|
|
Sponsored Content
Special Forums
IP Networking
How to do traceroute of DNS lookups?
Post 302460525 by coolatt on Thursday 7th of October 2010 02:58:28 AM
10-07-2010
ok,,, thanks 
|
|
10 More Discussions You Might Find Interesting
1. Solaris
hey guys, how to add soalris box as a microsoft DNS Client ?
and how to register in the microsoft DNS ??
i managed to query from the DNS server after adding /etc/resolve.conf and editing /etc/nsswitch.conf
but i need to register the soalris server (dns Client) into Microsoft DNS automatically.... (3 Replies)
Discussion started by: mduweik
3 Replies
2. UNIX for Advanced & Expert Users
Hi,
Can any one suggest me an add on feature for the traceroute command.
Thanks in advance.
Regards,
Selvi (4 Replies)
Discussion started by: salvi
4 Replies
3. Shell Programming and Scripting
I know that 'brute-force' scripting could accomplish this with lots of cat/echo/cut/grep and more. But, because my real file has 800k records, and the matching files have 10-20k records, this is not time-possible or efficient.
I have input file:
> cat file_in... (4 Replies)
Discussion started by: joeyg
4 Replies
4. HP-UX
Just wondering if anyone else is using IBM's TWS on HP-UX 11.11i. Seeing some very strange name-lookup issues when it comes to using various utilities on the system. The same software works fine o0n AIX, Linux, Solaris, etc, but on HP-UX there is noticeable time lags in issuing commands - at the... (0 Replies)
Discussion started by: rnbwkat
0 Replies
5. UNIX for Dummies Questions & Answers
Good afternoon
Can anyone explain traceroutes to me and when it would be necessary/what situations would call one to use it? (2 Replies)
Discussion started by: iamnew2solaris
2 Replies
6. Shell Programming and Scripting
Hi all
i need help :)
i need to create a script (tcsh) to do a nslookup on all my hosts to see which ones do not have reverse lookup..etc.
can someone please help? (1 Reply)
Discussion started by: brian112
1 Replies
7. UNIX for Advanced & Expert Users
I'd like to get some opnions on choosing DNS server:
Windows DNS vs Linux BIND comparrsion:
1) managment, easy of use
2) Security
3) features
4) peformance
5) ??
I personally prefer Windows DNS server for management, it supports GUI and command line. But I am not sure about security... (2 Replies)
Discussion started by: honglus
2 Replies
8. Red Hat
I am trying to setup a CentOS 6.2 server that will be doing 3 things DHCP, DNS & Samba for a very small office (2 users). The idea being this will replace a very old Win2k server. The users are all windows based clients so only the server will be Linux based.
I've installed CentOS 6.2 with... (4 Replies)
Discussion started by: FireBIade
4 Replies
9. IP Networking
I have some question about traceroute:
1. Can we hide our computer from traceroute? (2 Replies)
Discussion started by: budiantho_indra
2 Replies
10. Solaris
Hi,
We have built a new server (RHEL VM)and added that IP/hostname into dns zone configs file on DNS server (Solaris 10). Reloaded the configuration using
and added nameserver into resolv.conf on client. But when I am trying nslookup, its not getting resolved. The nameserver is not able to... (8 Replies)
Discussion started by: snchaudhari2
8 Replies
LEARN ABOUT CENTOS
traceroute_selinux
traceroute_selinux(8) SELinux Policy traceroute traceroute_selinux(8) NAME
traceroute_selinux - Security Enhanced Linux Policy for the traceroute processes DESCRIPTION
Security-Enhanced Linux secures the traceroute processes via flexible mandatory access control. The traceroute processes execute with the traceroute_t SELinux type. You can check if you have these processes running by executing the ps command with the -Z qualifier. For example: ps -eZ | grep traceroute_t ENTRYPOINTS
The traceroute_t SELinux type can be entered via the traceroute_exec_t file type. The default entrypoint paths for the traceroute_t domain are the following: /bin/tracepath.*, /bin/traceroute.*, /usr/bin/tracepath.*, /usr/bin/traceroute.*, /usr/sbin/traceroute.*, /usr/bin/lft, /usr/bin/mtr, /usr/bin/nmap, /usr/sbin/mtr PROCESS TYPES
SELinux defines process types (domains) for each process running on the system You can see the context of a process using the -Z option to ps Policy governs the access confined processes have to files. SELinux traceroute policy is very flexible allowing users to setup their traceroute processes in as secure a method as possible. The following process types are defined for traceroute: traceroute_t Note: semanage permissive -a traceroute_t can be used to make the process type traceroute_t permissive. SELinux does not deny access to permissive process types, but the AVC (SELinux denials) messages are still generated. BOOLEANS
