1. Discretionary Access Control (DAC)
: 임의 접근제어
2. Mandatory Access Control (MAC)
: 강제 접근제어
3. SELinux Modes
1) enforcing (강제) : 차단 O + 로그 O
2) permissive (허용) : 차단 X+ 로그 O
3) disable (해제) : 차단 X + 로그 X
4) setenforce 1 : permissive -> enforcing
setenforce 0 : enforcing -> permissive
5) disable <------> enforcing/permissive : 재부팅이 필요하다. 명령어로는 설정 불가능. 아래 파일 수정.
/etc/selinux/config ----> 본파일. 7버전부터 이거 사용.
/etc/sysconfig/selinux ----> 링크파일임. 5,6버전의 위치는 이거. 그래서 링크를 위 파일로 걸어둠.
6) Re-Enabling SELinux Enforcing Mode
touch / .autorelabel : selinux 가 바뀌었으니 한번 확인해보라는 의미. 부팅할때 security context를 다 확인해 봐라.
[root@station13 ~]# ll /etc/selinux/config
-rw-r--r--. 1 root root 547 Jul 12 02:52 /etc/selinux/config
[root@station13 ~]# ll /etc/sysconfig/selinux
lrwxrwxrwx. 1 root root 17 Jul 12 02:52 /etc/sysconfig/selinux -> ../selinux/config
[root@station13 ~]# cat -n /etc/sysconfig/selinux
1
2 # This file controls the state of SELinux on the system.
3 # SELINUX= can take one of these three values:
4 # enforcing - SELinux security policy is enforced.
5 # permissive - SELinux prints warnings instead of enforcing.
6 # disabled - No SELinux policy is loaded.
7 SELINUX=enforcing
8 # SELINUXTYPE= can take one of three two values:
9 # targeted - Targeted processes are protected, //프로세스라든가 유저가 파일/디렉토리에 접근할 때 시큐리티 폴리스에 따라 결정하는 거...?
10 # minimum - Modification of targeted policy. only selected processes are protected. //임베디드에 사용.
11 # mls - Multi Level Security protection. //security context에 security_level이 있는데, 저걸 사용하겠다.
12 SELINUXTYPE=targeted
13
14
4. SELinux setenforce
1) matchpathcon : 대상 디렉토리내 파일에 무슨 security context를 써야 하는지 알려줌.
# matchpathcon /var/www/html
[root@station13 ~]# cp anaconda-ks.cfg /var/www/html/a.html
[root@station13 ~]# mv anaconda-ks.cfg /var/www/html/b.html
[root@station13 ~]# ll /var/www/html
total 16
-rw-------. 1 root root 2512 Jul 19 14:14 a.html
-rw-------. 1 root root 1658 Jul 18 15:16 anaconda-ks.cfg
-rw-------. 1 root root 2512 Jul 12 03:03 b.html
-rw-r--r--. 1 root root 1520 Jul 18 15:30 ks.cfg
drwxr-xr-x. 3 root root 105 Jul 17 14:20 testrepo
[root@station13 ~]# chmod 644 /var/www/html/{a,b}.html
[root@station13 ~]# ll /var/www/html
total 16
-rw-r--r--. 1 root root 2512 Jul 19 14:14 a.html
-rw-------. 1 root root 1658 Jul 18 15:16 anaconda-ks.cfg
-rw-r--r--. 1 root root 2512 Jul 12 03:03 b.html
-rw-r--r--. 1 root root 1520 Jul 18 15:30 ks.cfg
drwxr-xr-x. 3 root root 105 Jul 17 14:20 testrepo
[root@station13 ~]# setenforce 1
[root@station13 ~]# getenforce
Enforcing
[root@station13 ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: active (running) since Tue 2018-07-17 14:35:49 KST; 1 day 23h ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 6149 (httpd)
Status: "Total requests: 4; Current requests/sec: 0; Current traffic: 0 B/sec"
CGroup: /system.slice/httpd.service
├─6149 /usr/sbin/httpd -DFOREGROUND
├─6150 /usr/sbin/httpd -DFOREGROUND
├─6151 /usr/sbin/httpd -DFOREGROUND
├─6152 /usr/sbin/httpd -DFOREGROUND
├─6153 /usr/sbin/httpd -DFOREGROUND
├─6154 /usr/sbin/httpd -DFOREGROUND
├─6571 /usr/sbin/httpd -DFOREGROUND
├─6572 /usr/sbin/httpd -DFOREGROUND
└─6573 /usr/sbin/httpd -DFOREGROUND
Jul 17 14:35:48 station13.example.com systemd[1]: Starting The Apache HTTP Server...
