SELinux Flashcards
What options are available in SELinux?
Enforcing = Enabled (Enabled by default)
Permissive = Disabled but logs the activity
Disabled = Disabled and does not log any activity
How can you check the status of SELinux?
sestatus or getenforce
How can you enable and disable SELinux?
setenforce 0 = permissive/disabled
setenforce 1 = enabled
Where is the SELinux config file located and how can you modify the config for permanent setting?
/etc/selinux/config
SELINUX=enforcing
SELINUX=disabled
What should you do before modifying the SELinux config file?
Take a snapshot of your VM
Before rebooting to apply SELinux changes what file should you create?
./autorelabel
touch ./autorelabel
What are the two main concepts of SELinux?
Labeling -> user:role:type:level
Type enforcement
Note: Type is the main focus
How can you list the label of a file?
ls -lz /usr/sbin/httpd
Output:
-rwxr-xr-x. root root system_u:object_r:httpd_exec_t:s0 /usr/sbin/httpd
How can you list the label of a directory?
ls -dz /etc/httpd
Output:
drwxr-xr-x. root root systemu:object_r:httpd_config_t:s0 /etc/httpd
How can you find the label of a process?
ps axZ | grep httpd
How can you view a label at the socket level?
netstat -tnlpZ | grep http
labeled as http_t in memory
What is the command to manage SELinux setting? Bonus: What are the available options?
semanage
Bonus:
login
user
port
interface
module
node
file context
boolean
permissive state
dontaudit
What is boolean?
The On/Off switch
What command can you use to get a list of all booleans?
getsebool -a (for all)
semanage boolean -l (for list)
Both options have the same result
What command can you use to turn on a boolean?
setsebool -P boolean_name on
On for on, Off for off
