OpenAM: 2月 2016

2016年2月14日日曜日

SELinux(slapd)

# ls --context /usr/sbin/slapcat
lrwxrwxrwx. root root system_u:object_r:bin_t:s0       /usr/sbin/slapcat -> slapd

slapcatはシンボリックリンク。これはbin_tドメインで動作することを示している。
slapcatはroot権限があると全データが取り出せてしまう。これを防止したい。
やり方としてはSELinuxを適用し、かつslapcat.cをコンパイルしない。

# ps --context ax|grep slapd
1903 system_u:system_r:slapd_t:s0    /usr/sbin/slapd -h ldap:/// ldapi:/// -u ldap
3151 unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 grep slapd

slapdプロセスはslapd_tドメインで動作することを示している。

# semodule -l | grep ldap
ldap    1.10.0
# strings /tmp/ldap.pp
ここから
...
/etc/ldap/slapd\.conf    --    system_u:object_r:slapd_etc_t:s0
/etc/openldap/certs(/.*)?    system_u:object_r:slapd_cert_t:s0
/etc/openldap/slapd\.d(/.*)?    system_u:object_r:slapd_db_t:s0
/etc/rc\.d/init\.d/slapd    --    system_u:object_r:slapd_initrc_exec_t:s0
/usr/sbin/slapd        --    system_u:object_r:slapd_exec_t:s0
/var/lib/ldap(/.*)?        system_u:object_r:slapd_db_t:s0
/var/lib/ldap/replog(/.*)?    system_u:object_r:slapd_replog_t:s0
/var/run/ldapi        -s    system_u:object_r:slapd_var_run_t:s0
/var/run/openldap(/.*)?        system_u:object_r:slapd_var_run_t:s0
/var/run/slapd\.args    --    system_u:object_r:slapd_var_run_t:s0
/var/run/slapd\.pid    --    system_u:object_r:slapd_var_run_t:s0
#/var/run/slapd.*    -s    gen_context(system_u:object_r:slapd_var_run_t,s0)
ここまで

# semanage fcontext -l|grep slap
/etc/ldap/slapd\.conf                              regular file       system_u:object_r:slapd_etc_t:s0
/etc/openldap/certs(/.*)?                          all files          system_u:object_r:slapd_cert_t:s0
/etc/openldap/slapd\.d(/.*)?                       all files          system_u:object_r:slapd_db_t:s0
/etc/rc\.d/init\.d/slapd                           regular file       system_u:object_r:slapd_initrc_exec_t:s0
/usr/sbin/ns-slapd                                 regular file       system_u:object_r:dirsrv_exec_t:s0
/usr/sbin/slapd                                    regular file       system_u:object_r:slapd_exec_t:s0
/usr/share/munin/plugins/slapd_.*                  regular file       system_u:object_r:munin_services_plugin_exec_t:s0
/var/lib/ldap(/.*)?                                all files          system_u:object_r:slapd_db_t:s0
/var/lib/ldap/replog(/.*)?                         all files          system_u:object_r:slapd_replog_t:s0
/var/run/ldapi                                     socket             system_u:object_r:slapd_var_run_t:s0
/var/run/openldap(/.*)?                            all files          system_u:object_r:slapd_var_run_t:s0
/var/run/slapd.*                                   socket             system_u:object_r:dirsrv_var_run_t:s0
/var/run/slapd\.args                               regular file       system_u:object_r:slapd_var_run_t:s0
/var/run/slapd\.pid                                regular file       system_u:object_r:slapd_var_run_t:s0
　※/etc/selinux/targeted/contexts/files/file_contextsのファイルの中身の模様。

現時点でモジュールは有効な模様。

この状態でldap_slapcat.teを別モジュールで作る。TEファイルからバイナリ形式のPPファイルという
モジュール・パッケージを作成し、PPファイルをポリシー・ファイルに追加するという手順になる。

# vi ldap_slapcat.te

# cd /usr/share/selinux/devel
# mv /tmp/ldap_slapcat.te .
# make
# semodule -i ldap_slapcat.pp

SELinux(vsftpd)

# yum install vsftpd
Loaded plugins: fastestmirror, priorities, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: ftp.iij.ad.jp
* extras: centos.usonyx.net
* jpackage: ftp.heanet.ie
* updates: centos.usonyx.net
212 packages excluded due to repository priority protections
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package vsftpd.x86_64 0:2.2.2-14.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package          Arch             Version                 Repository      Size
================================================================================
Installing:
vsftpd           x86_64           2.2.2-14.el6            base           152 k

Transaction Summary
================================================================================
Install       1 Package(s)

Total download size: 152 k
Installed size: 332 k
Is this ok [y/N]: y
Downloading Packages:
vsftpd-2.2.2-14.el6.x86_64.rpm                           | 152 kB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : vsftpd-2.2.2-14.el6.x86_64                                   1/1
Verifying : vsftpd-2.2.2-14.el6.x86_64                                   1/1

Installed:
vsftpd.x86_64 0:2.2.2-14.el6

Complete!

# service vsftpd status
vsftpd は停止しています
# chkconfig vsftpd on
# chkconfig --list vsftpd
vsftpd             0:off    1:off    2:on    3:on    4:on    5:on    6:off
# service vsftpd start
vsftpd 用の vsftpd を起動中:                               [ OK ]
# service vsftpd status
vsftpd (pid 4705) を実行中...