Jul 17 14:35:49 station13.example.com systemd[1]: Started The Apache HTTP Server.
[root@station13 ~]#
---> a.html 은 웹브라우저로 보이는데, b.html은 forbidden으로 뜬다.
퍼미션은 a.html, b.html 다 똑같은데 왜그럴까?
selinux security context 때문..
[root@station13 ~]# tail /var/log/messages
Jul 19 14:14:32 station13 dnsmasq-dhcp[1596]: DHCPREQUEST(virbr0) 192.168.122.217 52:54:00:aa:72:53
Jul 19 14:14:32 station13 dnsmasq-dhcp[1596]: DHCPACK(virbr0) 192.168.122.217 52:54:00:aa:72:53
Jul 19 14:16:13 station13 dbus[756]: [system] Activating service name='org.fedoraproject.Setroubleshootd' (using servicehelper)
Jul 19 14:16:14 station13 dbus[756]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
Jul 19 14:16:15 station13 setroubleshoot: failed to retrieve rpm info for /var/www/html/b.html
Jul 19 14:16:16 station13 setroubleshoot: SELinux is preventing /usr/sbin/httpd from getattr access on the file /var/www/html/b.html. For complete SELinux messages. run sealert -l 130163e2-6c90-4306-a193-2b00d3b3ff20
Jul 19 14:16:16 station13 python: SELinux is preventing /usr/sbin/httpd from getattr access on the file /var/www/html/b.html.#012#012***** Plugin restorecon (99.5 confidence) suggests ************************#012#012If you want to fix the label. #012/var/www/html/b.html default label should be httpd_sys_content_t.#012Then you can run restorecon.#012Do#012# /sbin/restorecon -v /var/www/html/b.html#012#012***** Plugin catchall (1.49 confidence) suggests **************************#012#012If you believe that httpd should be allowed getattr access on the b.html file by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'httpd' --raw | audit2allow -M my-httpd#012# semodule -i my-httpd.pp#012
Jul 19 14:16:21 station13 setroubleshoot: failed to retrieve rpm info for /var/www/html/b.html
Jul 19 14:16:21 station13 setroubleshoot: SELinux is preventing /usr/sbin/httpd from getattr access on the file /var/www/html/b.html. For complete SELinux messages. run sealert -l 130163e2-6c90-4306-a193-2b00d3b3ff20
Jul 19 14:16:21 station13 python: SELinux is preventing /usr/sbin/httpd from getattr access on the file /var/www/html/b.html.#012#012***** Plugin restorecon (99.5 confidence) suggests ************************#012#012If you want to fix the label. #012/var/www/html/b.html default label should be httpd_sys_content_t.#012Then you can run restorecon.#012Do#012# /sbin/restorecon -v /var/www/html/b.html#012#012***** Plugin catchall (1.49 confidence) suggests **************************#012#012If you believe that httpd should be allowed getattr access on the b.html file by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'httpd' --raw | audit2allow -M my-httpd#012# semodule -i my-httpd.pp#012
[root@station13 ~]# ll -Z /var/www/html
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 a.html
-rw-------. root root unconfined_u:object_r:httpd_sys_content_t:s0 anaconda-ks.cfg
-rw-r--r--. root root system_u:object_r:admin_home_t:s0 b.html
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 ks.cfg
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 testrepo
[root@station13 ~]# ps -eZ | grep httpd
system_u:system_r:httpd_t:s0 6149 ? 00:00:09 httpd
system_u:system_r:httpd_t:s0 6150 ? 00:00:00 httpd
system_u:system_r:httpd_t:s0 6151 ? 00:00:00 httpd
system_u:system_r:httpd_t:s0 6152 ? 00:00:00 httpd
system_u:system_r:httpd_t:s0 6153 ? 00:00:00 httpd
system_u:system_r:httpd_t:s0 6154 ? 00:00:00 httpd
system_u:system_r:httpd_t:s0 6571 ? 00:00:00 httpd
system_u:system_r:httpd_t:s0 6572 ? 00:00:00 httpd
system_u:system_r:httpd_t:s0 6573 ? 00:00:00 httpd
[root@station13 ~]# matchpathcon /etc /dev /tmp /var/www/html
/etc system_u:object_r:etc_t:s0
/dev system_u:object_r:device_t:s0
/tmp system_u:object_r:tmp_t:s0
/var/www/html system_u:object_r:httpd_sys_content_t:s0
[root@station13 ~]#
[root@station13 ~]# chcon -t httpd_sys_content_t /var/www/html/b.html
[root@station13 ~]#
5. SELinux Booleans
1) setsebool -P boolean_name value : -P 를 붙여야 영구적. -P 안 붙이면 임시 체인지
[root@station13 ~]# getsebool -a | grep http
httpd_anon_write --> off
httpd_builtin_scripting --> on
httpd_can_check_spam --> off
httpd_can_connect_ftp --> off
httpd_can_connect_ldap --> off
httpd_can_connect_mythtv --> off
