス制御を無視できる特権を持つ

強制アクセス制御
　・ファイルの所有者であっても、SELinux有効な環境ではファイルのアクセス権を変更できない
　・OS側でシステムコール呼び出しをフックすることで、すべての資源に対するアクセスをチェックできる

例えば、Apache HTTP サーバーが危険にさらされても、特定の SELinux ポリシールールが
攻撃者の対象ディレクトリ（ex.ユーザーのホームディレクトリ）にあるファイルへのアクセスを
許可するように追加・設定されていなければ、攻撃者はそのファイルを読み出すプロセスを使う
ことはでない。

SELinux全般として、以下のURLが参考になる。
http://hondou.homedns.org/pukiwiki/pukiwiki.php?SL62%20SELinux
http://www.ospn.jp/osc2008-nagoya/secureos-ug.pdf
http://www.linuxmania.jp/selinux_introduction_1.html#g151e794
http://www.slideshare.net/ishikawa84g/hbstudy-28-selinuxhandson

以下の３つにより、アクセス制御が行われる。
・TE(Type Enforcement)
　ポリシー本体
・FC(File Context)
　どのファイルにどのラベルを設定するかを記述
・IF(Interface)
　外部モジュールに公開するインタフェース(マクロ)

＜参考＞
SELinuxの組み込みルールの有効/無効状態(boolean)を確認するコマンドツール
# getsebool -a

SELinuxの組み込みルールの有効/無効状態(boolean)を設定するコマンドツール
# getsebool samba_enable_home_dirs
samba_enable_home_dirs --> off
# setsebool -P samba_enable_home_dirs on

SELinux CUIツール
# semanage login -l

ログイン名                     SELinux ユーザー              MLS/MCS 範囲

__default__               unconfined_u              s0-s0:c0.c1023
root                      unconfined_u              s0-s0:c0.c1023
system_u                  system_u                  s0-s0:c0.c1023

# semanage user -l

                ラベリング      MLS/       MLS/
SELinux ユーザー    プレフィックス    MCS レベル    MCS 範囲                         SELinux ロール

git_shell_u     user       s0         s0                             git_shell_r
guest_u         user       s0         s0                             guest_r
root            user       s0         s0-s0:c0.c1023                 staff_r sysadm_r system_r unconfined_r
staff_u         user       s0         s0-s0:c0.c1023                 staff_r sysadm_r system_r unconfined_r
sysadm_u        user       s0         s0-s0:c0.c1023                 sysadm_r
system_u        user       s0         s0-s0:c0.c1023                 system_r unconfined_r
unconfined_u    user       s0         s0-s0:c0.c1023                 system_r unconfined_r
user_u          user       s0         s0                             user_r
xguest_u        user       s0         s0                             xguest_r

