SELinux Flashcards

1
Q

What is SELinux?

A

mandatory access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Components of a label

A

user
role
type
sensitivity
category

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How are components of the label called

A

context

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How to determine your SELInux context?

A

id -Z

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How to determine the SELinux context of a set of file

A

ls -lZ /etc/shadow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How to determine the SELinux context of processes

A

ps -Z

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Determine the selinux context of a port

A

semanage port -l

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Three different selinux operation modes

A

1) Enforcing
2) Permissive
3) Disabled

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Determine current selinux mode of operation

A

getenforce

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Explain enforcing mode

A

The rules may not be broken

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

where is selinux configuration stored?

A

/etc/selinux/config

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Set selinux in permissive mode

A

setenforce 0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Similarity between permissive and disabled mode

A

In both cases SELinux is not enforcing rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Diff between permissive and disabled mode

A

permissive: selinux is monitoring and logging
disable: no monitoring and no logging

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the columns of the selinux database?

A

files (fcontext)
port
boolean

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

I create a new file. How is its context determined?

A

from its parent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

I copy a file from one dir to another. How is its context determined?

A

from its new parent

18
Q

I move a file from one dir to another. How is its context determined?

A

keeps its original context

19
Q

Run previous command after appending “–permanent “ to it

A

!! –permanent

20
Q

With grep, show two lines after the regex is found

A

grep -A2 volvo cars.txt

21
Q

Show two lines before the first occurence of the regex match

A

grep -B2 volvo cars.txt

22
Q

Change selinux context of file /website to httpd_sys_content_t

A

Transient Solution:

chcon -R -t httpd_sys_content_t /website

Permanent solution:

semanage fcontext -a -t httpd_sys_content_t  /website'(/.*)?'
restorecon -Rv /website
23
Q

Show my selinux customization

A

semanage fcontext -l -C

24
Q

Show all boolean values from selinux database

A

1) semanage boolean -l
2) getsebool -a

25
In semanage boolean context, there are two values. what are they?
The first is the current state of the boolean and the second is the persistent value.
26
Set an selinux boolean value
`setsebool -P httpd_use_nfs on`
27
Check the value of selinux boolean value httpd_use_nfs
getsebool httpd_use_nfs
28
Where do you check if selinux rejected an access request?
/var/log/audit/audit.log or grep sealert /var/log/messages
29
nginx document root folder
/usr/share/nginx/html
30
Structure of a zone file
31
Apache conf file location
/etc/httpd/conf/httpd.conf
32
How do you change apache root doc folder?
In /etc/httpd/conf/httpd.conf change: ``` ```
33
What is userdir used for in apache
Allow users to make a ~/public_html folder accessible through apache
34
where is the userdir conf file located?
/etc/httpd/conf.d/userdir.conf
35
What are steps to configure userdir?
1) Enable UserDir in /etc/httpd/conf.d/userdir.conf 2) Uncomment `UserDir public_html` in /etc/httpd/conf.d/userdir.conf 3) chmod 711 ~ 4) setsebool -P httpd_enable_homedirs on
36
Where are selinux error messages logged?
/var/log/audit/audit.log
37
Search for selinux error messages
grep AVC /var/log/audit/audit.log
38
AVC
Access vector Cache logs represents the decision-making process of SELinux regarding access control
39
How does SE troubleshoot daemon work?
Listen to AVC summaries in /var/log/audit/audit.log and summarizes them in /var/log/messages
40
How do you find SE troubleshoot messages?
grep sealert /var/log/messages