M2M_Client SElink Agent on Rocky Linux 8.9

Platform : Rocky-8.9-x86_64-minimal
Agent Ver : B5_m2mClient-1_6_1-Rocky_x64

Update Rocky linux Repository

sudo dnf

install dependency package

dnf install compat-openssl10 libidn

make sure the SElinux run on permisive mode

setenforce 0

Create a folder (e.g. /root/selink) with the m2m agent binary and the configuration file om.b5.

add execution permission

chmod a+x B5_m2mClient-1_6_1-Rocky_x64

make file om.b5

nano /root/selink/om.b5
selink2.graha-infracom.com:25004

execute the binary

./B5_m2mClient-1_6_1-Rocky_x64

Make SELink as linux service

make file start.sh on /root/selink

$sudo nano /root/selink/start.sh
#!/bin/sh
export LD_LIBRARY_PATH=/root/selink
/root/selink/B5_m2mClient-1_6_1-Rocky_x64

Create a file describing the SElink service in /etc/systemd/system/selink.service

$ sudo nano /etc/systemd/system/selink.service
[Unit]
Description=SElink Agent
[Service]
CapabilityBoundingSet=CAP_CHOWN CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER CAP_FSETID CAP_KILL CAP_SETGID CAP_SETUID CAP_SETPCAP CAP_LINUX_IMMUTABLE CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_ADMIN CAP_NET_RAW CAP_IPC_LOCK CAP_IPC_OWNER CAP_SYS_MODULE CAP_SYS_RAWIO CAP_SYS_CHROOT CAP_SYS_PTRACE CAP_SYS_PACCT CAP_SYS_ADMIN CAP_SYS_BOOT CAP_SYS_NICE CAP_SYS_RESOURCE CAP_SYS_TIME CAP_SYS_TTY_CONFIG CAP_MKNOD CAP_LEASE CAP_AUDIT_WRITE
AmbientCapabilities=CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN
User=root
RuntimeDirectory=/root/selink
WorkingDirectory=/root/selink
Restart=on-failure
RuntimeDirectoryMode=0700
ExecStart=/root/selink/start.sh
Restart=always
[Install]
WantedBy=multi-user.target
Alias=selink.service

enable the service

sudo systemctl enable selink.service

start the service

sudo systemctl start selink.service

check status service

Leave a Reply

Your email address will not be published. Required fields are marked *