# semanage port -l
SELinux ポートタイプ                 プロト      ポート番号

afs_bos_port_t                 udp      7007
afs_client_port_t              udp      7001
afs_fs_port_t                  tcp      2040
afs_fs_port_t                  udp      7000, 7005
afs_ka_port_t                  udp      7004
afs_pt_port_t                  udp      7002
afs_vl_port_t                  udp      7003
agentx_port_t                  tcp      705
agentx_port_t                  udp      705
amanda_port_t                  tcp      10080-10083
amanda_port_t                  udp      10080-10082
amavisd_recv_port_t            tcp      10024
amavisd_send_port_t            tcp      10025
amqp_port_t                    tcp      5671, 5672
amqp_port_t                    udp      5671, 5672
aol_port_t                     tcp      5190-5193
aol_port_t                     udp      5190-5193
apcupsd_port_t                 tcp      3551
apcupsd_port_t                 udp      3551
apertus_ldp_port_t             tcp      539
apertus_ldp_port_t             udp      539
asterisk_port_t                tcp      1720
asterisk_port_t                udp      2427, 2727, 4569
audit_port_t                   tcp      60
auth_port_t                    tcp      113
bgp_port_t                     tcp      179, 2605
bgp_port_t                     udp      179, 2605
boinc_port_t                   tcp      31416
certmaster_port_t              tcp      51235
chronyd_port_t                 udp      323
clamd_port_t                   tcp      3310
clockspeed_port_t              udp      4041
cluster_port_t                 tcp      5149, 40040, 50006-50008
cluster_port_t                 udp      5149, 50006-50008
cma_port_t                     tcp      1050
cma_port_t                     udp      1050
cobbler_port_t                 tcp      25151
commplex_port_t                tcp      5000, 5001
commplex_port_t                udp      5000, 5001
comsat_port_t                  udp      512
condor_port_t                  tcp      9618
condor_port_t                  udp      9618
ctdb_port_t                    tcp      4379
ctdb_port_t                    udp      4379
cvs_port_t                     tcp      2401
cvs_port_t                     udp      2401
cyphesis_port_t                tcp      6767, 6769, 6780-6799
cyphesis_port_t                udp      32771
dbskkd_port_t                  tcp      1178
dcc_port_t                     udp      6276, 6277
dccm_port_t                    tcp      5679
dccm_port_t                    udp      5679
dhcpc_port_t                   tcp      68, 546
dhcpc_port_t                   udp      68, 546
dhcpd_port_t                   tcp      547, 548, 647, 847, 7911
dhcpd_port_t                   udp      67, 547, 548, 647, 847
dict_port_t                    tcp      2628
distccd_port_t                 tcp      3632
dns_port_t                     tcp      53
dns_port_t                     udp      53
dogtag_port_t                  tcp      7390
dspam_port_t                   tcp      10026
epmap_port_t                   tcp      135
epmap_port_t                   udp      135
festival_port_t                tcp      1314
fingerd_port_t                 tcp      79
flash_port_t                   tcp      843, 1935
flash_port_t                   udp      1935
florence_port_t                tcp      1228
florence_port_t                udp      1228
ftp_data_port_t                tcp      20
ftp_port_t                     tcp      21, 990
ftp_port_t                     udp      990
gatekeeper_port_t              tcp      1721, 7000
gatekeeper_port_t              udp      1718, 1719
giftd_port_t                   tcp      1213
git_port_t                     tcp      9418
git_port_t                     udp      9418
glance_port_t                  tcp      9292
glance_port_t                  udp      9292
glance_registry_port_t         tcp      9191
glance_registry_port_t         udp      9191
gopher_port_t                  tcp      70
gopher_port_t                  udp      70
gpsd_port_t                    tcp      2947
hddtemp_port_t                 tcp      7634
hi_reserved_port_t             tcp      512-1023
hi_reserved_port_t             udp      512-1023
howl_port_t                    tcp      5335
howl_port_t                    udp      5353
hplip_port_t                   tcp      1782, 2207, 2208, 8290, 50000, 50002, 8292, 9100, 9101, 9102, 9220, 9221, 9222, 9280, 9281, 9282, 9290, 9291
http_cache_port_t              tcp      3128, 8080, 8118, 8123, 10001-10010
http_cache_port_t              udp      3130
http_port_t                    tcp      80, 81, 443, 488, 8008, 8009, 8443, 9000
i18n_input_port_t              tcp      9010
imaze_port_t                   tcp      5323
imaze_port_t                   udp      5323
inetd_child_port_t             tcp      1, 7, 9, 13, 19, 37, 512, 543, 544, 891, 892, 2105, 5666
inetd_child_port_t             udp      1, 7, 9, 13, 19, 37, 891, 892
innd_port_t                    tcp      119
ionixnetmon_port_t             tcp      7410
ionixnetmon_port_t             udp      7410
ipmi_port_t                    udp      623, 664
ipp_port_t                     tcp      631, 8610-8614
ipp_port_t                     udp      631, 8610-8614
ipsecnat_port_t                tcp      4500
ipsecnat_port_t                udp      4500
ircd_port_t                    tcp      6667
isakmp_port_t                  udp      500
iscsi_port_t                   tcp      3260
isns_port_t                    tcp      3205
isns_port_t                    udp      3205
jabber_client_port_t           tcp      5222, 5223
jabber_interserver_port_t      tcp      5269
jabber_router_port_t           tcp      5347
jacorb_port_t                  tcp      3528, 3529
jboss_debug_port_t             tcp      8787
jboss_management_port_t        tcp      4712, 4447, 7600, 9123, 9990, 9999, 18001
jboss_management_port_t        udp      4712, 9123
jboss_messaging_port_t         tcp      5445, 5455
kerberos_admin_port_t          tcp      749
kerberos_master_port_t         tcp      4444
kerberos_master_port_t         udp      4444
kerberos_password_port_t       tcp      464
kerberos_password_port_t       udp      464
kerberos_port_t                tcp      88, 750
kerberos_port_t                udp      88, 750
kismet_port_t                  tcp      2501
kprop_port_t                   tcp      754
ktalkd_port_t                  udp      517, 518
l2tp_port_t                    tcp      1701
l2tp_port_t                    udp      1701
ldap_port_t                    tcp      389, 636, 3268
ldap_port_t                    udp      389, 636
lirc_port_t                    tcp      8765
lmtp_port_t                    tcp      24
lmtp_port_t                    udp      24
luci_port_t                    tcp      8084
mail_port_t                    tcp      2000, 3905
matahari_port_t                tcp      49000
matahari_port_t                udp      49000
