Skip to main content

SELinux (Security advanced Linux)

 


What is SELinux?


Security enhanced Linux is the linux kernel security module that provides a mechanism for supporting access control security policies. including mandatory access controls.


It is the project of united states national security Agency and SElinux Community.

>>>>>>>>>>≥>>>>>>>>>>>

SELinux Options:


Enforcing: Enabled (enabledby default in redhat centos, Fedora)

Permissive: disabled but logs the activity.

Disable: disabled and not the activity logs.



>>>>>>>>>>>>>>>>>>>≥>>>>>>>>>>>>>

how to check the SElinux status?

#sestatus or getenforce


• SElinux setting:

#setenforce 0 = permissive/disable

# setenforce 1 = enable


but these changes are temporary. Once the server reboots, these settings will flush.



>>>>>>>>>>>>≥>>>>>>>>>>>>>>>


• Modify SELinux config file for permanent setting:

 # /etc/selinux/config

and make the following changes:

SELINUX = enforcing. if you want to enable SELINUX. 

SELINUX = disabled. if you want to disable SELINUX.

>>>>>>>>>>>>>>>>>>>>>>>

• before modifying selinux config file:

#create the snapshot of the VM and create the copy of the config file.


• Two main concepts of SElinux:

#Labelling: labelling has 4 parts = user: role: type: level

#Type Enforcement

>>>>>>>>>>>>>>>>>>>>>>>>>>>>

To list the label of the file:

#ls  -lZ /usr/sbin/httpd


•to list the label of the directory:

#ls -lZ /etc/httpd



>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>


As the webserver runs its process is labelled in memory as httpd_t:

# ps axZ | grep httpd


• SELinux assigns the label at socket level:

#netstat  -tnlpZ | grep http


• To get the list of all booleans:

# getsebool -a

# semanage boolean  -l


• To enable or turn on a booleans

#setsebool -P boolean_name on


• check the error messages related to selinux:

#journalctl



•to change the type in a label:

#chcon  -t   httpd_sys_content_t   filename

Or

#semanage  -t  httpd_sys_content_t  filename



• to check if httpd can connect to ftp or not?

# getsebool -a | grep httpd_can_connect_ftp



•to set the value to ON for httpd_can_connect_ftp

#setsebool  -P  httpd_can_connect_ftp  on


Comments

Post a Comment

Popular posts from this blog

Post build configurations on Redhat VM

  ************************************* Post build configuration on Linux VM: ************************************* Set the hostname. hostnamectl set-hostname <Servername> ***************************************** Network configuration : Make sure VM gets the ipv4 ip address either from DHCP or assign the static ip address to it.   Question : How to assign the static ip address to the linux machine using the nmcli ?  Answer: fire the below commands: nmcli device nmcli connection modify enpos3 ipv4.addresses 10.253.1.34/24 nmcli connection modify enpos3 ipv4.gateway 10.253.1.1 nmcli connection modify enpos3 ipv4.method manual nmcli connection modify enpos3 ipv4.dns 8.8.8.8 nmli connection down enpos3 nmcli connection up enpos3 ip address show enpos3 nmcli connection show ************************†****************** Register to RHΝ. Register to redhat network if the linux vm is redhat vm. subscription-manager register --org <org>  --activationkey <activat...
Post a Comment
Read more

AWS cloud practitioner notes

 AWS Certified cloud practitioner: What is cloud computing? cloud computing is the on demand delivery of the compute power, database storage, applications and other IT resources through a cloud services platform with pay-as-you-go pricing. you can provision exactly the right type and size of the computing resources you need. you can access many resources as you need almost instantly like servers, storage,databases and application services as well. Amazon web services owns and maintains the network connected hardware required for these application services, while you provision and use what you need via a web application. ***************************************** Deployment models of Cloud: Private Cloud: Cloud service used by a single organisation, not exposed to the public. complete control. security of the sensitive applications meeting specific business needs. ********************** Public Cloud: Cloud resources owned and operated by the third party. cloud service provider delive...
Post a Comment
Read more