You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1.2 KiB
1.2 KiB
| title | date | draft |
|---|---|---|
| SELinux | 2018-011-11T16:01:15+01:00 | true |
SELinux
Security Enhanced Linux is a build in security feature that mostly known to block what you as a sysadmin are trying to do.
Therefore, most online how-to's include a line saying something like:
"Perform sed -i s/enforcing/permisive/ /etc/selinux/config to set the correct SELinux permissions"
It doesn't, let us introduce how it should be done.
SELinux states
SELinux knows 3 states:
| State | Explanation |
|---|---|
| Enforcing (default) | Logs and block all actions not allowed by current contexts |
| Permissive | Only logs all actions not allowed by current contexts |
| Disabled | Does nothing (disabled), requires a reboot to (un)set |
SELinux commands
| Command | Explanation |
|---|---|
getenforce |
Get current SELinux mode |
setenforce |
Set new SELinux mode (0 for off, 1 for on). (Will be overwritten by reboot) |
sestatus |
Get current status, default config and more basic info |
chcon |
Change the SELinux context for a file |
restorecon |
Reset the SELinux context for a file to match context database |
semanage |
Extansion in Python to manage the SELinux contexts |