httpd_can_connect_zabbix --> off
httpd_can_network_connect --> off
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_relay --> off
httpd_can_sendmail --> off
httpd_dbus_avahi --> off
httpd_dbus_sssd --> off
httpd_dontaudit_search_dirs --> off
httpd_enable_cgi --> on
httpd_enable_ftp_server --> off
httpd_enable_homedirs --> off
httpd_execmem --> off
httpd_graceful_shutdown --> on
httpd_manage_ipa --> off
httpd_mod_auth_ntlm_winbind --> off
httpd_mod_auth_pam --> off
httpd_read_user_content --> off
httpd_run_ipa --> off
httpd_run_preupgrade --> off
httpd_run_stickshift --> off
httpd_serve_cobbler_files --> off
httpd_setrlimit --> off
httpd_ssi_exec --> off
httpd_sys_script_anon_write --> off
httpd_tmp_exec --> off
httpd_tty_comm --> off
httpd_unified --> off
httpd_use_cifs --> off
httpd_use_fusefs --> off
httpd_use_gpg --> off
httpd_use_nfs --> off
httpd_use_openstack --> off
httpd_use_sasl --> off
httpd_verify_dns --> off
named_tcp_bind_http_port --> off
prosody_bind_http_port --> off
6. sealert
1) /var/log/messages 밑에 alert 번호 있다.
Jul 19 14:58:41 station13 setroubleshoot: SELinux is preventing vsftpd from create access on the fil
e se.txt. For complete SELinux messages. run sealert -l 68097609-fc43-40db-af63-7896ec679fb7
Jul 19 14:58:41 station13 python: SELinux is preventing vsftpd from create access on the file se.txt
.#012#012***** Plugin catchall_boolean (89.3 confidence) suggests ******************#012#012If yo
u want to determine whether ftpd can login to local users and can read and write all files on the sy
stem, governed by DAC.#012Then you must tell SELinux about this by enabling the 'ftpd_full_access' b
oolean.#012#012Do#012setsebool -P ftpd_full_access 1#012#012***** Plugin catchall (11.6 confidence)
suggests **************************#012#012If you believe that vsftpd should be allowed create ac
cess on the se.txt file by default.#012Then you should report this as a bug.#012You can generate a l
ocal policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausea
rch -c 'vsftpd' --raw | audit2allow -M my-vsftpd#012# semodule -i my-vsftpd.pp#012
[root@station13 ~]# sealert -l 68097609-fc43-40db-af63-7896ec679fb7
SELinux is preventing vsftpd from create access on the file se.txt.
***** Plugin catchall_boolean (89.3 confidence) suggests ******************
If you want to determine whether ftpd can login to local users and can read and write all files on the system, governed by DAC.
Then you must tell SELinux about this by enabling the 'ftpd_full_access' boolean.
You can read 'None' man page for more details.
Do
setsebool -P ftpd_full_access 1
***** Plugin catchall (11.6 confidence) suggests **************************
If you believe that vsftpd should be allowed create access on the se.txt file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'vsftpd' --raw | audit2allow -M my-vsftpd
# semodule -i my-vsftpd.pp
Additional Information:
Source Context system_u:system_r:ftpd_t:s0-s0:c0.c1023
Target Context system_u:object_r:tmp_t:s0
Target Objects se.txt [ file ]
Source vsftpd
Source Path vsftpd
Port <Unknown>
Host station13.example.com
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-102.el7_3.16.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name station13.example.com
Platform Linux station13.example.com
3.10.0-514.26.1.el7.x86_64 #1 SMP Thu Jun 29
16:05:25 UTC 2017 x86_64 x86_64
Alert Count 1
First Seen 2018-07-19 14:58:37 KST
Last Seen 2018-07-19 14:58:37 KST
Local ID 68097609-fc43-40db-af63-7896ec679fb7
Raw Audit Messages
type=AVC msg=audit(1531979917.775:6293): avc: denied { create } for pid=4093 comm="vsftpd" name="se.txt" scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=file
Hash: vsftpd,ftpd_t,tmp_t,file,create
[root@station13 ~]# getsebool -a | grep ftp
ftpd_anon_write --> off
ftpd_connect_all_unreserved --> off
ftpd_connect_db --> off
ftpd_full_access --> on
ftpd_use_cifs --> off
ftpd_use_fusefs --> off
ftpd_use_nfs --> off
ftpd_use_passive_mode --> off
httpd_can_connect_ftp --> off
httpd_enable_ftp_server --> off
tftp_anon_write --> off
tftp_home_dir --> off
7. 예제 (selinux 환경에서 ssh 포트 변경)
13 # If you want to change the port on a SELinux system, you have to tell
14 # SELinux about this change.
