What is SELinux?
It is a one type of security that enhances the security that allows users and administrators more control over which users and applications can access which resources, such as files, Standard Linux access controls etc.,
It is mainly used to protect internal data (not from external data) from system services. In real time SELinux is disabled and instead of this IP tables are used. It protects all the services, files and directories by default if SELinux is enabled.
In how many ways we can implement the SELinux? Explain them.
We can implement the SELinux mainly in 2 modes.
(i) Enabled
(ii) Disabled (default mode)
Enabled : Enabled means enabling the SELinux policy and this mode of SELinux is divided into two parts.
(a) Enforcing
(b) Permissive
Disabled : Disabled means disabling the SELinux policy.
What is Enforcing mode in SELinux?
Enforcing means SELinux is on. It checks SELinux policy and stored a log. No can access the services by default but we can change the policy whenever we needed.
What is Permissive mode in SELinux?
SELinux is on and it don't check SELinux policy and stored the log. Everybody can access the services by default and we can also change the SELinux policy. It is also called as debugging mode or troubleshooting
mode. In this mode SELinux policies and rules are applied to subjects and objects but actions are not affected.
What is Disabled mode in SELinux?
SELinux is turned off and no warning and log messages will be generated and stored.
What are Booleans?
Booleans are variables that can either be set as true or false. Booleans enhance the effect of SELinux policies implemented by the System Administrators. A policy may protects certain deamons or services by
applying various access control rules.
What is SELinux policy?
The SELinux policy is the set of rules that guide the SELinux security engine. It defines types for file objects and domains for process. It uses roles to limit the domains that can be entered and the user identities to
specify the role that can be attained.
What are the required files for SELinux?
# vim /etc/selinux/config -----> It is main file for SELinux.
# vim /etc/sysconfig/selinux -----> It is a link file to the above file.
# vim /var/log/audit/audit.log -----> SELinux log messages will be stored in this file.
what is the command to see the SELinux mode?
# getenforce (to check the SELinux mode)
What is command to set the SELinux mode temporarily?
# setenforce 0 or 1
(to set the SELinux mode. Where ' 0 ' -----> permissive and ' 1 ' ----->
Enforcing)
Note : (i) To change the SELinux mode from Permissive to Enforcing or Enforcing to Permissive modes the system restart is not required.
(ii) To change Enforcing mode to Disabled mode or Disabled mode to Enforcing mode the system restart is required.
(iii) The above commands are changed the SELinux mode temporarily only. To make the selinux changes
permanently then open /etc/selinux/config and go to ,
SELINUX=Enforcing or Permissive or Disabled
(save and exit this file)
What is command to see the SELinux policy details?
# sestatus (to see the SELinux policy details)
Other useful commands :
# ls -Z <file name> (to see the SELinux context of the file)
# ls -ldZ <directory name> (to see the SELinux context of the directory)
# ps -efZ | grep <process name> (to see the SELinux context of the process running on the system)
# ps -efZ | grep http (to see the SELinux context of the http process running on the system)
# chcon -t <argument> <file/directory name> (to change SELinux context of the file or directory)
# chcon -t public_content_t /public (to change the SELinux context of the /public directory)
# chcon -R public_content_t /public (to change the SELinux context of the /public directory and its contents)
# restorecon -v <file/directory name>
(to restore the previous SELinux context of the file/directory)
# restorecon -v /public
(to restore the previous SELinux context of that directory)
# restorecon -Rv <directory>
(to restore the previous SELinux context of the directory and its contents)
No comments:
Post a Comment