Friday, January 1, 2021

Home / Unlabelled / How to Manage SELinux

How to Manage SELinux

by on

  


SELinux?

Selinux is security it was developed by USA Army .Selinux is used for internal security  that mean It's maily  used to protect internal data not for external in system.
In real time SELinux is disabled and instead of this IP tables and Firewall are used. It protects all the services, files and directories by default if SELinux is enabled.

How many ways we can implement the SELinux?
We can implement the SELinux mainly in 2 modes.
(i)  Enabled
(ii) Disabled (default mode)

Enabled :
Enabled means enabling the SELinux policy and this mode of SELinux is divided into two parts.
(a)Enforcing
(b)Permissive
Disabled :
Disabled means disabling the SELinux policy.

Enforcing mode in SELinux:

It checks SELinux policy and stored a log. No can access the services by default but we can change the policy whenever we needed.

Permissive mode in SELinux

SELinux policy and stored the log. Anybody can access  services by default and you can  change the SELinux policy. It is also called as debugging  or troubleshooting mode.In this mode SELinux policies and rules are applied to subjects and objects but actions are not affected.

Disabled mode in SELinux

SELinux is turned off and no warning and log messages will be generated and stored.

The required files
It is main file for SELinux
              root@server~# vim /etc/selinux/config


It is a link file to the above file
    
    # vim /etc/sysconfig/selinux


SELinux log messages will be stored in this file.                                                                                       
                                                root@server~# vim /var/log/audit/audit.log


Command to see the SELinux mode?

                                            root@server~# getenforce
                                                                                      (to check the SELinux mode)
Set the SELinux mode temporarily?
                                            root@server~# setenforce 0 or 1
(To set the SELinux mode. Where ' 0 ' -----> permissive and ' 1 ' -----> Enforcing)
Note :
(i)You can  change the SELinux mode from Permissive to Enforcing or Enforcing to Permissive modes the system it is not required restart the system.

(ii) You can change Enforcing mode to Disabled mode or Disabled mode to Enforcing mode but It is required restart the system.

(iii) The above the using commands it is changed the SELinux mode temporarily only. You want to change permanently you have to open it.

                                  vim    /etc/selinux/config
Go to this line
                                  SELINUX=Enforcing or Permissive or Disabled
                                                                                           (save and exit this file)
root@server~# sestatus    (to see the SELinux policy details)

Other useful commands :

To see the SELinux context of the file
                                               root@server~# ls -ldZ

To see the SELinux context of the process running on the system

                                              root@server~# ps -efZ | grep http



To change SELinux context of the file or directory

                          root@server~# chcon -t public_content_t /public

To change the SELinux context of the /public  directory and its contents

                          root@server~# chcon -R public_content_t /public

To restore the previous SELinux context of the file/directory

                          root@server~# restorecon -v /public
 




You May Also Like:
By -

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)