15 # semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
16 #
17 Port 222
[root@station13 ~]# systemctl restart sshd
Job for sshd.service failed because the control process exited with error code. See "systemctl status sshd.service" and "journalctl -xe" for details.
[root@station13 ~]# systemctl status sshd
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Thu 2018-07-19 15:15:18 KST; 4s ago
Docs: man:sshd(8)
man:sshd_config(5)
Process: 4691 ExecStart=/usr/sbin/sshd -D $OPTIONS (code=exited, status=255)
Main PID: 4691 (code=exited, status=255)
Jul 19 15:15:18 station13.example.com systemd[1]: Starting OpenSSH server daemon...
Jul 19 15:15:18 station13.example.com sshd[4691]: error: Bind to port 222 on 0.0.0.0 failed: Permission denied.
Jul 19 15:15:18 station13.example.com sshd[4691]: error: Bind to port 222 on :: failed: Permission denied.
Jul 19 15:15:18 station13.example.com sshd[4691]: fatal: Cannot bind any address.
Jul 19 15:15:18 station13.example.com systemd[1]: sshd.service: main process exited, code=exited, status=255/n/a
Jul 19 15:15:18 station13.example.com systemd[1]: Failed to start OpenSSH server daemon.
Jul 19 15:15:18 station13.example.com systemd[1]: Unit sshd.service entered failed state.
Jul 19 15:15:18 station13.example.com systemd[1]: sshd.service failed.
[root@station13 ~]# tail /var/log/messages
Jul 19 15:15:18 station13 dbus[756]: [system] Activating service name='org.fedoraproject.Setroubleshootd' (using servicehelper)
Jul 19 15:15:18 station13 systemd: sshd.service: main process exited, code=exited, status=255/n/a
Jul 19 15:15:18 station13 systemd: Failed to start OpenSSH server daemon.
Jul 19 15:15:18 station13 systemd: Unit sshd.service entered failed state.
Jul 19 15:15:18 station13 systemd: sshd.service failed.
Jul 19 15:15:19 station13 dbus[756]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
Jul 19 15:15:19 station13 setroubleshoot: SELinux is preventing /usr/sbin/sshd from name_bind access on the tcp_socket port 222. For complete SELinux messages. run sealert -l a4e9ea5f-f112-446b-abd7-f0d88e2c4d1f
Jul 19 15:15:19 station13 python: SELinux is preventing /usr/sbin/sshd from name_bind access on the tcp_socket port 222.#012#012***** Plugin bind_ports (99.5 confidence) suggests ************************#012#012If you want to allow /usr/sbin/sshd to bind to network port 222#012Then you need to modify the port type.#012Do#012# semanage port -a -t PORT_TYPE -p tcp 222#012 where PORT_TYPE is one of the following: ssh_port_t, vnc_port_t, xserver_port_t.#012#012***** Plugin catchall (1.49 confidence) suggests **************************#012#012If you believe that sshd should be allowed name_bind access on the port 222 tcp_socket by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'sshd' --raw | audit2allow -M my-sshd#012# semodule -i my-sshd.pp#012
Jul 19 15:15:22 station13 setroubleshoot: SELinux is preventing /usr/sbin/sshd from name_bind access on the tcp_socket port 222. For complete SELinux messages. run sealert -l a4e9ea5f-f112-446b-abd7-f0d88e2c4d1f
Jul 19 15:15:22 station13 python: SELinux is preventing /usr/sbin/sshd from name_bind access on the tcp_socket port 222.#012#012***** Plugin bind_ports (99.5 confidence) suggests ************************#012#012If you want to allow /usr/sbin/sshd to bind to network port 222#012Then you need to modify the port type.#012Do#012# semanage port -a -t PORT_TYPE -p tcp 222#012 where PORT_TYPE is one of the following: ssh_port_t, vnc_port_t, xserver_port_t.#012#012***** Plugin catchall (1.49 confidence) suggests **************************#012#012If you believe that sshd should be allowed name_bind access on the port 222 tcp_socket by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'sshd' --raw | audit2allow -M my-sshd#012# semodule -i my-sshd.pp#012
[root@station13 ~]# sealert -l a4e9ea5f-f112-446b-abd7-f0d88e2c4d1f
SELinux is preventing /usr/sbin/sshd from name_bind access on the tcp_socket port 222.
