SELinux Permissions

Question 1

What option do commands like ‘ls’, ‘ps’, ‘cp’, and ‘mkdir’ use to display or set the SELinux context?

Answer 1

■ -Z

Question 2

What command shows the current SELinux mode?

Answer 2

■ getenforce

Question 3

What changes the behavior of the SELinux policy?

Answer 3

■ (SELinux) Booleans

■ Act as switches that change the behavior of a policy that can be (dis|en)abled.

Question 4

What command is used to display SELinux Booleans and their current value?

Answer 4

■ getsebool (-a)

Question 5

What command sets/changes the SELinux operating mode?

Answer 5

■ setenforce (1|0)

Question 6

What commands are used to change the SELinux context of a file?

Answer 6

■ chcon (-t; used to specify only the context)

■ restorecon (preferred)

Question 7

What command can be used to display or modify the rules that ‘restorecon’ uses to set the default file context?

Answer 7

■ semanage fcontext [options] [-t type] [target]

Question 8

What command is used to modify SELinux Booleans?

Answer 8

■ setsebool [-P; make persistent]

Question 9

What command shows whether SELinux Booleans are persistent?

Answer 9

■ setsebool boolean -l

Question 10

What service listens for audit messages in /var/log/audit/audit.log and sends a short summary to /var/log/messages?

Answer 10

■ setroubleshoot-server

Question 11

What tools is used to produce a report of alert incidents?

Answer 11

■ sealert