SELinux Security Enhanced Linux Tips Tricks


What is selinux, What is difference between selinux and iptables, Advantages and disadvantages of selinux
1)it provide security common daemon : httpd, dhcpd,portnamp,mysqid,syslogd,ypbind,
Selinux policy rules define how process interact with files, as well as how process interact with each other.
2)used for data confidentiality and intergrity, as well as protecting process from untrusted input.
3)#ls -Z (or) #ls --context we can get the selinux Policy details using
4)setsebool to set the boolean value.
getsebool to get the value of boolean value.
5)To See the security contest of the process
#ps -e --context
6)chcon used to change selinux security context.
#chcon -t file-name
7)restorecon Restore default selinux context.
8)setroubleshoot help to diagnose SELinux problems.
9)Selinux avc- access vector cache
10)To disable selinux for particular service.
# setsebool httpd_disable_trans 1
# service httpd restart [ Restart the Service ]
11)Disable selinux without reboot.
# setenforce 0 [ Note Permanent But effective immediately ].
12)To Get the Selinux Status.

To Check the selinux Context For Particular Daemon
sh-3.2# getsebool -a | grep http
allow_httpd_anon_write --> off
allow_httpd_bugzilla_script_anon_write --> off
allow_httpd_cvs_script_anon_write --> off
allow_httpd_mod_auth_pam --> off
allow_httpd_nagios_script_anon_write --> off
allow_httpd_prewikka_script_anon_write --> off
allow_httpd_squid_script_anon_write --> off
allow_httpd_sys_script_anon_write --> off
httpd_builtin_scripting --> on
httpd_can_network_connect --> off
httpd_can_network_connect_db --> off
httpd_can_network_relay --> off
httpd_can_sendmail --> on
httpd_disable_trans --> off
httpd_enable_cgi --> on
httpd_enable_ftp_server --> off
httpd_enable_homedirs --> on
httpd_read_user_content --> off
httpd_rotatelogs_disable_trans --> off
httpd_setrlimit --> off
httpd_ssi_exec --> off
httpd_suexec_disable_trans --> off
httpd_tty_comm --> on
httpd_unified --> on
httpd_use_cifs --> off
httpd_use_nfs --> off

No comments:
Write comments