duo_unix icon indicating copy to clipboard operation
duo_unix copied to clipboard

Published 20 hours ago verified publisher icon duosecurity

SELINUX: Add squid_port_t to the policy tunables

Open dnorthup-ums opened this issue 1 year ago • 1 comments

As Squid is a popular Forward Proxy platform, and security binaries should be compiled by trusted partners, add use of squid_port_t to the supplied SELINUX policy object.

Satisfies Issue #162

Issue number being addressed

Fixes #162

Summary of the change

Adds squid_port_t to the list of ports allowed by the SELINUX policy tunables pam_duo_permit_sshd and pam_duo_permit_local_login.

Test Plan

Should be no different from current testing of forward proxies. We have internally validated this change at the University of Maine System.

dnorthup-ums avatar Oct 02 '23 14:10 dnorthup-ums

We will likely bring this up with our paid support contact, so attention would be appreciated.

dnorthup-ums avatar Oct 02 '23 14:10 dnorthup-ums

@AaronAtDuo While the work-around is working again, it is unreliable and this is technically the correct fix. We at the University of Maine System would appreciate it being applied.

dnorthup-ums avatar Oct 04 '24 18:10 dnorthup-ums