C:\WINDOWS\system32>ftp chef-client-selinux.openam.net
chef-client-selinux.openam.net に接続しました。
220 (vsFTPd 2.2.2)
200 Always in UTF8 mode.
ユーザー (chef-client-selinux.openam.net:(none)): goodjob
331 Please specify the password.
パスワード:
500 OOPS: cannot change directory:/home/goodjob
500 OOPS: priv_sock_get_cmd
接続がリモートホストによって閉じられました。
ftp> quit

# getsebool -a | grep ftp
allow_ftpd_anon_write --> off
allow_ftpd_full_access --> off
allow_ftpd_use_cifs --> off
allow_ftpd_use_nfs --> off
ftp_home_dir --> off
ftpd_connect_db --> off
ftpd_use_fusefs --> off
ftpd_use_passive_mode --> off
httpd_enable_ftp_server --> off
tftp_anon_write --> off
tftp_use_cifs --> off
tftp_use_nfs --> off
# setsebool -P ftp_home_dir on
# getsebool -a | grep ftp
allow_ftpd_anon_write --> off
allow_ftpd_full_access --> off
allow_ftpd_use_cifs --> off
allow_ftpd_use_nfs --> off
ftp_home_dir --> on
ftpd_connect_db --> off
ftpd_use_fusefs --> off
ftpd_use_passive_mode --> off
httpd_enable_ftp_server --> off
tftp_anon_write --> off
tftp_use_cifs --> off
tftp_use_nfs --> off

C:\WINDOWS\system32>ftp chef-client-selinux.openam.net
chef-client-selinux.openam.net に接続しました。
220 (vsFTPd 2.2.2)
200 Always in UTF8 mode.
ユーザー (chef-client-selinux.openam.net:(none)): goodjob
331 Please specify the password.
パスワード:
230 Login successful.
ftp> quit

# cd /usr/share/selinux/devel
# audit2allow -i /var/log/audit/audit.log -m vsftpd
～～　ここから　～～
module vsftpd 1.0;

require {
    type slapd_t;
    type bluetooth_conf_t;
    type system_cron_spool_t;
    type portreserve_etc_t;
    type initrc_t;
    type initrc_tmp_t;
    type adjtime_t;
    type insmod_t;
    type locate_t;
    type syslog_conf_t;
    type postfix_master_t;
    type httpd_config_t;
    type modules_conf_t;
    type etc_aliases_t;
    type cupsd_t;
    type NetworkManager_var_lib_t;
    type udev_t;
    type selinux_config_t;
    type nscd_t;
    type hald_t;
    type ftpd_t;
    type prelink_cache_t;
    type auditd_etc_t;
    class process signull;
    class dir { read getattr };
    class file { getattr open };
}

#============= cupsd_t ==============
allow cupsd_t hald_t:process signull;
allow cupsd_t initrc_t:process signull;
allow cupsd_t insmod_t:process signull;
allow cupsd_t nscd_t:process signull;
allow cupsd_t postfix_master_t:process signull;
allow cupsd_t slapd_t:process signull;
allow cupsd_t udev_t:process signull;

#============= ftpd_t ==============

#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'
allow ftpd_t NetworkManager_var_lib_t:dir getattr;

#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'
allow ftpd_t adjtime_t:file getattr;

#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'
allow ftpd_t auditd_etc_t:dir getattr;

#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'
allow ftpd_t bluetooth_conf_t:dir getattr;

#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'
allow ftpd_t etc_aliases_t:file getattr;

#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'
allow ftpd_t httpd_config_t:dir getattr;

#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'
allow ftpd_t modules_conf_t:dir getattr;

#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'
allow ftpd_t portreserve_etc_t:dir getattr;

#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'
allow ftpd_t prelink_cache_t:file getattr;

#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'
allow ftpd_t selinux_config_t:dir read;

#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'
allow ftpd_t syslog_conf_t:dir getattr;

#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'
allow ftpd_t syslog_conf_t:file getattr;

#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'
allow ftpd_t system_cron_spool_t:dir getattr;

#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'
allow ftpd_t system_cron_spool_t:file getattr;

#============= locate_t ==============
allow locate_t initrc_tmp_t:file open;
～～　ここまで　～～

# audit2allow -i /var/log/audit/audit.log -M vsftp
******************** IMPORTANT ***********************
To make this policy package active, execute:

semodule -i vsftp.pp
# ls -l vsftp.*
-rw-r--r--. 1 root root 4732 12月 30 23:48 2015 vsftp.pp
-rw-r--r--. 1 root root 2638 12月 30 23:48 2015 vsftp.te

# semodule -i vsftp.pp
# semodule -l | grep vsftp
vsftp    1.0

SELinuxメモ

任意アクセス制御
　・ファイルの所有者が任意にアクセス権を変更できる
　・rootユーザは任意アクセス制御を無視できる特権を持つ

強制アクセス制御
　・ファイルの所有者であっても、SELinux有効な環境ではファイルのアクセス権を変更できない
　・OS側でシステムコール呼び出しをフックすることで、すべての資源に対するアクセスをチェックできる

例えば、Apache HTTP サーバーが危険にさらされても、特定の SELinux ポリシールールが
攻撃者の対象ディレクトリ（ex.ユーザーのホームディレクトリ）にあるファイルへのアクセスを
許可するように追加・設定されていなければ、攻撃者はそのファイルを読み出すプロセスを使う
ことはでない。

SELinux全般として、以下のURLが参考になる。
http://hondou.homedns.org/pukiwiki/pukiwiki.php?SL62%20SELinux
http://www.ospn.jp/osc2008-nagoya/secureos-ug.pdf
http://www.linuxmania.jp/selinux_introduction_1.html#g151e794
http://www.slideshare.net/ishikawa84g/hbstudy-28-selinuxhandson

以下の３つにより、アクセス制御が行われる。
・TE(Type Enforcement)
　ポリシー本体
・FC(File Context)
　どのファイルにどのラベルを設定するかを記述
・IF(Interface)
　外部モジュールに公開するインタフェース(マクロ)

