=== /var/log/secure === CANNOT READ === /etc/security/namespace.conf === # /etc/security/namespace.conf # # See /usr/share/doc/pam-*/txts/README.pam_namespace for more information. # # Uncommenting the following three lines will polyinstantiate # /tmp, /var/tmp and user's home directories. /tmp and /var/tmp will # be polyinstantiated based on the MLS level part of the security context as well as user # name, Polyinstantion will not be performed for user root and adm for directories # /tmp and /var/tmp, whereas home directories will be polyinstantiated for all users. # The user name and context is appended to the instance prefix. # # Note that instance directories do not have to reside inside the # polyinstantiated directory. In the examples below, instances of /tmp # will be created in /tmp-inst directory, where as instances of /var/tmp # and users home directories will reside within the directories that # are being polyinstantiated. # # Instance parent directories must exist for the polyinstantiation # mechanism to work. By default, they should be created with the mode # of 000. pam_namespace module will enforce this mode unless it # is explicitly called with an argument to ignore the mode of the # instance parent. System administrators should use this argument with # caution, as it will reduce security and isolation achieved by # polyinstantiation. # #/tmp /tmp-inst/ level root,adm #/var/tmp /var/tmp/tmp-inst/ level root,adm #$HOME $HOME/$USER.inst/ level === /etc/pam.d/postlogin === #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authselect is run. session optional pam_umask.so silent session [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet session [default=1] pam_lastlog.so nowtmp showfailed session optional pam_lastlog.so silent noupdate showfailed === /etc/security/limits.conf === # /etc/security/limits.conf # #This file sets the resource limits for the users logged in via PAM. #It does not affect resource limits of the system services. # #Also note that configuration files in /etc/security/limits.d directory, #which are read in alphabetical order, override the settings in this #file in case the domain is the same or more specific. #That means for example that setting a limit for wildcard domain here #can be overriden with a wildcard setting in a config file in the #subdirectory, but a user specific setting here can be overriden only #with a user specific setting in the subdirectory. # #Each line describes a limit for a user in the form: # # # #Where: # can be: # - a user name # - a group name, with @group syntax # - the wildcard *, for default entry # - the wildcard %, can be also used with %group syntax, # for maxlogin limit # # can have the two values: # - "soft" for enforcing the soft limits # - "hard" for enforcing hard limits # # can be one of the following: # - core - limits the core file size (KB) # - data - max data size (KB) # - fsize - maximum filesize (KB) # - memlock - max locked-in-memory address space (KB) # - nofile - max number of open file descriptors # - rss - max resident set size (KB) # - stack - max stack size (KB) # - cpu - max CPU time (MIN) # - nproc - max number of processes # - as - address space limit (KB) # - maxlogins - max number of logins for this user # - maxsyslogins - max number of logins on the system # - priority - the priority to run user process with # - locks - max number of file locks the user can hold # - sigpending - max number of pending signals # - msgqueue - max memory used by POSIX message queues (bytes) # - nice - max nice priority allowed to raise to values: [-20, 19] # - rtprio - max realtime priority # # # #* soft core 0 #* hard rss 10000 #@student hard nproc 20 #@faculty soft nproc 20 #@faculty hard nproc 50 #ftp hard nproc 0 #@student - maxlogins 4 # End of file === /etc/selinux/config === SELINUX=disabled === PAM modules === /lib64/security/pam_selinux.so: EXISTS (100755) /lib64/security/pam_namespace.so: EXISTS (100755) /lib64/security/pam_loginuid.so: EXISTS (100755) /lib64/security/pam_limits.so: EXISTS (100755) /lib64/security/pam_hulk.so: EXISTS (100755) /lib64/security/pam_systemd.so: EXISTS (100755) === passwd root === root:x:0:0:root:/root:/bin/bash operator:x:11:0:operator:/root:/sbin/nologin === disabled_functions === shell_exec, cat, openbasedir, proc_close, proc_get_status, proc_nice, proc_open, escapeshellcmd, show_source, posix_mkfifo, mysql_list_dbs, get_current_user, getmyuid, pconnect, symlink, pcntl_exec, ini_alter, leak, apache_child_terminate, posix_kill, posix_setpgid, posix_setsid, posix_setuid, proc_terminate, syslog, fpassthru, stream_select, socket_select, socket_create, socket_create_listen, socket_create_pair, socket_listen, socket_accept, socket_bind, socket_strerror, pcntl_fork, pcntl_signal, pcntl_waitpid, pcntl_wexitstatus, pcntl_wifexited, pcntl_wifsignaled, pcntl_wifstopped, pcntl_wstopsig, pcntl_wtermsig, openlog, apache_get_modules, apache_get_version, apache_getenv, apache_note, virtual, name pcntl_alarm, pcntl_wait, pcntl_wifexited, pcntl_wifstopped, pcntl_wifsignaled, pcntl_wifcontinued, pcntl_wexitstatus, pcntl_wtermsig, pcntl_wstopsig, pcntl_signal, pcntl_signal_get_handler, pcntl_signal_dispatch, pcntl_get_last_error, pcntl_strerror, pcntl_sigprocmask, pcntl_sigwaitinfo, pcntl_sigtimedwait, pcntl_getpriority, pcntl_setpriority, pcntl_async_signals, pcntl_unshare, system, posix_getpwuid, popen === exec test === uid=1000(tmpfix) gid=1003(tmpfix) groups=1003(tmpfix) context=system_u:system_r:unconfined_service_t:s0 (ret:0)