SELinux

Question 1

DAC stands for

Answer 1

Discretionary Access Control
( . traditional way of protecting our files and folders
.managed by the owners and their permissions, ls -l to see DAC permissions)

Question 2

MAC stands for

Answer 2

Mandatory Access Control
. A higher level of access control than the standard DAC
.prevents security breaches in the system by only processing necessary files that the admin preapproves, ls -Z too see MAC permissions

Question 3

SELinux

Answer 3

Security Enhanced Linux

Additional security feature of Linux on top of firewall
SElinux is a labeling system. Every process has a label. Every file/directory object in the operating system has a label. Even network ports, devices, and potentially hostnames have labels assigned to them.

Question 4

selinux knows three modes

Answer 4

The enforcing mode will enforce policies, and may deny access based on selinux rules.
The permissive mode will not enforce policies, but can still log actions that would have been denied in enforcing mode.
The disabled mode disables selinux.

Question 5

type command to know in what mode you are now

Answer 5

getenforce

Question 6

in command line : setenforce 1 stands for

Answer 6

enforcing

Question 7

in command line : setenforce 0 stands for

Answer 7

permissive

Question 8

what is the configuration file for SELinux? tell about disabling mode

Answer 8

/etc/selinux/config only in this file you can disable selinux, not in command line

Question 9

type command to set selinux, to change type for directory SUN , for example

Answer 9

semanage fcontext -a -t httpd_sys_content_t sun/
restorecon -R -v sun/
semanage port -a -t http_port-t -p tcp 90
semanage port -l | grep http