***** Plugin bind_ports (99.5 confidence) suggests ************************
If you want to allow /usr/sbin/sshd to bind to network port 222
Then you need to modify the port type.
Do
# semanage port -a -t PORT_TYPE -p tcp 222
where PORT_TYPE is one of the following: ssh_port_t, vnc_port_t, xserver_port_t.
***** Plugin catchall (1.49 confidence) suggests **************************
If you believe that sshd should be allowed name_bind access on the port 222 tcp_socket by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'sshd' --raw | audit2allow -M my-sshd
# semodule -i my-sshd.pp
Additional Information:
Source Context system_u:system_r:sshd_t:s0-s0:c0.c1023
Target Context system_u:object_r:reserved_port_t:s0
Target Objects port 222 [ tcp_socket ]
Source sshd
Source Path /usr/sbin/sshd
Port 222
Host station13.example.com
Source RPM Packages openssh-server-6.6.1p1-35.el7_3.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-102.el7_3.16.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name station13.example.com
Platform Linux station13.example.com
3.10.0-514.26.1.el7.x86_64 #1 SMP Thu Jun 29
16:05:25 UTC 2017 x86_64 x86_64
Alert Count 3
First Seen 2018-07-19 15:15:04 KST
Last Seen 2018-07-19 15:15:18 KST
Local ID a4e9ea5f-f112-446b-abd7-f0d88e2c4d1f
Raw Audit Messages
type=AVC msg=audit(1531980918.757:6343): avc: denied { name_bind } for pid=4691 comm="sshd" src=222 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:reserved_port_t:s0 tclass=tcp_socket
type=SYSCALL msg=audit(1531980918.757:6343): arch=x86_64 syscall=bind success=no exit=EACCES a0=3 a1=7f8ebb1384d0 a2=1c a3=7ffd0e6ac8e4 items=0 ppid=1 pid=4691 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=sshd exe=/usr/sbin/sshd subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
Hash: sshd,sshd_t,reserved_port_t,tcp_socket,name_bind
[root@station13 ~]# semanage port -l | grep -i ssh
ssh_port_t tcp 22
[root@station13 ~]#
[root@station13 ~]#
[root@station13 ~]#
[root@station13 ~]# semanage port -a -t ssh_port_t -p tcp 222
[root@station13 ~]# semanage port -l | grep -i ssh
ssh_port_t tcp 222, 22
[root@station13 ~]#
[root@station13 ~]# systemctl start sshd
[root@station13 ~]# systemctl status sshd
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2018-07-19 15:20:33 KST; 3s ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 4952 (sshd)
CGroup: /system.slice/sshd.service
└─4952 /usr/sbin/sshd -D
Jul 19 15:20:33 station13.example.com systemd[1]: Starting OpenSSH server daemon...
Jul 19 15:20:33 station13.example.com sshd[4952]: Server listening on 0.0.0.0 port 222.
Jul 19 15:20:33 station13.example.com sshd[4952]: Server listening on :: port 222.
Jul 19 15:20:33 station13.example.com systemd[1]: Started OpenSSH server daemon.
8. permissive domains
특정 도메인(서비스)만 허용할 수 있게 설정하는걸 퍼미시브 도메인.
[root@station13 ~]# semodule -l | grep permi
permissivedomains (null)
[root@station13 ~]# getenforce
Enforcing
[root@station13 ~]# ps -eZ | grep ftp
system_u:system_r:ftpd_t:s0-s0:c0.c1023 3980 ? 00:00:00 vsftpd
[root@station13 ~]# semanage permissive -a ftpd_t
[root@station13 ~]# semodule -l | grep permi
permissive_ftpd_t (null)
permissivedomains (null)
[root@station13 ~]#
'UNIX > Redhat' 카테고리의 다른 글
| Linux Admin2 - Chapter11 Access networked attached storage with NFS (0) | 2018.07.20 |
|---|---|
| Linux Admin2 - Chapter10 Logical Volume Management (LVM) (0) | 2018.07.19 |
| Linux Admin2 - Chapter6 Control access to files with Access Control Lists (ACL) (0) | 2018.07.19 |
| Linux Admin2 - Chapter4 Schedule Future linux tasks (0) | 2018.07.18 |
| Linux 관리자 단기집중과정 -중급 5일차 (0) | 2018.07.18 |