SELinux

Question 1

What is SELinux?

Answer 1

mandatory access control

Question 2

Components of a label

Answer 2

user
role
type
sensitivity
category

Question 3

How are components of the label called

Answer 3

context

Question 4

How to determine your SELInux context?

Answer 4

id -Z

Question 5

How to determine the SELinux context of a set of file

Answer 5

ls -lZ /etc/shadow

Question 6

How to determine the SELinux context of processes

Answer 6

ps -Z

Question 7

Determine the selinux context of a port

Answer 7

semanage port -l

Question 8

Three different selinux operation modes

Answer 8

1) Enforcing
2) Permissive
3) Disabled

Question 9

Determine current selinux mode of operation

Answer 9

getenforce

Question 10

Explain enforcing mode

Answer 10

The rules may not be broken

Question 11

where is selinux configuration stored?

Answer 11

/etc/selinux/config

Question 12

Set selinux in permissive mode

Answer 12

setenforce 0

Question 13

Similarity between permissive and disabled mode

Answer 13

In both cases SELinux is not enforcing rules

Question 14

Diff between permissive and disabled mode

Answer 14

permissive: selinux is monitoring and logging
disable: no monitoring and no logging

Question 15

What are the columns of the selinux database?

Answer 15

files (fcontext)
port
boolean

Question 16

I create a new file. How is its context determined?

Answer 16

from its parent

Question 17

I copy a file from one dir to another. How is its context determined?

Answer 17

from its new parent

Question 18

I move a file from one dir to another. How is its context determined?

Answer 18

keeps its original context

Question 19

Run previous command after appending “–permanent “ to it

Answer 19

!! –permanent

Question 20

With grep, show two lines after the regex is found

Answer 20

grep -A2 volvo cars.txt

Question 21

Show two lines before the first occurence of the regex match

Answer 21

grep -B2 volvo cars.txt

Question 22

Change selinux context of file /website to httpd_sys_content_t

Answer 22

Transient Solution:

chcon -R -t httpd_sys_content_t /website

Permanent solution:

semanage fcontext -a -t httpd_sys_content_t  /website'(/.*)?'

restorecon -Rv /website

Question 23

Show my selinux customization

Answer 23

semanage fcontext -l -C

Question 24

Show all boolean values from selinux database

Answer 24

1) semanage boolean -l
2) getsebool -a

Question 25

In semanage boolean context, there are two values. what are they?

Answer 25

The first is the current state of the boolean and the second is the persistent value.

Question 26

Set an selinux boolean value

Answer 26

setsebool -P httpd_use_nfs on

Question 27

Check the value of selinux boolean value httpd_use_nfs

Answer 27

getsebool httpd_use_nfs

Question 28

Where do you check if selinux rejected an access request?

Answer 28

/var/log/audit/audit.log
or

grep sealert /var/log/messages

Question 29

nginx document root folder

Answer 29

/usr/share/nginx/html

Question 30

Structure of a zone file

Answer 30

Question 31

Apache conf file location

Answer 31

/etc/httpd/conf/httpd.conf

Question 32

How do you change apache root doc folder?

Answer 32

In /etc/httpd/conf/httpd.conf change:

<DocumentRoot /var/www/html>
<Directory /var/www/html>

Question 33

What is userdir used for in apache

Answer 33

Allow users to make a ~/public_html folder accessible through apache

Question 34

where is the userdir conf file located?

Answer 34

/etc/httpd/conf.d/userdir.conf

Question 35

What are steps to configure userdir?

Answer 35

1) Enable UserDir in /etc/httpd/conf.d/userdir.conf

2) Uncomment UserDir public_html in /etc/httpd/conf.d/userdir.conf

3) chmod 711 ~

4) setsebool -P httpd_enable_homedirs on

Question 36

Where are selinux error messages logged?

Answer 36

/var/log/audit/audit.log

Question 37

Search for selinux error messages

Answer 37

grep AVC /var/log/audit/audit.log

Question 38

AVC

Answer 38

Access vector Cache logs represents the decision-making process of SELinux regarding access control

Question 39

How does SE troubleshoot daemon work?

Answer 39

Listen to AVC summaries in /var/log/audit/audit.log and summarizes them in /var/log/messages

Question 40

How do you find SE troubleshoot messages?

Answer 40

grep sealert /var/log/messages