＜参考＞
SELinuxの組み込みルールの有効/無効状態(boolean)を確認するコマンドツール
# getsebool -a

SELinuxの組み込みルールの有効/無効状態(boolean)を設定するコマンドツール
# getsebool samba_enable_home_dirs
samba_enable_home_dirs --> off
# setsebool -P samba_enable_home_dirs on

SELinux CUIツール
# semanage login -l

ログイン名                     SELinux ユーザー              MLS/MCS 範囲

__default__               unconfined_u              s0-s0:c0.c1023
root                      unconfined_u              s0-s0:c0.c1023
system_u                  system_u                  s0-s0:c0.c1023

# semanage user -l

                ラベリング      MLS/       MLS/
SELinux ユーザー    プレフィックス    MCS レベル    MCS 範囲                         SELinux ロール

git_shell_u     user       s0         s0                             git_shell_r
guest_u         user       s0         s0                             guest_r
root            user       s0         s0-s0:c0.c1023                 staff_r sysadm_r system_r unconfined_r
staff_u         user       s0         s0-s0:c0.c1023                 staff_r sysadm_r system_r unconfined_r
sysadm_u        user       s0         s0-s0:c0.c1023                 sysadm_r
system_u        user       s0         s0-s0:c0.c1023                 system_r unconfined_r
unconfined_u    user       s0         s0-s0:c0.c1023                 system_r unconfined_r
user_u          user       s0         s0                             user_r
xguest_u        user       s0         s0                             xguest_r

