Manage SELinux Security

Question 1

What does SELinux stand for?

Answer 1

Security Enhanced Linux

Question 2

What are SElinux three operator operational modes?

Answer 2

Enforcing, Permissive, and Disabled

Question 3

What are SELinux policies?

Answer 3

Security rules that define how specific processes access relevant files, directories, and ports.

Question 4

What do SELinux labels have?

Answer 4

User, role, type and security level.

Question 5

What resource listing commands use the -Z option to manage SELinux contexts?

Answer 5

ps, ls, cp, mkdir

Question 6

What command is used to view the current SELinux mode?

Answer 6

getenforce

Question 7

What command is used to set the SELinux mode?

Answer 7

setenforce

Question 8

What is used to configure SELinux persistently?

Answer 8

/etc/selinux/config

Question 9

What command is used to manage the SELinux policy rules that determine the default context for files and directories?

Answer 9

semanage fcontext

Question 10

What command is used to apply the context defined by the SELinux policy to files and directories?

Answer 10

restorecon

Question 11

What command preserves the file attributes where possible?

Answer 11

cp -p

Question 12

What command preservers only SELinux contexts, during copying?

Answer 12

cp –preserve=context

Question 13

What commands are used to manage SELinux context on files?

Answer 13

semanage fcontext, restorecon, & chcon

Question 14

What command changes the SELinux context directly on files, without referencing the system’s SELinux policy?

Answer 14

chcon

Question 15

What command lists all the file context policy rules?

Answer 15

semanage fcontext -l

Question 16

What are the semanage fcontext command options to add, remove, or list SELinux file context policies?

Answer 16

–add, –delete, –list

Question 17

What is the most common extended regular expression when viewing policies?

Answer 17

(/.*)?

Question 18

Where are service specific booleans are documented?

Answer 18

service_selinux man page

Question 19

What command lists available Booleans for the targeted policies on the system, and current Boolean status?

Answer 19

getsebool -a

Question 20

What command enables or diables the running state of these behaviors?

Answer 20

setsebool

Question 21

What option makes the setsebool command persistent by writing to the policy file?

Answer 21

-P

Question 22

What do you do when a common application or service fails, and the service is known to have a working SELinux policy?

Answer 22

First see the service’s _selinux man page to verify the correct context type label. Then view the affected process and file attributes to verify that the correct labels are set.

Question 23

Where is an Access Vector Cache (AVC) from a denied SELinux action stored?

Answer 23

/var/log/audit/audit.log

Question 24

After SELinux troubleshooting service monitors for AVC events where does it send an event summary?

Answer 24

/var/log/messages

Question 25

What command is used to view the comprehensive report details for a specific event by using the UUID from an AVC summary?

Answer 25

sealert -l UUID

Question 26

What command is used to view all existing events from the AVC summary?

Answer 26

sealert -a /var/log/audit/audit.log