NIS binding probs w/Firewall and SELinux

Scott Ehrlich scott-DPNOqEs/LNQ at public.gmane.org
Fri Sep 7 01:25:32 EDT 2007 

On Thu, 6 Sep 2007, Matthew Gillen wrote:

> Scott Ehrlich wrote:
>> Is there a file I can edit to ensure SELinux is disabled?   The system
>> was initially installed with SELinux Enabled, then disabled later by me.
>
> Well, there's a command you run to see what the current state is:
> $ sestatus
> SELinux status:                 disabled
>
> or
>
> $ sestatus
> SELinux status:                 enabled
> SELinuxfs mount:                /selinux
> Current mode:                   enforcing
> Mode from config file:          enforcing
> Policy version:                 21
> Policy from config file:        targeted
>
> You can force it off at boot time by adding selinux=0 to your kernel parameters.
>
>> In the meantime, I did find
>> http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/security-guide/s1-server-nis.html
>> and will see if that may help.
>
> That's talking about securing NIS, I think you're trying to un-secure it ;-)
>
> The Redhat 9 manuals are /ancient/.  I'd stick with either the RHEL5 manuals
> or the howto archive:
> https://www.redhat.com/docs/manuals/enterprise/
> http://tldp.org/HOWTO/NIS-HOWTO/index.html
>
>> I think once I get past beyond the security issues, yp will work/bind fine.
>
> You shouldn't need to disable SELinux to make ypserv/ypbind work.  I know it
> works for Fedora, so I can't believe that RHEL would work any less well.
> However, depending on your configuration, you may need to enable some of the
> YP/NIS "booleans" in the targeted policy (ie I had to enable one to use NFS
> home directories).  Running the system-config-selinux gui should guide you
> through it.
>
> The 'rpcinfo' command is your friend:
> /usr/sbin/rpcinfo -p serverhostname
>
> from both the server and clients will tell you what's currently registered
> with the portmapper.

The other big question would be what default ports nis uses.  I know I 
have nfs configured for firewall passthru, but not sure if NIS uses the 
same ports.

I was not aware of the selinux command nor its kernel parameter usage.

Thanks again!

Scott

>
> Good luck,
> Matt
>

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the Discuss mailing list