SELinux

Question 1

SELinux

Answer 1

If a service such as httpd is compromised, then, the attacker could have access to all open permissions files on a system.
SELinux defines a set of rules that determine what process can access specific files and locations on a file system

SELinux determines if a specific process has permissions or the proper authority to edit or communicate with other resources on the system

Question 2

Conf file where policies are defined (SELINUX mode and SELINUXTYPE)

Answer 2

/etc/selinux/config

Question 3

View current SELinux mode

Answer 3

getenforce

se status

Question 4

Set SELinux mode

Answer 4

setenforce enforcing= setenforce 1

setenforce permissive= setenforce 0

Question 5

Relable files on a system with SELinux labeling

Answer 5

touch /.autorelabel

and reboot the PC

Question 6

Labels, SELinux context

Answer 6

ls -Z
netstat -lZ
ps -auxZ

user _u
role _r
type _t

Question 7

Change SELinux context

Answer 7

1. chcon -t httpd_sys_content_t /var/www/html/index.html
   Note, chcon will not survive a relabeling process
2. If we are not sure what type should be, we can reference to a good known file and copy its context:
   chcon –reference /var/www/html /var/www/html/index.html
   3.
   semanage fcontext -a -t httpd_sys_content_t /var/www/html/index.html
   +
   restorecon -v httpd_sys_content_t /var/www/html/index.html

Question 8

Restore context to default type

Answer 8

restorecon -vR /var/www/html
R-recursive
v-verbose

Question 9

List all SE booleans

List booleans with descriptions

Answer 9

getsebool -a
semanage boolean -l

getsebool -a | grep httpd

Question 10

Enable/Disable SE booleans

Answer 10

setsebool -P

-P-Persistent
setsebool -P ftpd_anon_write on
setsebool -P ftpd_anon_write off

Question 11

Generate a report with SELinux issues

Troubleshooting SE with journalctl

Answer 11

1. sealert -a /var/log/audit/audit.log
2. journalctl -xe
   - x-add explanation text
   - e- jump to the end

Question 12

View mapping of Linux to SELinux users

Answer 12

semanage login -l

Question 13

Map existing Linux user to SELinux user

Answer 13

semanage login -a -s [SELinux user] [Linux User]
-a- add
-m -modify
semanage login -a -s “staff_u” cloud_user

semanage login -m -S targeted -s “user_u” -r s) __default__

Question 14

Identify Linux user mapped to SELinux user

Answer 14

id -Z

Question 15

Delete SELinux user

Answer 15

semanage login -d [SELinux user]
-d -delete
semanage login -d cloud_user

Question 16

Check SE users configured

Answer 16

semanage user -l

Question 17

SE booleans

Answer 17

A conditional rule that allows runtime modification

of the security policy without having to load a new policy.

Question 18

List all available context on a system

Answer 18

semanage fcontext -l

Question 19

Restore context of index.html file being copied from home dir to /var/www/html dir

Answer 19

1. cd ~
2. echo Hello world > index.html
3. cp index.html /var/www/html/
4. open in browser HTTP://localhost/index.html => forbidden
5. ls -Z /var/www/html => context of the file is not starting with httpd
6. restorecon /var/www/html/index.html
7. open in browser HTTP://localhost/index.html => secuss

Question 20

Apply httpd_sys_content_t content to /new_www dir

Answer 20

semanage -a -t httpd_sys_content_t '/new_www(/.*)?'
restorecon -Rv /new_www - to make this persistent

Question 21

Delete context from /new_www dir

Answer 21

semanage fcontext -d "/new_www(/.*)?"
restorecon -Rv /new_www

Question 22

Enable home dirs

Answer 22

1. vim /etc/httpd/conf.d/userdir.conf
UserDir public_html
2. mkdir ~/public_html
3. chmod 711 /home/cloud_user
4. echo "Hello world" > ./cloud_user/index.html
5. chmod -R 755 ./public_html
6. systemctl restart httpd
7. semanage setsebool -P httpd_enable_homedirs on
8. elinks http://1.2.3.4/cloud_user

Question 23

Install sealert

Answer 23

yum install setroubleshoot

Question 24

Look into selinux alert journal

Answer 24

sealert -a /var/log/audit/audit.log