memcache_port_t                tcp      11211
memcache_port_t                udp      11211
milter_port_t                  tcp      8891, 8893
mmcc_port_t                    tcp      5050
mmcc_port_t                    udp      5050
mongod_port_t                  tcp      27017-27019, 28017-28019
monopd_port_t                  tcp      1234
movaz_ssc_port_t               tcp      5252
mpd_port_t                     tcp      6600
msnp_port_t                    tcp      1863
msnp_port_t                    udp      1863
mssql_port_t                   tcp      1433, 1434
mssql_port_t                   udp      1433, 1434
munin_port_t                   tcp      4949
munin_port_t                   udp      4949
mysqld_port_t                  tcp      1186, 3306, 63132-63164
mysqlmanagerd_port_t           tcp      2273
nessus_port_t                  tcp      1241
netport_port_t                 tcp      3129
netport_port_t                 udp      3129
netsupport_port_t              tcp      5404, 5405
netsupport_port_t              udp      5404, 5405
nmbd_port_t                    udp      137, 138
nodejs_debug_port_t            tcp      5858
nodejs_debug_port_t            udp      5858
ntop_port_t                    tcp      3000, 3001
ntop_port_t                    udp      3000, 3001
ntp_port_t                     udp      123
ocsp_port_t                    tcp      9080
openhpid_port_t                tcp      4743
openhpid_port_t                udp      4743
openvpn_port_t                 tcp      1194
openvpn_port_t                 udp      1194
oracle_port_t                  tcp      1521, 2483, 2484
oracle_port_t                  udp      1521, 2483, 2484
pegasus_http_port_t            tcp      5988
pegasus_https_port_t           tcp      5989
pgpkeyserver_port_t            tcp      11371
pgpkeyserver_port_t            udp      11371
pingd_port_t                   tcp      9125
piranha_port_t                 tcp      3636
pki_ca_port_t                  tcp      829, 9180, 9701, 9443-9447
pki_kra_port_t                 tcp      10180, 10701, 10443-10446
pki_ocsp_port_t                tcp      11180, 11701, 11443-11446
pki_ra_port_t                  tcp      12888, 12889
pki_tks_port_t                 tcp      13180, 13701, 13443-13446
pki_tps_port_t                 tcp      7888, 7889
pktcable_port_t                tcp      2126, 3198
pktcable_port_t                udp      2126, 3198
pop_port_t                     tcp      106, 109, 110, 143, 220, 993, 995, 1109
portmap_port_t                 tcp      111
portmap_port_t                 udp      111
postfix_policyd_port_t         tcp      10031
postgresql_port_t              tcp      5432
postgrey_port_t                tcp      60000
prelude_port_t                 tcp      4690
prelude_port_t                 udp      4690
presence_port_t                tcp      5298
presence_port_t                udp      5298
printer_port_t                 tcp      515
ptal_port_t                    tcp      5703
pulseaudio_port_t              tcp      4713
pulseaudio_port_t              udp      4713
puppet_port_t                  tcp      8140
pxe_port_t                     udp      4011
pyzor_port_t                   udp      24441
quantum_port_t                 tcp      9696
radacct_port_t                 udp      1646, 1813
radius_port_t                  udp      1645, 1812
radsec_port_t                  tcp      2083
razor_port_t                   tcp      2703
repository_port_t              tcp      6363
ricci_modcluster_port_t        tcp      16851
ricci_modcluster_port_t        udp      16851
ricci_port_t                   tcp      11111
ricci_port_t                   udp      11111
rlogind_port_t                 tcp      513
rndc_port_t                    tcp      953, 8953
router_port_t                  tcp      521
router_port_t                  udp      520, 521
rsh_port_t                     tcp      514
rsync_port_t                   tcp      873
rsync_port_t                   udp      873
rwho_port_t                    udp      513
sap_port_t                     tcp      9875
sap_port_t                     udp      9875
saphostctrl_port_t             tcp      1128, 1129
sieve_port_t                   tcp      4190
sip_port_t                     tcp      5060, 5061
sip_port_t                     udp      5060, 5061
sixxsconfig_port_t             tcp      3874
sixxsconfig_port_t             udp      3874
smbd_port_t                    tcp      137-139, 445
smtp_port_t                    tcp      25, 465, 587
snmp_port_t                    tcp      161-162, 199, 1161
snmp_port_t                    udp      161-162
soundd_port_t                  tcp      8000, 9433, 16001
spamd_port_t                   tcp      783
speech_port_t                  tcp      8036
squid_port_t                   tcp      3401, 4827
squid_port_t                   udp      3401, 4827
ssh_port_t                     tcp      22
streaming_port_t               tcp      1755
streaming_port_t               udp      1755
svn_port_t                     tcp      3690
svn_port_t                     udp      3690
swat_port_t                    tcp      901
sype_port_t                    tcp      9911
sype_port_t                    udp      9911
syslogd_port_t                 tcp      6514
syslogd_port_t                 udp      514, 6514
telnetd_port_t                 tcp      23
tftp_port_t                    udp      69
tor_port_t                     tcp      6969, 9001, 9030, 9051
tor_socks_port_t               tcp      9050
traceroute_port_t              udp      64000-64010
transproxy_port_t              tcp      8081
ups_port_t                     tcp      3493
uucpd_port_t                   tcp      540
varnishd_port_t                tcp      6081, 6082
virt_migration_port_t          tcp      49152-49216
virt_port_t                    tcp      16509, 16514
virt_port_t                    udp      16509, 16514
vnc_port_t                     tcp      5900-5999
wccp_port_t                    udp      2048
websm_port_t                   tcp      9090
websm_port_t                   udp      9090
whois_port_t                   tcp      43, 4321
whois_port_t                   udp      43, 4321
winshadow_port_t               tcp      3261
winshadow_port_t               udp      3261
xdmcp_port_t                   tcp      177
xdmcp_port_t                   udp      177
xen_port_t                     tcp      8002
xfs_port_t                     tcp      7100
xserver_port_t                 tcp      6000-6150
zabbix_agent_port_t            tcp      10050
zabbix_port_t                  tcp      10051
zarafa_port_t                  tcp      236, 237
zebra_port_t                   tcp      2600-2604, 2606
zebra_port_t                   udp      2600-2604, 2606
zented_port_t                  tcp      1229
zented_port_t                  udp      1229
zope_port_t                    tcp      8021

