RHCSA Ch7

Question 1

see the current mode of SELinux

Answer 1

sestatus
and
getenforce

Question 2

change SELinux mode

Answer 2

setenforce permissive (temporary and only last for that sessions)

edit /etc/selinux/config
change the SELINUX line to whatever mode necessary

Question 3

get security context for user

Answer 3

id -Z

Question 4

see security context for all processes

Answer 4

ps -eZ

Question 5

get security context for files

Answer 5

ls -lZ

Question 6

change security type of a file

Answer 6

chcon -t etc_t file.txt

Question 7

change the security type of a file to what the system thinks it should be

Answer 7

restorecon file.txt

Question 8

reset all security contexts

Answer 8

make a file call /.autorelabel

then reboot

Question 9

make security context persisent even after relablel

Answer 9

sudo semanage fcontext -a -t etc_t /home/user1/file.txt

Question 10

list SELinux booleans

Answer 10

getsebool -a
sestatus -b
sudo semanage boolean -l = gives a brief description

Question 11

change a security boolean

Answer 11

sudo setsebool mozilla_plugin_use_gps on = not persistant

sudo setsebool -P mozilla_plugin_use_gps = persistant

Question 12

options to keep security contexts 
cp
mv
tar
rsync

Answer 12

cp -a
mv
tar –selinux
rsync -a X

Question 13

Interact with farewalld

Answer 13

firewall-cmd

Question 14

firewall timeout

Answer 14

sudo firewall-cmd –timeout=60

Question 15

Make a permenant firewall rule

Answer 15

sudo firewall-cmd –permanent

Question 16

allow http traffic in

Answer 16

sudo firewall-cmd –permanent –add-service=http

sudo firewall-cmd –reload

Question 17

remove the http rule

Answer 17

sudo firewall-cmd –permanent –remove-service=http

sudo firewall-cmd –reload

Question 18

add and remove port firewall rule

Answer 18

sudo firewall-cmd –permanent –add-port=443/tcp

sudo firewall-cmd –reload

Question 19

list firewall rules

Answer 19

sudo firewall-cmd –get-services