omnisecu.com free mcse ccna rhce linux java learning  
Home Knowldege Base FAQ Contact Us Sitemap
omnisecu.com free mcse ccna rhce linux java learning  
omnisecu.com free mcse ccna rhce linux java learning
Home » Knowledge Base » Linux » RedHat Certified Engineer (RHCE) » Important Security-enhanced Linux (SELinux) commands
 

Important Security-enhanced Linux (SELinux) commands

 

getenforce

To see the current status of SELinux, run the “getenforce” command.

[root@RHEL04 ~]# getenforce
Enforcing

sestatus

For more detailed SELinux related information use “sestatus” and “sestatus -v” command.

[root@RHEL04 ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 21
Policy from config file: targeted

setenforce

The current SELinux status can also be changed with the “setenforce” command as shown below.

[root@RHEL03 ~] setenforce enforcing
[root@RHEL03 ~] setenforce permissive

chcon

Applies SELinux label to files and directories. If you want to change the settings of a file or directory, you can use the "chcon" command. For example, if you wanted to configure a non-standard directory for an FTP server, you'll want to make sure the context matches the default FTP directory.

The permissions of a standard FTP directory can be viewed by using “ls –Z” command.

[root@RHEL03 ~] ls -Z /var/ftp/
drwxr-xr-x root root system_u:object_r:public_content_t pub

To change the context, use the chcon command. To make the changes recursively use with the -R switch. Change the user and type contexts to match /var/ftp folder using the chcon command.

[root@RHEL03 ~] chcon -R -u user_u -t public_content_rw_t /ftp

restorecon

Sets the security context of one or more files by marking the extended attributes with the appropriate file or security context.

[root@RHEL03 ~]# restorecon -F -R /ftp

fixfiles

Checks or corrects the security context database on the file system.

[root@RHEL04 /]# fixfiles -l /root/fixchek.txt relabel

getsebool

get SELinux boolean value(s)

[root@RHEL01 ~]# getsebool –a

setsebool

setsebool is used to toggle policy booleans on or off.

[root@RHEL01 ~]# setsebool httpd_can_network_connect=on

Note: If you want the Boolean values to be persistant, use the -P option along with setsebool command. The –P option will make pending values be written to the policy file on disk.

 

Related Topics...

Basic Linux Commands

Linux file permissions

What is Security-enhanced Linux (SELinux), Discretionary Access Control (DAC), Mandatory Access Control (MAC) and Role-based Access Control (RBAC)?

Security-enhanced Linux (SELinux) Security Contexts

How Security-enhanced Linux (SELinux) works

Security-enhanced Linux (SELinux) configuration-file (/etc/selinux/conf)

Security-enhanced Linux (SELinux) - Filesystem Relabeling

 

eXTReMe Tracker
back
next
 
Disclaimer | Feed Back | Trademarks | Knowledge Base | FAQ | Sitemap | Downloads
Copyright 2010 ©OmniSecu.com... Free Networking Tutorials, Free System Administration Tutorials and Free Security Tutorials