# semanage port -l
SELinux ポートタイプ                 プロト      ポート番号

afs_bos_port_t                 udp      7007
afs_client_port_t              udp      7001
afs_fs_port_t                  tcp      2040
afs_fs_port_t                  udp      7000, 7005
afs_ka_port_t                  udp      7004
afs_pt_port_t                  udp      7002
afs_vl_port_t                  udp      7003
agentx_port_t                  tcp      705
agentx_port_t                  udp      705
amanda_port_t                  tcp      10080-10083
amanda_port_t                  udp      10080-10082
amavisd_recv_port_t            tcp      10024
amavisd_send_port_t            tcp      10025
amqp_port_t                    tcp      5671, 5672
amqp_port_t                    udp      5671, 5672
aol_port_t                     tcp      5190-5193
aol_port_t                     udp      5190-5193
apcupsd_port_t                 tcp      3551
apcupsd_port_t                 udp      3551
apertus_ldp_port_t             tcp      539
apertus_ldp_port_t             udp      539
asterisk_port_t                tcp      1720
asterisk_port_t                udp      2427, 2727, 4569
audit_port_t                   tcp      60
auth_port_t                    tcp      113
bgp_port_t                     tcp      179, 2605
bgp_port_t                     udp      179, 2605
boinc_port_t                   tcp      31416
certmaster_port_t              tcp      51235
chronyd_port_t                 udp      323
clamd_port_t                   tcp      3310
clockspeed_port_t              udp      4041
cluster_port_t                 tcp      5149, 40040, 50006-50008
cluster_port_t                 udp      5149, 50006-50008
cma_port_t                     tcp      1050
cma_port_t                     udp      1050
cobbler_port_t                 tcp      25151
commplex_port_t                tcp      5000, 5001
commplex_port_t                udp      5000, 5001
comsat_port_t                  udp      512
condor_port_t                  tcp      9618
condor_port_t                  udp      9618
ctdb_port_t                    tcp      4379
ctdb_port_t                    udp      4379
cvs_port_t                     tcp      2401
cvs_port_t                     udp      2401
cyphesis_port_t                tcp      6767, 6769, 6780-6799
cyphesis_port_t                udp      32771
dbskkd_port_t                  tcp      1178
dcc_port_t                     udp      6276, 6277
dccm_port_t                    tcp      5679
dccm_port_t                    udp      5679
dhcpc_port_t                   tcp      68, 546
dhcpc_port_t                   udp      68, 546
dhcpd_port_t                   tcp      547, 548, 647, 847, 7911
dhcpd_port_t                   udp      67, 547, 548, 647, 847
dict_port_t                    tcp      2628
distccd_port_t                 tcp      3632
dns_port_t                     tcp      53
dns_port_t                     udp      53
dogtag_port_t                  tcp      7390
dspam_port_t                   tcp      10026
epmap_port_t                   tcp      135
epmap_port_t                   udp      135
festival_port_t                tcp      1314
fingerd_port_t                 tcp      79
flash_port_t                   tcp      843, 1935
flash_port_t                   udp      1935
florence_port_t                tcp      1228
florence_port_t                udp      1228
ftp_data_port_t                tcp      20
ftp_port_t                     tcp      21, 990
ftp_port_t                     udp      990
gatekeeper_port_t              tcp      1721, 7000
gatekeeper_port_t              udp      1718, 1719
giftd_port_t                   tcp      1213
git_port_t                     tcp      9418
git_port_t                     udp      9418
glance_port_t                  tcp      9292
glance_port_t                  udp      9292
glance_registry_port_t         tcp      9191
glance_registry_port_t         udp      9191
gopher_port_t                  tcp      70
gopher_port_t                  udp      70
gpsd_port_t                    tcp      2947
hddtemp_port_t                 tcp      7634
hi_reserved_port_t             tcp      512-1023
hi_reserved_port_t             udp      512-1023
howl_port_t                    tcp      5335
howl_port_t                    udp      5353
hplip_port_t                   tcp      1782, 2207, 2208, 8290, 50000, 50002, 8292, 9100, 9101, 9102, 9220, 9221, 9222, 9280, 9281, 9282, 9290, 9291
http_cache_port_t              tcp      3128, 8080, 8118, 8123, 10001-10010
http_cache_port_t              udp      3130
http_port_t                    tcp      80, 81, 443, 488, 8008, 8009, 8443, 9000
i18n_input_port_t              tcp      9010
imaze_port_t                   tcp      5323
imaze_port_t                   udp      5323
inetd_child_port_t             tcp      1, 7, 9, 13, 19, 37, 512, 543, 544, 891, 892, 2105, 5666
inetd_child_port_t             udp      1, 7, 9, 13, 19, 37, 891, 892
innd_port_t                    tcp      119
ionixnetmon_port_t             tcp      7410
ionixnetmon_port_t             udp      7410
ipmi_port_t                    udp      623, 664
ipp_port_t                     tcp      631, 8610-8614
ipp_port_t                     udp      631, 8610-8614
ipsecnat_port_t                tcp      4500
ipsecnat_port_t                udp      4500
ircd_port_t                    tcp      6667
isakmp_port_t                  udp      500
iscsi_port_t                   tcp      3260
isns_port_t                    tcp      3205
isns_port_t                    udp      3205
jabber_client_port_t           tcp      5222, 5223
jabber_interserver_port_t      tcp      5269
jabber_router_port_t           tcp      5347
jacorb_port_t                  tcp      3528, 3529
jboss_debug_port_t             tcp      8787
jboss_management_port_t        tcp      4712, 4447, 7600, 9123, 9990, 9999, 18001
jboss_management_port_t        udp      4712, 9123
jboss_messaging_port_t         tcp      5445, 5455
kerberos_admin_port_t          tcp      749
kerberos_master_port_t         tcp      4444
kerberos_master_port_t         udp      4444
kerberos_password_port_t       tcp      464
kerberos_password_port_t       udp      464
kerberos_port_t                tcp      88, 750
kerberos_port_t                udp      88, 750
kismet_port_t                  tcp      2501
kprop_port_t                   tcp      754
ktalkd_port_t                  udp      517, 518
l2tp_port_t                    tcp      1701
l2tp_port_t                    udp      1701
ldap_port_t                    tcp      389, 636, 3268
ldap_port_t                    udp      389, 636
lirc_port_t                    tcp      8765
lmtp_port_t                    tcp      24
lmtp_port_t                    udp      24
luci_port_t                    tcp      8084
mail_port_t                    tcp      2000, 3905
matahari_port_t                tcp      49000
matahari_port_t                udp      49000