# ps -eZ
LABEL                             PID TTY          TIME CMD
system_u:system_r:init_t:s0         1 ?        00:00:01 init
system_u:system_r:kernel_t:s0       2 ?        00:00:00 kthreadd
system_u:system_r:kernel_t:s0       3 ?        00:00:00 migration/0
system_u:system_r:kernel_t:s0       4 ?        00:00:00 ksoftirqd/0
system_u:system_r:kernel_t:s0       5 ?        00:00:00 migration/0
system_u:system_r:kernel_t:s0       6 ?        00:00:00 watchdog/0
system_u:system_r:kernel_t:s0       7 ?        00:00:03 events/0
system_u:system_r:kernel_t:s0       8 ?        00:00:00 cgroup
system_u:system_r:kernel_t:s0       9 ?        00:00:00 khelper
system_u:system_r:kernel_t:s0      10 ?        00:00:00 netns
system_u:system_r:kernel_t:s0      11 ?        00:00:00 async/mgr
system_u:system_r:kernel_t:s0      12 ?        00:00:00 pm
system_u:system_r:kernel_t:s0      13 ?        00:00:00 sync_supers
system_u:system_r:kernel_t:s0      14 ?        00:00:00 bdi-default
system_u:system_r:kernel_t:s0      15 ?        00:00:00 kintegrityd/0
system_u:system_r:kernel_t:s0      16 ?        00:00:00 kblockd/0
system_u:system_r:kernel_t:s0      17 ?        00:00:00 kacpid
system_u:system_r:kernel_t:s0      18 ?        00:00:00 kacpi_notify
system_u:system_r:kernel_t:s0      19 ?        00:00:00 kacpi_hotplug
system_u:system_r:kernel_t:s0      20 ?        00:00:00 ata_aux
system_u:system_r:kernel_t:s0      21 ?        00:00:01 ata_sff/0
system_u:system_r:kernel_t:s0      22 ?        00:00:00 ksuspend_usbd
system_u:system_r:kernel_t:s0      23 ?        00:00:00 khubd
system_u:system_r:kernel_t:s0      24 ?        00:00:00 kseriod
system_u:system_r:kernel_t:s0      25 ?        00:00:00 md/0
system_u:system_r:kernel_t:s0      26 ?        00:00:00 md_misc/0
system_u:system_r:kernel_t:s0      27 ?        00:00:00 linkwatch
system_u:system_r:kernel_t:s0      28 ?        00:00:00 khungtaskd
system_u:system_r:kernel_t:s0      29 ?        00:00:00 kswapd0
system_u:system_r:kernel_t:s0      30 ?        00:00:00 ksmd
system_u:system_r:kernel_t:s0      31 ?        00:00:00 khugepaged
system_u:system_r:kernel_t:s0      32 ?        00:00:00 aio/0
system_u:system_r:kernel_t:s0      33 ?        00:00:00 crypto/0
system_u:system_r:kernel_t:s0      38 ?        00:00:00 kthrotld/0
system_u:system_r:kernel_t:s0      39 ?        00:00:00 pciehpd
system_u:system_r:kernel_t:s0      41 ?        00:00:00 kpsmoused
system_u:system_r:kernel_t:s0      42 ?        00:00:00 usbhid_resumer
system_u:system_r:kernel_t:s0      72 ?        00:00:00 kstriped
system_u:system_r:kernel_t:s0     146 ?        00:00:00 scsi_eh_0
system_u:system_r:kernel_t:s0     147 ?        00:00:00 scsi_eh_1
system_u:system_r:kernel_t:s0     153 ?        00:00:00 mpt_poll_0
system_u:system_r:kernel_t:s0     154 ?        00:00:00 mpt/0
system_u:system_r:kernel_t:s0     171 ?        00:00:00 scsi_eh_2
system_u:system_r:kernel_t:s0     274 ?        00:00:00 jbd2/sda2-8
system_u:system_r:kernel_t:s0     275 ?        00:00:00 ext4-dio-unwrit
system_u:system_r:kernel_t:s0     312 ?        00:00:00 flush-8:0
system_u:system_r:udev_t:s0-s0:c0.c1023 366 ? 00:00:00 udevd
system_u:system_r:kernel_t:s0     788 ?        00:00:00 vmmemctl
system_u:system_r:kernel_t:s0     899 ?        00:00:00 jbd2/sda1-8
system_u:system_r:kernel_t:s0     900 ?        00:00:00 ext4-dio-unwrit
system_u:system_r:kernel_t:s0     944 ?        00:00:00 kauditd
system_u:system_r:initrc_t:s0    1257 ?        00:00:00 vmware-vmblock-
system_u:system_r:initrc_t:s0    1288 ?        00:00:04 vmtoolsd
system_u:system_r:dhcpc_t:s0     1505 ?        00:00:00 dhclient
system_u:system_r:syslogd_t:s0   1623 ?        00:00:00 rsyslogd
system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 1763 ? 00:00:00 dbus-daemon
system_u:system_r:cupsd_t:s0-s0:c0.c1023 1780 ? 00:00:00 cupsd
system_u:system_r:apmd_t:s0      1805 ?        00:00:00 acpid
system_u:system_r:hald_t:s0      1814 ?        00:00:00 hald
system_u:system_r:hald_t:s0      1815 ?        00:00:00 hald-runner
system_u:system_r:hald_t:s0      1856 ?        00:00:00 hald-addon-inpu
system_u:system_r:hald_t:s0      1861 ?        00:00:00 hald-addon-acpi
system_u:system_r:slapd_t:s0     1895 ?        00:00:00 slapd
system_u:system_r:nscd_t:s0      1907 ?        00:00:00 nscd
system_u:system_r:sshd_t:s0-s0:c0.c1023 1933 ? 00:00:00 sshd
system_u:system_r:postfix_master_t:s0 2088 ?   00:00:00 master
system_u:system_r:postfix_qmgr_t:s0 2103 ?     00:00:00 qmgr
system_u:system_r:unconfined_java_t:s0 2156 ? 00:01:35 java
system_u:system_r:abrt_t:s0-s0:c0.c1023 2180 ? 00:00:00 abrtd
system_u:system_r:httpd_t:s0     2188 ?        00:00:00 httpd
system_u:system_r:httpd_t:s0     2197 ?        00:00:00 httpd
system_u:system_r:httpd_t:s0     2198 ?        00:00:00 httpd
system_u:system_r:httpd_t:s0     2199 ?        00:00:00 httpd
system_u:system_r:httpd_t:s0     2200 ?        00:00:00 httpd
system_u:system_r:httpd_t:s0     2201 ?        00:00:00 httpd
system_u:system_r:httpd_t:s0     2202 ?        00:00:00 httpd
system_u:system_r:httpd_t:s0     2203 ?        00:00:00 httpd
system_u:system_r:httpd_t:s0     2204 ?        00:00:00 httpd
system_u:system_r:crond_t:s0-s0:c0.c1023 2205 ? 00:00:00 crond
system_u:system_r:crond_t:s0-s0:c0.c1023 2219 ? 00:00:00 atd
system_u:system_r:xdm_t:s0-s0:c0.c1023 2246 ? 00:00:00 gdm-binary
system_u:system_r:getty_t:s0     2251 tty2     00:00:00 mingetty