SELinux policy is customizable based on least access required. traceroute policy is extremely flexible and has several booleans that allow you to manipulate the policy and run traceroute with the tightest access possible. If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd server, you must turn on the authlo- gin_nsswitch_use_ldap boolean. Disabled by default. setsebool -P authlogin_nsswitch_use_ldap 1 If you want to allow all daemons the ability to read/write terminals, you must turn on the daemons_use_tty boolean. Disabled by default. setsebool -P daemons_use_tty 1 If you want to deny any process from ptracing or debugging any other processes, you must turn on the deny_ptrace boolean. Enabled by default. setsebool -P deny_ptrace 1 If you want to allow all domains to use other domains file descriptors, you must turn on the domain_fd_use boolean. Enabled by default. setsebool -P domain_fd_use 1 If you want to allow all domains to have the kernel load modules, you must turn on the domain_kernel_load_modules boolean. Disabled by default. setsebool -P domain_kernel_load_modules 1 If you want to allow all domains to execute in fips_mode, you must turn on the fips_mode boolean. Enabled by default. setsebool -P fips_mode 1 If you want to enable reading of urandom for all domains, you must turn on the global_ssp boolean. Disabled by default. setsebool -P global_ssp 1 If you want to allow confined applications to run with kerberos, you must turn on the kerberos_enabled boolean. Enabled by default. setsebool -P kerberos_enabled 1 If you want to allow system to run with NIS, you must turn on the nis_enabled boolean. Disabled by default. setsebool -P nis_enabled 1 If you want to allow confined applications to use nscd shared memory, you must turn on the nscd_use_shm boolean. Disabled by default. setsebool -P nscd_use_shm 1 If you want to allow confined users the ability to execute the ping and traceroute commands, you must turn on the selinuxuser_ping boolean. Enabled by default. setsebool -P selinuxuser_ping 1 NSSWITCH DOMAIN
If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd server for the traceroute_t, you must turn on the authlogin_nsswitch_use_ldap boolean. setsebool -P authlogin_nsswitch_use_ldap 1 If you want to allow confined applications to run with kerberos for the traceroute_t, you must turn on the kerberos_enabled boolean. setsebool -P kerberos_enabled 1 PORT TYPES
SELinux defines port types to represent TCP and UDP ports. You can see the types associated with a port by using the following command: semanage port -l Policy governs the access confined processes have to these ports. SELinux traceroute policy is very flexible allowing users to setup their traceroute processes in as secure a method as possible. The following port types are defined for traceroute: traceroute_port_t Default Defined Ports: udp 64000-64010 FILE CONTEXTS
SELinux requires files to have an extended attribute to define the file type. You can see the context of a file using the -Z option to ls Policy governs the access confined processes have to these files. SELinux traceroute policy is very flexible allowing users to setup their traceroute processes in as secure a method as possible. STANDARD FILE CONTEXT SELinux defines the file context types for the traceroute, if you wanted to store files with these types in a diffent paths, you need to execute the semanage command to sepecify alternate labeling and then use restorecon to put the labels on disk. semanage fcontext -a -t traceroute_exec_t '/srv/traceroute/content(/.*)?' restorecon -R -v /srv/mytraceroute_content Note: SELinux often uses regular expressions to specify labels that match multiple files. The following file types are defined for traceroute: traceroute_exec_t - Set files with the traceroute_exec_t type, if you want to transition an executable to the traceroute_t domain. Paths: /bin/tracepath.*, /bin/traceroute.*, /usr/bin/tracepath.*, /usr/bin/traceroute.*, /usr/sbin/traceroute.*, /usr/bin/lft, /usr/bin/mtr, /usr/bin/nmap, /usr/sbin/mtr Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the semanage fcontext command. This will modify the SELinux labeling database. You will need to use restorecon to apply the labels. COMMANDS
semanage fcontext can also be used to manipulate default file context mappings. semanage permissive can also be used to manipulate whether or not a process type is permissive. semanage module can also be used to enable/disable/install/remove policy modules. semanage port can also be used to manipulate the port definitions semanage boolean can also be used to manipulate the booleans system-config-selinux is a GUI tool available to customize SELinux policy settings. AUTHOR
This manual page was auto-generated using sepolicy manpage . SEE ALSO
selinux(8), traceroute(8), semanage(8), restorecon(8), chcon(1), sepolicy(8) , setsebool(8) traceroute 14-06-10 traceroute_selinux(8)