memcache_port_t                tcp      11211
memcache_port_t                udp      11211
milter_port_t                  tcp      8891, 8893
mmcc_port_t                    tcp      5050
mmcc_port_t                    udp      5050
mongod_port_t                  tcp      27017-27019, 28017-28019
monopd_port_t                  tcp      1234
movaz_ssc_port_t               tcp      5252
mpd_port_t                     tcp      6600
msnp_port_t                    tcp      1863
msnp_port_t                    udp      1863
mssql_port_t                   tcp      1433, 1434
mssql_port_t                   udp      1433, 1434
munin_port_t                   tcp      4949
munin_port_t                   udp      4949
mysqld_port_t                  tcp      1186, 3306, 63132-63164
mysqlmanagerd_port_t           tcp      2273
nessus_port_t                  tcp      1241
netport_port_t                 tcp      3129
netport_port_t                 udp      3129
netsupport_port_t              tcp      5404, 5405
netsupport_port_t              udp      5404, 5405
nmbd_port_t                    udp      137, 138
nodejs_debug_port_t            tcp      5858
nodejs_debug_port_t            udp      5858
ntop_port_t                    tcp      3000, 3001
ntop_port_t                    udp      3000, 3001
ntp_port_t                     udp      123
ocsp_port_t                    tcp      9080
openhpid_port_t                tcp      4743
openhpid_port_t                udp      4743
openvpn_port_t                 tcp      1194
openvpn_port_t                 udp      1194
oracle_port_t                  tcp      1521, 2483, 2484
oracle_port_t                  udp      1521, 2483, 2484
pegasus_http_port_t            tcp      5988
pegasus_https_port_t           tcp      5989
pgpkeyserver_port_t            tcp      11371
pgpkeyserver_port_t            udp      11371
pingd_port_t                   tcp      9125
piranha_port_t                 tcp      3636
pki_ca_port_t                  tcp      829, 9180, 9701, 9443-9447
pki_kra_port_t                 tcp      10180, 10701, 10443-10446
pki_ocsp_port_t                tcp      11180, 11701, 11443-11446
pki_ra_port_t                  tcp      12888, 12889
pki_tks_port_t                 tcp      13180, 13701, 13443-13446
pki_tps_port_t                 tcp      7888, 7889
pktcable_port_t                tcp      2126, 3198
pktcable_port_t                udp      2126, 3198
pop_port_t                     tcp      106, 109, 110, 143, 220, 993, 995, 1109
portmap_port_t                 tcp      111
portmap_port_t                 udp      111
postfix_policyd_port_t         tcp      10031
postgresql_port_t              tcp      5432
postgrey_port_t                tcp      60000
prelude_port_t                 tcp      4690
prelude_port_t                 udp      4690
presence_port_t                tcp      5298
presence_port_t                udp      5298
printer_port_t                 tcp      515
ptal_port_t                    tcp      5703
pulseaudio_port_t              tcp      4713
pulseaudio_port_t              udp      4713
puppet_port_t                  tcp      8140
pxe_port_t                     udp      4011
pyzor_port_t                   udp      24441
quantum_port_t                 tcp      9696
radacct_port_t                 udp      1646, 1813
radius_port_t                  udp      1645, 1812
radsec_port_t                  tcp      2083
razor_port_t                   tcp      2703
repository_port_t              tcp      6363
ricci_modcluster_port_t        tcp      16851
ricci_modcluster_port_t        udp      16851
ricci_port_t                   tcp      11111
ricci_port_t                   udp      11111
rlogind_port_t                 tcp      513
rndc_port_t                    tcp      953, 8953
router_port_t                  tcp      521
router_port_t                  udp      520, 521
rsh_port_t                     tcp      514
rsync_port_t                   tcp      873
rsync_port_t                   udp      873
rwho_port_t                    udp      513
sap_port_t                     tcp      9875
sap_port_t                     udp      9875
saphostctrl_port_t             tcp      1128, 1129
sieve_port_t                   tcp      4190
sip_port_t                     tcp      5060, 5061
sip_port_t                     udp      5060, 5061
sixxsconfig_port_t             tcp      3874
sixxsconfig_port_t             udp      3874
smbd_port_t                    tcp      137-139, 445
smtp_port_t                    tcp      25, 465, 587
snmp_port_t                    tcp      161-162, 199, 1161
snmp_port_t                    udp      161-162
soundd_port_t                  tcp      8000, 9433, 16001
spamd_port_t                   tcp      783
speech_port_t                  tcp      8036
squid_port_t                   tcp      3401, 4827
squid_port_t                   udp      3401, 4827
ssh_port_t                     tcp      22
streaming_port_t               tcp      1755
streaming_port_t               udp      1755
svn_port_t                     tcp      3690
svn_port_t                     udp      3690
swat_port_t                    tcp      901
sype_port_t                    tcp      9911
sype_port_t                    udp      9911
syslogd_port_t                 tcp      6514
syslogd_port_t                 udp      514, 6514
telnetd_port_t                 tcp      23
tftp_port_t                    udp      69
tor_port_t                     tcp      6969, 9001, 9030, 9051
tor_socks_port_t               tcp      9050
traceroute_port_t              udp      64000-64010
transproxy_port_t              tcp      8081
ups_port_t                     tcp      3493
uucpd_port_t                   tcp      540
varnishd_port_t                tcp      6081, 6082
virt_migration_port_t          tcp      49152-49216
virt_port_t                    tcp      16509, 16514
virt_port_t                    udp      16509, 16514
vnc_port_t                     tcp      5900-5999
wccp_port_t                    udp      2048
websm_port_t                   tcp      9090
websm_port_t                   udp      9090
whois_port_t                   tcp      43, 4321
whois_port_t                   udp      43, 4321
winshadow_port_t               tcp      3261
winshadow_port_t               udp      3261
xdmcp_port_t                   tcp      177
xdmcp_port_t                   udp      177
xen_port_t                     tcp      8002
xfs_port_t                     tcp      7100
xserver_port_t                 tcp      6000-6150
zabbix_agent_port_t            tcp      10050
zabbix_port_t                  tcp      10051
zarafa_port_t                  tcp      236, 237
zebra_port_t                   tcp      2600-2604, 2606
zebra_port_t                   udp      2600-2604, 2606
zented_port_t                  tcp      1229
zented_port_t                  udp      1229
zope_port_t                    tcp      8021