system_u:system_r:getty_t:s0     2253 tty3     00:00:00 mingetty
system_u:system_r:getty_t:s0     2255 tty4     00:00:00 mingetty
system_u:system_r:getty_t:s0     2257 tty5     00:00:00 mingetty
system_u:system_r:getty_t:s0     2265 tty6     00:00:00 mingetty
system_u:system_r:udev_t:s0-s0:c0.c1023 2266 ? 00:00:00 udevd
system_u:system_r:udev_t:s0-s0:c0.c1023 2267 ? 00:00:00 udevd
system_u:system_r:xdm_t:s0-s0:c0.c1023 2278 ? 00:00:00 gdm-simple-slav
system_u:system_r:xserver_t:s0-s0:c0.c1023 2286 tty1 00:00:18 Xorg
system_u:system_r:consolekit_t:s0-s0:c0.c1023 2302 ? 00:00:00 console-kit-dae
system_u:system_r:xdm_t:s0-s0:c0.c1023 2372 ? 00:00:00 dbus-launch
system_u:system_r:devicekit_power_t:s0-s0:c0.c1023 2378 ? 00:00:00 devkit-power-
system_u:system_r:policykit_t:s0-s0:c0.c1023 2422 ? 00:00:00 polkitd
system_u:system_r:rtkit_daemon_t:s0-s0:c0.c1023 2433 ? 00:00:00 rtkit-daemon
system_u:system_r:xdm_t:s0-s0:c0.c1023 2439 ? 00:00:00 gdm-session-wor
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2450 ? 00:00:00 gnome-keyr
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2460 ? 00:00:00 gnome-sess
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2468 ? 00:00:00 dbus-launc
unconfined_u:unconfined_r:unconfined_dbusd_t:s0-s0:c0.c1023 2469 ? 00:00:00 dbus
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2499 ? 00:00:00 gconfd-2
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2504 ? 00:00:00 gnome-sett
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2512 ? 00:00:00 seahorse-d
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2514 ? 00:00:00 gvfsd
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2527 ? 00:00:00 metacity
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2531 ? 00:00:00 pulseaudio
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2532 ? 00:00:00 gnome-pane
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2539 ? 00:00:00 gconf-help
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2540 ? 00:00:01 nautilus
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2542 ? 00:00:00 bonobo-act
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2553 ? 00:00:00 gvfs-gdu-v
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2554 ? 00:00:00 wnck-apple
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2555 ? 00:00:00 trashapple
system_u:system_r:devicekit_disk_t:s0-s0:c0.c1023 2557 ? 00:00:00 udisks-daemon
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2561 ? 00:00:05 vmtoolsd
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2562 ? 00:00:00 bluetooth-
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2566 ? 00:00:00 polkit-gno
system_u:system_r:devicekit_disk_t:s0-s0:c0.c1023 2570 ? 00:00:01 udisks-daemon
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2571 ? 00:00:00 im-setting
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2573 ? 00:00:00 gpk-update
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2574 ? 00:00:00 gvfsd-tras
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2575 ? 00:00:00 gdu-notifi
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2583 ? 00:00:00 restorecon
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2588 ? 00:00:00 gnome-powe
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2590 ? 00:00:00 gnome-volu
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2596 ? 00:00:00 nm-applet
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2600 ? 00:00:00 python
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2605 ? 00:00:01 gnome-scre
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2628 ? 00:00:00 gvfs-afc-v
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2699 ? 00:00:00 gvfs-gphot
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2791 ? 00:00:00 ibus-daemo
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2794 ? 00:00:00 gconf-im-s
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2795 ? 00:00:00 ibus-gconf
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2797 ? 00:00:00 python
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2799 ? 00:00:00 ibus-x11
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2807 ? 00:00:00 python
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2808 ? 00:00:00 gnote
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2809 ? 00:00:00 notificati
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2810 ? 00:00:00 gdm-user-s
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2812 ? 00:00:00 clock-appl
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2840 ? 00:00:00 gvfsd-burn
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2859 ? 00:00:05 gnome-term
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2867 ? 00:00:00 gnome-pty-
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2868 pts/0 00:00:00 bash
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2887 pts/0 00:00:00 su
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2893 pts/0 00:00:00 bash
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2963 pts/1 00:00:00 bash
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2976 pts/1 00:00:00 su
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2984 pts/1 00:00:00 bash
unconfined_u:system_r:auditd_t:s0 3523 ?       00:00:00 auditd
system_u:system_r:postfix_pickup_t:s0 3714 ?   00:00:00 pickup
system_u:system_r:fprintd_t:s0-s0:c0.c1023 3729 ? 00:00:00 fprintd
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 3733 pts/1 00:00:00 ps

