SELinux

Question 1

What are the modes for SELinux?

Answer 1

Enabled
Passive
Disabled

Question 2

Where is SELinux configured?

Answer 2

/etc/sysconfig/selinux

/etc/selinux/config

Question 3

What is a boolean in SELinux?

Answer 3

A runtime configuration modification of the context SELinux policy

Question 4

What are useful man pages for SELinux?

Answer 4

booleans
selinux
getsebool

Question 5

How do you get SELinux status?

Answer 5

setatus

getenforce

Question 6

How do you set SELinux so permissive mode via command line?

Answer 6

setenforce 0

Question 7

How do you set SELinux to enforcing mode via command line?

Answer 7

setenforce 1

Question 8

How do you do a listing with SELinux contexts?

Answer 8

ls -Z

Question 9

How do you view SELinux contexts?

Answer 9

semanage fcontext -l

Question 10

How do you view processes will their SELinux contexts?

Answer 10

ps -auxZ

Question 11

How do you restore an SELinux context inheriting the parent directory?

Answer 11

restorecon

Question 12

How do you relabel the filesystem for SELinux?

Answer 12

touch /.autorelabel
Reboot
*this is done also when SELinux is enabled for first time

Question 13

How do you apply an SELinux context to a directory with inheritance?

Answer 13

semanage fcontext -a -t ‘/directory(/.*)?’

restorecon -Rv /directory

Question 14

How do you remove an SELinux context from a directory with inheritance?

Answer 14

semanage fcontext -d ‘/directory(/.*)?’

restorecon -Rv /directory

Question 15

How do you list the current status of boolean values on a system?

Answer 15

getsebool -a

Question 16

How do you list the default status of boolean values used on the system?

Answer 16

semanage boolean -l

Question 17

What is SELinux?

Answer 17

It provides Mandatory Access Control on a system through contexts as a way of prioritising access control over Discretionary Access Control