# ps -eZ
LABEL                             PID TTY          TIME CMD
system_u:system_r:init_t:s0         1 ?        00:00:01 init
system_u:system_r:kernel_t:s0       2 ?        00:00:00 kthreadd
system_u:system_r:kernel_t:s0       3 ?        00:00:00 migration/0
system_u:system_r:kernel_t:s0       4 ?        00:00:00 ksoftirqd/0
system_u:system_r:kernel_t:s0       5 ?        00:00:00 migration/0
system_u:system_r:kernel_t:s0       6 ?        00:00:00 watchdog/0
system_u:system_r:kernel_t:s0       7 ?        00:00:03 events/0
system_u:system_r:kernel_t:s0       8 ?        00:00:00 cgroup
system_u:system_r:kernel_t:s0       9 ?        00:00:00 khelper
system_u:system_r:kernel_t:s0      10 ?        00:00:00 netns
system_u:system_r:kernel_t:s0      11 ?        00:00:00 async/mgr
system_u:system_r:kernel_t:s0      12 ?        00:00:00 pm
system_u:system_r:kernel_t:s0      13 ?        00:00:00 sync_supers
system_u:system_r:kernel_t:s0      14 ?        00:00:00 bdi-default
system_u:system_r:kernel_t:s0      15 ?        00:00:00 kintegrityd/0
system_u:system_r:kernel_t:s0      16 ?        00:00:00 kblockd/0
system_u:system_r:kernel_t:s0      17 ?        00:00:00 kacpid
system_u:system_r:kernel_t:s0      18 ?        00:00:00 kacpi_notify
system_u:system_r:kernel_t:s0      19 ?        00:00:00 kacpi_hotplug
system_u:system_r:kernel_t:s0      20 ?        00:00:00 ata_aux
system_u:system_r:kernel_t:s0      21 ?        00:00:01 ata_sff/0
system_u:system_r:kernel_t:s0      22 ?        00:00:00 ksuspend_usbd
system_u:system_r:kernel_t:s0      23 ?        00:00:00 khubd
system_u:system_r:kernel_t:s0      24 ?        00:00:00 kseriod
system_u:system_r:kernel_t:s0      25 ?        00:00:00 md/0
system_u:system_r:kernel_t:s0      26 ?        00:00:00 md_misc/0
system_u:system_r:kernel_t:s0      27 ?        00:00:00 linkwatch
system_u:system_r:kernel_t:s0      28 ?        00:00:00 khungtaskd
system_u:system_r:kernel_t:s0      29 ?        00:00:00 kswapd0
system_u:system_r:kernel_t:s0      30 ?        00:00:00 ksmd
system_u:system_r:kernel_t:s0      31 ?        00:00:00 khugepaged
system_u:system_r:kernel_t:s0      32 ?        00:00:00 aio/0
system_u:system_r:kernel_t:s0      33 ?        00:00:00 crypto/0
system_u:system_r:kernel_t:s0      38 ?        00:00:00 kthrotld/0
system_u:system_r:kernel_t:s0      39 ?        00:00:00 pciehpd
system_u:system_r:kernel_t:s0      41 ?        00:00:00 kpsmoused
system_u:system_r:kernel_t:s0      42 ?        00:00:00 usbhid_resumer
system_u:system_r:kernel_t:s0      72 ?        00:00:00 kstriped
system_u:system_r:kernel_t:s0     146 ?        00:00:00 scsi_eh_0
system_u:system_r:kernel_t:s0     147 ?        00:00:00 scsi_eh_1
system_u:system_r:kernel_t:s0     153 ?        00:00:00 mpt_poll_0
system_u:system_r:kernel_t:s0     154 ?        00:00:00 mpt/0
system_u:system_r:kernel_t:s0     171 ?        00:00:00 scsi_eh_2
system_u:system_r:kernel_t:s0     274 ?        00:00:00 jbd2/sda2-8
system_u:system_r:kernel_t:s0     275 ?        00:00:00 ext4-dio-unwrit
system_u:system_r:kernel_t:s0     312 ?        00:00:00 flush-8:0
system_u:system_r:udev_t:s0-s0:c0.c1023 366 ? 00:00:00 udevd
system_u:system_r:kernel_t:s0     788 ?        00:00:00 vmmemctl
system_u:system_r:kernel_t:s0     899 ?        00:00:00 jbd2/sda1-8
system_u:system_r:kernel_t:s0     900 ?        00:00:00 ext4-dio-unwrit
system_u:system_r:kernel_t:s0     944 ?        00:00:00 kauditd
system_u:system_r:initrc_t:s0    1257 ?        00:00:00 vmware-vmblock-
system_u:system_r:initrc_t:s0    1288 ?        00:00:04 vmtoolsd
system_u:system_r:dhcpc_t:s0     1505 ?        00:00:00 dhclient
system_u:system_r:syslogd_t:s0   1623 ?        00:00:00 rsyslogd
system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 1763 ? 00:00:00 dbus-daemon
system_u:system_r:cupsd_t:s0-s0:c0.c1023 1780 ? 00:00:00 cupsd
system_u:system_r:apmd_t:s0      1805 ?        00:00:00 acpid
system_u:system_r:hald_t:s0      1814 ?        00:00:00 hald
system_u:system_r:hald_t:s0      1815 ?        00:00:00 hald-runner
system_u:system_r:hald_t:s0      1856 ?        00:00:00 hald-addon-inpu
system_u:system_r:hald_t:s0      1861 ?        00:00:00 hald-addon-acpi
system_u:system_r:slapd_t:s0     1895 ?        00:00:00 slapd
system_u:system_r:nscd_t:s0      1907 ?        00:00:00 nscd
system_u:system_r:sshd_t:s0-s0:c0.c1023 1933 ? 00:00:00 sshd
system_u:system_r:postfix_master_t:s0 2088 ?   00:00:00 master
system_u:system_r:postfix_qmgr_t:s0 2103 ?     00:00:00 qmgr
system_u:system_r:unconfined_java_t:s0 2156 ? 00:01:35 java
system_u:system_r:abrt_t:s0-s0:c0.c1023 2180 ? 00:00:00 abrtd
system_u:system_r:httpd_t:s0     2188 ?        00:00:00 httpd
system_u:system_r:httpd_t:s0     2197 ?        00:00:00 httpd
system_u:system_r:httpd_t:s0     2198 ?        00:00:00 httpd
system_u:system_r:httpd_t:s0     2199 ?        00:00:00 httpd
system_u:system_r:httpd_t:s0     2200 ?        00:00:00 httpd
system_u:system_r:httpd_t:s0     2201 ?        00:00:00 httpd
system_u:system_r:httpd_t:s0     2202 ?        00:00:00 httpd
system_u:system_r:httpd_t:s0     2203 ?        00:00:00 httpd
system_u:system_r:httpd_t:s0     2204 ?        00:00:00 httpd
system_u:system_r:crond_t:s0-s0:c0.c1023 2205 ? 00:00:00 crond
system_u:system_r:crond_t:s0-s0:c0.c1023 2219 ? 00:00:00 atd
system_u:system_r:xdm_t:s0-s0:c0.c1023 2246 ? 00:00:00 gdm-binary
system_u:system_r:getty_t:s0     2251 tty2     00:00:00 mingetty
system_u:system_r:getty_t:s0     2253 tty3     00:00:00 mingetty
system_u:system_r:getty_t:s0     2255 tty4     00:00:00 mingetty
system_u:system_r:getty_t:s0     2257 tty5     00:00:00 mingetty
system_u:system_r:getty_t:s0     2265 tty6     00:00:00 mingetty
system_u:system_r:udev_t:s0-s0:c0.c1023 2266 ? 00:00:00 udevd
system_u:system_r:udev_t:s0-s0:c0.c1023 2267 ? 00:00:00 udevd
system_u:system_r:xdm_t:s0-s0:c0.c1023 2278 ? 00:00:00 gdm-simple-slav
system_u:system_r:xserver_t:s0-s0:c0.c1023 2286 tty1 00:00:18 Xorg
system_u:system_r:consolekit_t:s0-s0:c0.c1023 2302 ? 00:00:00 console-kit-dae
system_u:system_r:xdm_t:s0-s0:c0.c1023 2372 ? 00:00:00 dbus-launch
system_u:system_r:devicekit_power_t:s0-s0:c0.c1023 2378 ? 00:00:00 devkit-power-
system_u:system_r:policykit_t:s0-s0:c0.c1023 2422 ? 00:00:00 polkitd
system_u:system_r:rtkit_daemon_t:s0-s0:c0.c1023 2433 ? 00:00:00 rtkit-daemon
system_u:system_r:xdm_t:s0-s0:c0.c1023 2439 ? 00:00:00 gdm-session-wor
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2450 ? 00:00:00 gnome-keyr
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2460 ? 00:00:00 gnome-sess
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2468 ? 00:00:00 dbus-launc
unconfined_u:unconfined_r:unconfined_dbusd_t:s0-s0:c0.c1023 2469 ? 00:00:00 dbus
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2499 ? 00:00:00 gconfd-2
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2504 ? 00:00:00 gnome-sett
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2512 ? 00:00:00 seahorse-d
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2514 ? 00:00:00 gvfsd
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2527 ? 00:00:00 metacity
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2531 ? 00:00:00 pulseaudio
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2532 ? 00:00:00 gnome-pane
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2539 ? 00:00:00 gconf-help
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2540 ? 00:00:01 nautilus
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2542 ? 00:00:00 bonobo-act
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2553 ? 00:00:00 gvfs-gdu-v
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2554 ? 00:00:00 wnck-apple
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2555 ? 00:00:00 trashapple
system_u:system_r:devicekit_disk_t:s0-s0:c0.c1023 2557 ? 00:00:00 udisks-daemon
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2561 ? 00:00:05 vmtoolsd
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2562 ? 00:00:00 bluetooth-
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2566 ? 00:00:00 polkit-gno
system_u:system_r:devicekit_disk_t:s0-s0:c0.c1023 2570 ? 00:00:01 udisks-daemon
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2571 ? 00:00:00 im-setting
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2573 ? 00:00:00 gpk-update
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2574 ? 00:00:00 gvfsd-tras
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2575 ? 00:00:00 gdu-notifi
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2583 ? 00:00:00 restorecon
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2588 ? 00:00:00 gnome-powe
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2590 ? 00:00:00 gnome-volu
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2596 ? 00:00:00 nm-applet
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2600 ? 00:00:00 python
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2605 ? 00:00:01 gnome-scre
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2628 ? 00:00:00 gvfs-afc-v
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2699 ? 00:00:00 gvfs-gphot
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2791 ? 00:00:00 ibus-daemo
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2794 ? 00:00:00 gconf-im-s
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2795 ? 00:00:00 ibus-gconf
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2797 ? 00:00:00 python
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2799 ? 00:00:00 ibus-x11
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2807 ? 00:00:00 python
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2808 ? 00:00:00 gnote
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2809 ? 00:00:00 notificati
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2810 ? 00:00:00 gdm-user-s
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2812 ? 00:00:00 clock-appl
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2840 ? 00:00:00 gvfsd-burn
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2859 ? 00:00:05 gnome-term
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2867 ? 00:00:00 gnome-pty-
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2868 pts/0 00:00:00 bash
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2887 pts/0 00:00:00 su
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2893 pts/0 00:00:00 bash
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2963 pts/1 00:00:00 bash
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2976 pts/1 00:00:00 su
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2984 pts/1 00:00:00 bash
unconfined_u:system_r:auditd_t:s0 3523 ?       00:00:00 auditd
system_u:system_r:postfix_pickup_t:s0 3714 ?   00:00:00 pickup
system_u:system_r:fprintd_t:s0-s0:c0.c1023 3729 ? 00:00:00 fprintd
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 3733 pts/1 00:00:00 ps