■ポリシー作成のためのパッケージ
# yum install selinux-policy-devel
Loaded plugins: fastestmirror, priorities, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: ftp.iij.ad.jp
* extras: centos.usonyx.net
* jpackage: ftp.heanet.ie
* updates: centos.usonyx.net
212 packages excluded due to repository priority protections
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package selinux-policy.noarch 0:3.7.19-231.el6 will be updated
--> Processing Dependency: selinux-policy = 3.7.19-231.el6 for package: selinux-policy-targeted-3.7.19-231.el6.noarch
--> Processing Dependency: selinux-policy = 3.7.19-231.el6 for package: selinux-policy-targeted-3.7.19-231.el6.noarch
---> Package selinux-policy.noarch 0:3.7.19-279.el6_7.7 will be an update
--> Running transaction check
---> Package selinux-policy-targeted.noarch 0:3.7.19-231.el6 will be updated
---> Package selinux-policy-targeted.noarch 0:3.7.19-279.el6_7.7 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package                    Arch      Version                  Repository Size
================================================================================
Updating:
selinux-policy             noarch    3.7.19-279.el6_7.7       updates    882 k
Updating for dependencies:
selinux-policy-targeted    noarch    3.7.19-279.el6_7.7       updates    3.1 M

Transaction Summary
================================================================================
Upgrade       2 Package(s)

