SELinux

Question 1

Check the current SELinux state:

Answer 1

getenforce

Question 2

There are 3 states in SELinux:

Answer 2

disabled, permissive, and enforcing

Question 3

How to change the state of SELinux:

Answer 3

setenforce {Permissive or 0, Enforcing or 1}

Question 4

Where are the SELinux logs?

Answer 4

/var/log/audit/audit.log

Question 5

How to search the logs?

Answer 5

grep AVC /var/log/audit/audit.log
or
sealert -a /var/log/audit/audit.log

(Access Vector Cache)

Question 6

SELinux Overview

Answer 6

SELinux is essentially labeling, called security contexts

All processes, files, and directories have security contexts. All files and directories in inherit a default security context.

SELinux is a type enforcement system

SELinux messages for allowing or denying are cached as Access Vector Cach(AVC)

Question 7

SELinux Messages Contain?

Answer 7

scontext = source context of the process 
tcontext = target context of the process

Question 8

Two packages to install to help troubleshoot SELinux

Answer 8

yum install policycoreutils-gui setroubleshoot

Question 9

File that contains the state of SELinux?

Answer 9

/etc/selinux/config

Question 10

To see the man pages related to SELinux?

Answer 10

apropos selinux

man -k selinux

Question 11

to view the secuirty context on a file or directory?

Answer 11

ls -Z /etc/

Question 12

The security context is broken down into three components

Answer 12

User:Role:Type

User- refers to the type of user logged in
Role- Which indicates the purpose of this file

Question 13

View the security context for a running process

Answer 13

ps auZ

Question 14

Reference a files security context and transfer it to another file:

Answer 14

chcon –reference /root/anaconda-ks.cfg /etc/ssh/sshdconfig

Question 15

To restore the default security context ?

Answer 15

restorecon -R /root/.ssh

Question 16

How to set the security context manually?

Answer 16

chcon -t etc_t /etc/ssh/sshd_config (will not survive a system relablel)

Question 17

How to make a manual security context change persistent?

Answer 17

semanage fcontext -a -t etc_t “/etc/ssh/sshd_config”

semanage fcontext -a -t httpd_sys_content_t “/web(/.*)?”

Question 18

To see a complete list of SELinux booleans?

Answer 18

semanage boolean -l | less

Question 19

Set SE booleans related to a specify service?

Answer 19

getsebool -a | grep ftp

Question 20

To set a boolean

Answer 20

setsebool -P ftp ftp_home_dir on

Question 21

Get the status of SELinux

Answer 21

sestatus

Question 22

Look at the man for semanage examples

Answer 22

man semanage-fcontext

Question 23

search the audit log

Answer 23

ausearch -m avc

Question 24

To see the default type context

Answer 24

semanage fcontext -l

semanage fcontext -l | grep httpd

Question 25

Relabel SELinux

Answer 25

touch /.autorelabel

Question 26

Change the default type context in selinux

Answer 26

semanage fcontext -a -t http_sys_content_t ‘/content(/.*)?’

• a = add
• t = type

Question 27

Restore the context recursively

Answer 27

restorecon -Rv /content

Question 28

Delete the context

Answer 28

semanage fcontext -d “/content(/.*)?”

Question 29

list the available boolean values on the system

Answer 29

getsebool -a

Question 30

Look at all the default boolean values

Answer 30

semanage boolean -l

Question 31

To find out what package you need to install to use semanage

Answer 31

yum whatprovides semanage

Question 32

Package you need to install to use sealert

Answer 32

yum install -y setroubleshoot-server