■ポリシー作成のためのパッケージ
# yum install selinux-policy-devel
Loaded plugins: fastestmirror, priorities, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: ftp.iij.ad.jp
* extras: centos.usonyx.net
* jpackage: ftp.heanet.ie
* updates: centos.usonyx.net
212 packages excluded due to repository priority protections
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package selinux-policy.noarch 0:3.7.19-231.el6 will be updated
--> Processing Dependency: selinux-policy = 3.7.19-231.el6 for package: selinux-policy-targeted-3.7.19-231.el6.noarch
--> Processing Dependency: selinux-policy = 3.7.19-231.el6 for package: selinux-policy-targeted-3.7.19-231.el6.noarch
---> Package selinux-policy.noarch 0:3.7.19-279.el6_7.7 will be an update
--> Running transaction check
---> Package selinux-policy-targeted.noarch 0:3.7.19-231.el6 will be updated
---> Package selinux-policy-targeted.noarch 0:3.7.19-279.el6_7.7 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package                    Arch      Version                  Repository Size
================================================================================
Updating:
selinux-policy             noarch    3.7.19-279.el6_7.7       updates    882 k
Updating for dependencies:
selinux-policy-targeted    noarch    3.7.19-279.el6_7.7       updates    3.1 M

Transaction Summary
================================================================================
Upgrade       2 Package(s)

Total download size: 3.9 M
Is this ok [y/N]: y
Downloading Packages:
(1/2): selinux-policy-3.7.19-279.el6_7.7.noarch.rpm      | 882 kB     00:01
(2/2): selinux-policy-targeted-3.7.19-279.el6_7.7.noarch | 3.1 MB     00:03
--------------------------------------------------------------------------------
Total                                           664 kB/s | 3.9 MB     00:06
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Updating   : selinux-policy-3.7.19-279.el6_7.7.noarch                     1/4
Updating   : selinux-policy-targeted-3.7.19-279.el6_7.7.noarch            2/4
****************
Cleanup    : selinux-policy-targeted-3.7.19-231.el6.noarch                3/4
Cleanup    : selinux-policy-3.7.19-231.el6.noarch                         4/4
Verifying : selinux-policy-targeted-3.7.19-279.el6_7.7.noarch            1/4
Verifying : selinux-policy-3.7.19-279.el6_7.7.noarch                     2/4
Verifying : selinux-policy-3.7.19-231.el6.noarch                         3/4
Verifying : selinux-policy-targeted-3.7.19-231.el6.noarch                4/4

Updated:
selinux-policy.noarch 0:3.7.19-279.el6_7.7

Dependency Updated:
selinux-policy-targeted.noarch 0:3.7.19-279.el6_7.7

Complete!