Total download size: 3.9 M
Is this ok [y/N]: y
Downloading Packages:
(1/2): selinux-policy-3.7.19-279.el6_7.7.noarch.rpm      | 882 kB     00:01
(2/2): selinux-policy-targeted-3.7.19-279.el6_7.7.noarch | 3.1 MB     00:03
--------------------------------------------------------------------------------
Total                                           664 kB/s | 3.9 MB     00:06
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Updating   : selinux-policy-3.7.19-279.el6_7.7.noarch                     1/4
Updating   : selinux-policy-targeted-3.7.19-279.el6_7.7.noarch            2/4
****************
Cleanup    : selinux-policy-targeted-3.7.19-231.el6.noarch                3/4
Cleanup    : selinux-policy-3.7.19-231.el6.noarch                         4/4
Verifying : selinux-policy-targeted-3.7.19-279.el6_7.7.noarch            1/4
Verifying : selinux-policy-3.7.19-279.el6_7.7.noarch                     2/4
Verifying : selinux-policy-3.7.19-231.el6.noarch                         3/4
Verifying : selinux-policy-targeted-3.7.19-231.el6.noarch                4/4

Updated:
selinux-policy.noarch 0:3.7.19-279.el6_7.7

Dependency Updated:
selinux-policy-targeted.noarch 0:3.7.19-279.el6_7.7

Complete!

