Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SELINUX: Add squid_port_t to the policy tunables #265

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

SELINUX: Add squid_port_t to the policy tunables #265

wants to merge 1 commit into from

Conversation

dnorthup-ums
Copy link

As Squid is a popular Forward Proxy platform, and security binaries should be compiled by trusted partners, add use of squid_port_t to the supplied SELINUX policy object.

Satisfies Issue #162

Issue number being addressed

Fixes #162

Summary of the change

Adds squid_port_t to the list of ports allowed by the SELINUX policy tunables pam_duo_permit_sshd and pam_duo_permit_local_login.

Test Plan

Should be no different from current testing of forward proxies. We have internally validated this change at the University of Maine System.

@dnorthup-ums
SELINUX: Add squid_port_t to the policy tunables
aa522c3 
As Squid is a popular Forward Proxy platform, and security binaries
should be compiled by trusted partners, add use of squid_port_t to the
supplied SELINUX policy object.

Satisfies Issue duosecurity#162
@dnorthup-ums dnorthup-ums mentioned this pull request Oct 2, 2023
Closed
@dnorthup-ums
Copy link
Author

We will likely bring this up with our paid support contact, so attention would be appreciated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

selinux policy prevents proxy through squid port 3128
1 participant
@dnorthup-ums