■ポリシー表示のためのパッケージ
# yum -y install setools-gui
Loaded plugins: fastestmirror, priorities, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: www.ftp.ne.jp
* extras: www.ftp.ne.jp
* jpackage: sunsite.informatik.rwth-aachen.de
* updates: www.ftp.ne.jp
212 packages excluded due to repository priority protections
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package setools-gui.x86_64 0:3.3.7-4.el6 will be installed
--> Processing Dependency: setools-libs-tcl = 3.3.7-4.el6 for package: setools-gui-3.3.7-4.el6.x86_64
--> Processing Dependency: tk >= 8.4.9 for package: setools-gui-3.3.7-4.el6.x86_64
--> Processing Dependency: bwidget >= 1.8 for package: setools-gui-3.3.7-4.el6.x86_64
--> Running transaction check
---> Package bwidget.noarch 0:1.8.0-5.1.el6 will be installed
---> Package setools-libs-tcl.x86_64 0:3.3.7-4.el6 will be installed
---> Package tk.x86_64 1:8.5.7-5.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package                 Arch          Version                Repository   Size
================================================================================
Installing:
setools-gui             x86_64        3.3.7-4.el6            base        242 k
Installing for dependencies:
bwidget                 noarch        1.8.0-5.1.el6          base        166 k
setools-libs-tcl        x86_64        3.3.7-4.el6            base        197 k
tk                      x86_64        1:8.5.7-5.el6          base        1.4 M

Transaction Summary
================================================================================
Install       4 Package(s)

Total download size: 2.0 M
Installed size: 7.0 M
Downloading Packages:
(1/4): bwidget-1.8.0-5.1.el6.noarch.rpm                  | 166 kB     00:00
(2/4): setools-gui-3.3.7-4.el6.x86_64.rpm                | 242 kB     00:00
(3/4): setools-libs-tcl-3.3.7-4.el6.x86_64.rpm           | 197 kB     00:00
(4/4): tk-8.5.7-5.el6.x86_64.rpm                         | 1.4 MB     00:01
--------------------------------------------------------------------------------
Total                                           893 kB/s | 2.0 MB     00:02
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : 1:tk-8.5.7-5.el6.x86_64                                      1/4
Installing : bwidget-1.8.0-5.1.el6.noarch                                 2/4
Installing : setools-libs-tcl-3.3.7-4.el6.x86_64                          3/4
Installing : setools-gui-3.3.7-4.el6.x86_64                               4/4
Verifying : setools-gui-3.3.7-4.el6.x86_64                               1/4
Verifying : 1:tk-8.5.7-5.el6.x86_64                                      2/4
Verifying : bwidget-1.8.0-5.1.el6.noarch                                 3/4
Verifying : setools-libs-tcl-3.3.7-4.el6.x86_64                          4/4

Installed:
setools-gui.x86_64 0:3.3.7-4.el6

Dependency Installed:
bwidget.noarch 0:1.8.0-5.1.el6      setools-libs-tcl.x86_64 0:3.3.7-4.el6
tk.x86_64 1:8.5.7-5.el6

Complete!

[root@chef-client-selinux Desktop]# yum -y install setools
Loaded plugins: fastestmirror, priorities, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: www.ftp.ne.jp
* extras: www.ftp.ne.jp
* jpackage: sunsite.informatik.rwth-aachen.de
* updates: www.ftp.ne.jp
base                                                     | 3.7 kB     00:00
extras                                                   | 2.9 kB     00:00
jpackage                                                 | 1.9 kB     00:00
updates                                                  | 3.4 kB     00:00
212 packages excluded due to repository priority protections
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package setools.x86_64 0:3.3.7-4.el6 will be installed
--> Processing Dependency: setools-console = 3.3.7-4.el6 for package: setools-3.3.7-4.el6.x86_64
--> Running transaction check
---> Package setools-console.x86_64 0:3.3.7-4.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package                 Arch           Version              Repository    Size
================================================================================
Installing:
setools                 x86_64         3.3.7-4.el6          base          11 k
Installing for dependencies:
setools-console         x86_64         3.3.7-4.el6          base         328 k

Transaction Summary
================================================================================
Install       2 Package(s)

Total download size: 340 k
Installed size: 872 k
Downloading Packages:
(1/2): setools-3.3.7-4.el6.x86_64.rpm                    | 11 kB     00:00
(2/2): setools-console-3.3.7-4.el6.x86_64.rpm            | 328 kB     00:00
--------------------------------------------------------------------------------
Total                                           825 kB/s | 340 kB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : setools-console-3.3.7-4.el6.x86_64                           1/2
Installing : setools-3.3.7-4.el6.x86_64                                   2/2
Verifying : setools-3.3.7-4.el6.x86_64                                   1/2
Verifying : setools-console-3.3.7-4.el6.x86_64                           2/2

Installed:
setools.x86_64 0:3.3.7-4.el6

Dependency Installed:
setools-console.x86_64 0:3.3.7-4.el6

Complete!

# apol

登録: 投稿 (Atom)