■ポリシー表示のためのパッケージ
# yum -y install setools-gui
Loaded plugins: fastestmirror, priorities, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: www.ftp.ne.jp
* extras: www.ftp.ne.jp
* jpackage: sunsite.informatik.rwth-aachen.de
* updates: www.ftp.ne.jp
212 packages excluded due to repository priority protections
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package setools-gui.x86_64 0:3.3.7-4.el6 will be installed
--> Processing Dependency: setools-libs-tcl = 3.3.7-4.el6 for package: setools-gui-3.3.7-4.el6.x86_64
--> Processing Dependency: tk >= 8.4.9 for package: setools-gui-3.3.7-4.el6.x86_64
--> Processing Dependency: bwidget >= 1.8 for package: setools-gui-3.3.7-4.el6.x86_64
--> Running transaction check
---> Package bwidget.noarch 0:1.8.0-5.1.el6 will be installed
---> Package setools-libs-tcl.x86_64 0:3.3.7-4.el6 will be installed
---> Package tk.x86_64 1:8.5.7-5.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package                 Arch          Version                Repository   Size
================================================================================
Installing:
setools-gui             x86_64        3.3.7-4.el6            base        242 k
Installing for dependencies:
bwidget                 noarch        1.8.0-5.1.el6          base        166 k
setools-libs-tcl        x86_64        3.3.7-4.el6            base        197 k
tk                      x86_64        1:8.5.7-5.el6          base        1.4 M

Transaction Summary
================================================================================
Install       4 Package(s)

Total download size: 2.0 M
Installed size: 7.0 M
Downloading Packages:
(1/4): bwidget-1.8.0-5.1.el6.noarch.rpm                  | 166 kB     00:00
(2/4): setools-gui-3.3.7-4.el6.x86_64.rpm                | 242 kB     00:00
(3/4): setools-libs-tcl-3.3.7-4.el6.x86_64.rpm           | 197 kB     00:00
(4/4): tk-8.5.7-5.el6.x86_64.rpm                         | 1.4 MB     00:01
--------------------------------------------------------------------------------
Total                                           893 kB/s | 2.0 MB     00:02
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : 1:tk-8.5.7-5.el6.x86_64                                      1/4
Installing : bwidget-1.8.0-5.1.el6.noarch                                 2/4
Installing : setools-libs-tcl-3.3.7-4.el6.x86_64                          3/4
Installing : setools-gui-3.3.7-4.el6.x86_64                               4/4
Verifying : setools-gui-3.3.7-4.el6.x86_64                               1/4
Verifying : 1:tk-8.5.7-5.el6.x86_64                                      2/4
Verifying : bwidget-1.8.0-5.1.el6.noarch                                 3/4
Verifying : setools-libs-tcl-3.3.7-4.el6.x86_64                          4/4

Installed:
setools-gui.x86_64 0:3.3.7-4.el6

Dependency Installed:
bwidget.noarch 0:1.8.0-5.1.el6      setools-libs-tcl.x86_64 0:3.3.7-4.el6
tk.x86_64 1:8.5.7-5.el6

Complete!

[root@chef-client-selinux Desktop]# yum -y install setools
Loaded plugins: fastestmirror, priorities, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: www.ftp.ne.jp
* extras: www.ftp.ne.jp
* jpackage: sunsite.informatik.rwth-aachen.de
* updates: www.ftp.ne.jp
base                                                     | 3.7 kB     00:00
extras                                                   | 2.9 kB     00:00
jpackage                                                 | 1.9 kB     00:00
updates                                                  | 3.4 kB     00:00
212 packages excluded due to repository priority protections
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package setools.x86_64 0:3.3.7-4.el6 will be installed
--> Processing Dependency: setools-console = 3.3.7-4.el6 for package: setools-3.3.7-4.el6.x86_64
--> Running transaction check
---> Package setools-console.x86_64 0:3.3.7-4.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package                 Arch           Version              Repository    Size
================================================================================
Installing:
setools                 x86_64         3.3.7-4.el6          base          11 k
Installing for dependencies:
setools-console         x86_64         3.3.7-4.el6          base         328 k

Transaction Summary
================================================================================
Install       2 Package(s)

Total download size: 340 k
Installed size: 872 k
Downloading Packages:
(1/2): setools-3.3.7-4.el6.x86_64.rpm                    | 11 kB     00:00
(2/2): setools-console-3.3.7-4.el6.x86_64.rpm            | 328 kB     00:00
--------------------------------------------------------------------------------
Total                                           825 kB/s | 340 kB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : setools-console-3.3.7-4.el6.x86_64                           1/2
Installing : setools-3.3.7-4.el6.x86_64                                   2/2
Verifying : setools-3.3.7-4.el6.x86_64                                   1/2
Verifying : setools-console-3.3.7-4.el6.x86_64                           2/2

Installed:
setools.x86_64 0:3.3.7-4.el6

Dependency Installed:
setools-console.x86_64 0:3.3.7-4.el6

Complete!

# apol

登録: 投稿 (Atom)