Some selinux notes

ls -Z file1
-rwxrw-r-- user1 group1 unconfined_u:object_r:user_home_t:s0 file1
  • SELinux contexts follow the SELinux user:role:type:level syntax.
  • Use the ps -eZ command to view the SELinux context for processes
  • and id -Z for users
  • seinfo -r (part of setools-console): shows all available user roles: such as guest, unconfined, webadm, sysadm, dbadm, etc.

also see /etc/selinux/targeted/context/users

iptables port forwarding

Use case: make tomcat on port 8443 listen on port 443.

sudo iptables -A PREROUTING -t nat \
  -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

This will forward all traffic coming in on port 443 to the tomcat server listening on 8443.

(picked from here: https://mihail.stoynov.com/2011/04/04/howto-start-tomcat-on-port-80-without-root-privileges/)

To view, the usual -L and -F won’t show anything. Instead, use:

iptables -L -t nat
iptables -F -t nat