{"id":6856,"date":"2020-05-31T13:52:43","date_gmt":"2020-05-31T04:52:43","guid":{"rendered":"https:\/\/www.stuffy.site\/wordpress\/?p=6856"},"modified":"2020-07-31T22:51:50","modified_gmt":"2020-07-31T13:51:50","slug":"due-to-selinux-getting-stuck-with-changing-ssh-port","status":"publish","type":"post","link":"https:\/\/www.stuffy.site\/wordpress\/?p=6856","title":{"rendered":"SSH\u30dd\u30fc\u30c8\u5909\u66f4SELinux\u3067\u3064\u307e\u3065\u304f"},"content":{"rendered":"\n
\"\"<\/figure><\/div>\n\n\n\n

Amazon Web Services \u57fa\u790e\u304b\u3089\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af&\u30b5\u30fc\u30d0\u30fc\u69cb\u7bc9 \u6539\u8a023\u7248<\/a> \u3067CentOS7.8 \u3092AWS \u306b\u5b9f\u969b\u306b\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u3068\u3057\u3066\u8d77\u52d5\u3001\u8a2d\u5b9a\u3092\u3057\u305f\u306e\u3067\u30e1\u30e2\u3002<\/p>\n\n\n\n

\u30bf\u30a4\u30e0\u30be\u30fc\u30f3\u8a2d\u5b9a
AWS EC2 Amazon Linux\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u8d77\u52d5\u5f8c\u3001\u6700\u521d\u306b\u3084\u308b\u3053\u3068\u307e\u3068\u3081<\/a><\/p>\n\n\n

