sudo -i mkdir ~/selinux/murmur cd ~/selinux/murmur sepolgen --inetd /usr/sbin/murmurd -n murmur -u system_u
Add this to murmur.te:
# Add Port defenition type murmur_port_t; corenet_port(murmur_port_t)
Run
semanage dontaudit off ./murmur.sh semanage port -a -t murmur_port_t 64738 -p tcp semanage port -a -t murmur_port_t 64738 -p udp systemctl start murmur.service
Login to your server, restart it, generate some system calls…
Than execute and check if the policy is restrictive enough:
./murmur.sh --update
Clean up your audit log
> /var/log/audit/audit.log rm -rf /var/log/audit/audit.log.*
Generate system calls again and rerun “–update”.
If murmur does not generate any more violations your policy is good to go.
Set it to enforcing by removing “#” before “permissive murmur_t;” in “murmur.te”.
Rerun
./murmur.sh
Restart murmur and check if everything is working as expected.
Finally enable “don’t audit” again:
semanage dontaudit on