RH133. 5A. SELINUX ADMINISTRATION



            SELINUX

DAC =Discretionary access control
MAC =Mandatory access control

DAC  ->chmod,acl,sudo,visudo
MAC  ->selinux

3 states of selinux
1. ENABLED    = DAC + MAC both are implemented
2. PERMISSIVE = DAC + warning messages of MAC
3. DISABLED   = ONLY DAC

TO show status of selinux
1. cat /etc/sysconfig/selinux
2. sestatus
3. getenforce

TO Change status of selinux from or to permissive/enabled
1. setenforce 0  ->set to permissive from enforcing
2. setenforce 1  ->set to  enforcing from permissive

TO Change status of selinux from or to disabled/enabled
1. vim /etc/sysconfig/selinux  OR
2. system-config-selinux

Once u change from disable-enable or enable-disable you haf
to reboot for changes

To enable/disable booleans for services
1. getsebool -a |grep <service>       ->show status of service
2. setsebool -P  <service> <on/off>   ->Change status of service

To check status of selinux on files
1. ls -Z  <file> ->show sestatus for files

To change context of selinux on files
1. chcon -t <policy>  <file> OR
2. chcon -R --reference <srcfile> <dstfile>

To restore context/policy to originals
1. restorecon <srcfile>

Log Messages of selinux are stored in
1. tailf /var/log/audit/audit.log      
    ->>text mode
2. sealert -b /var/log/audit/audit.log  ->>gui mode



If you found this post useful, I would really love it, if you can Like the Page, or share it with your Facebook/Google+/Twitter Friends... It will keep me motivated. Thank you!

No comments:

Post a Comment