# ln -sf \/usr\/share\/zoneinfo\/Asia\/Tokyo \/etc\/localtime\n# vi \/etc\/sysconfig\/clock
\nZONE=\"Asia\/Tokyo\"\nUTC= true
\n# shutdown -r now<\/pre>\n\n\n
yum \u30d5\u30a1\u30b9\u30c6\u30b9\u30c8\u30df\u30e9\u30fc\u8a2d\u5b9a\u3001\u30b0\u30eb\u30fc\u30d7\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3001\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8
CentOS7 \u3067 yum groupinstall \u304c\u51fa\u6765\u306a\u3044\u3093\u3067\u3059\u3051\u3069\u3002\u3002\u3002<\/a><\/p>\n\n\n
# vi \/etc\/yum\/pluginconf.d\/fastestmirror.conf\n\ninclude_only=.jp\n\n# yum -y install bash-completion\n# yum -y groupinstall base \"Development tools\" --setopt=group_package_types=mandatory,default,optional\n# yum -y update<\/pre>\n\n\n
SSH\u30dd\u30fc\u30c8\u5909\u66f4
\uff08AWS\u30b3\u30f3\u30bd\u30fc\u30eb\u306eEC2\u2192\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30b0\u30eb\u30fc\u30d7\u2192\u30a4\u30f3\u30d0\u30a6\u30f3\u30c9\u30eb\u30fc\u30eb\u306e\u7de8\u96c6\u304b\u3089\u30ab\u30b9\u30bf\u30e0TCP\u30dd\u30fc\u30c820022\u3092\u8a31\u53ef\uff09<\/p>\n\n\n
# vi \/etc\/ssh\/sshd_config
\nPort 20022
\n# setenforce 0\n# vi \/etc\/selinux\/config
\nSELINUX=permissive\n\n# semanage port -a -t ssh_port_t -p tcp 20022\n# systemctl restart sshd\n# systemctl enable sshd<\/pre>\n\n\n
\u3053\u3053\u3067SELinux\u306e\u30b3\u30f3\u30c6\u30ad\u30b9\u30c8\u5909\u66f4\u305b\u305a\u306b\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u518d\u8d77\u52d5\u3059\u308b\u3068sshd \u8d77\u52d5\u30a8\u30e9\u30fc\u3092\u8d77\u3053\u3057\u3066\u901a\u4fe1\u3067\u304d\u306a\u304f\u306a\u308b\u7f60\u3002AWS\u3067\u518d\u8d77\u52d5\u5f8c\u3001SSH\u304c\u7e4b\u304c\u3089\u306a\u304f\u306a\u3063\u305f\u5834\u5408\u306e\u5bfe\u51e6\u6cd5\u3002SELinux\u304c\u539f\u56e0\u3067\u3057\u305f\u3002<\/a><\/p>\n\n\n\n
semanage port -a -t ssh_port_t -p tcp 20022<\/span><\/p>\n\n\n\n
\u3075\u3057\u3042\u306a\u3055\u3093\u3001\/etc\/ssh\/sshd_config \u306b\u82f1\u6587\u306e\u6ce8\u610f\u66f8\u304d\u304c\u3042\u308a\u307e\u3057\u305f\u306d\u30fb\u30fb\u30fb\u3053\u308c\u306b\u6c17\u4ed8\u304f\u307e\u3067\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u524a\u9664\u3001\u8d77\u52d5\u309210\u56de\u7e70\u308a\u8fd4\u3057\u307e\u3057\u305f\u3088orz<\/span><\/p>\n\n\n\n
\u8a2d\u5b9a\u306e\u9014\u4e2d\u3067\u4e00\u6642\u7684\u306bPermissive \u306b\u3057\u3066\u3082\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4e0a\u306f\u6700\u7d42\u7684\u306bSELinux \u306f\u6709\u52b9\u306b\u3059\u308b\u3053\u3068\u304c\u671b\u307e\u3057\u3044\u3068\u601d\u3044\u307e\u3059\u3002Amazon Linux\u3067SELinux\u3092\u6709\u52b9\u306b\u3059\u308b\u3002<\/a><\/p>\n\n\n\n
AWS \u3067\u306f\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30b0\u30eb\u30fc\u30d7\u3067\u30dd\u30fc\u30c8\u7ba1\u7406\u3092\u884c\u3046\u306e\u3067\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u5185\u3067firewalld \u3092\u30a2\u30af\u30c6\u30a3\u30d6\u306b\u3057\u306a\u3044\u306e\u304c\u30d9\u30b9\u30c8\u30d7\u30e9\u30af\u30c6\u30a3\u30b9\u306e\u3088\u3046\u3067\u3059\u306d\u3002<\/p>\n\n\n\n
AWS\u30b3\u30f3\u30bd\u30fc\u30eb\u304b\u3089VPC\u2192\u30a2\u30af\u30b7\u30e7\u30f3\u2192DNS\u89e3\u6c7a\u306e\u7de8\u96c6\u3092\u6709\u52b9\u5316<\/p>\n\n\n\n
AWS\u30b3\u30f3\u30bd\u30fc\u30eb\u304b\u3089VPC\u2192\u30a2\u30af\u30b7\u30e7\u30f3\u2192DNS\u30db\u30b9\u30c8\u540d\u306e\u7de8\u96c6\u3092\u6709\u52b9\u5316<\/p>\n\n\n\n
AWS\u30b3\u30f3\u30bd\u30fc\u30eb\u304b\u3089Route53\u2192\u30db\u30b9\u30c8\u30be\u30fc\u30f3\u4f5c\u6210<\/p>\n\n\n\n
AWS\u30b3\u30f3\u30bd\u30fc\u30eb\u304b\u3089Route53\u2192EC2\u306eElastic IP \u304b\u3089A\u30ec\u30b3\u30fc\u30c9\u8ee2\u8a18<\/p>\n\n\n\n
\u3042\u3089\u304b\u3058\u3081Godaddy\u3067\u53d6\u5f97\u3057\u305f\u72ec\u81ea\u30c9\u30e1\u30a4\u30f3\u306e\u30cd\u30fc\u30e0\u30b5\u30fc\u30d0\u30fc\u306b\u30db\u30b9\u30c8\u30be\u30fc\u30f3\u3067\u751f\u6210\u3055\u308c\u305f\u30a2\u30c9\u30ec\u30b9\u3092\u8ee2\u8a18<\/p>\n\n\n\n
GoDaddy\u304b\u3089Route53\u306b\u3088\u308bDNS\u7ba1\u7406\u306b\u5909\u3048\u308b\u65b9\u6cd5<\/a><\/p>\n\n\n\n
nslookup \u30d6\u30e9\u30a6\u30b6\u3067\u540d\u524d\u89e3\u6c7a\u3067\u304d\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3057\u3066\u4f5c\u696d\u7d42\u4e86\u3057\u307e\u3057\u305f\u3002<\/p>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
Amazon Web Services \u57fa\u790e\u304b\u3089\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af&\u30b5\u30fc\u30d0\u30fc\u69cb\u7bc9 \u6539\u8a023\u7248 \u3067CentOS7.8 \u3092AWS \u306b\u5b9f\u969b\u306b\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u3068\u3057\u3066\u8d77\u52d5\u3001\u8a2d\u5b9a\u3092\u3057\u305f\u306e\u3067\u30e1\u30e2\u3002 \u30bf\u30a4\u30e0\u30be\u30fc\u30f3\u8a2d\u5b9aAWS EC … \u7d9a\u304d\u3092\u8aad\u3080 SSH\u30dd\u30fc\u30c8\u5909\u66f4SELinux\u3067\u3064\u307e\u3065\u304f<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[110,3,27],"tags":[],"class_list":["post-6856","post","type-post","status-publish","format-standard","hentry","category-aws-2","category-linux","category-selinux"],"_links":{"self":[{"href":"https:\/\/www.stuffy.site\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/6856","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.stuffy.site\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.stuffy.site\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.stuffy.site\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.stuffy.site\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6856"}],"version-history":[{"count":10,"href":"https:\/\/www.stuffy.site\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/6856\/revisions"}],"predecessor-version":[{"id":6867,"href":"https:\/\/www.stuffy.site\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/6856\/revisions\/6867"}],"wp:attachment":[{"href":"https:\/\/www.stuffy.site\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6856"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.stuffy.site\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6856"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.stuffy.site\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6856"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}