MyWackoSite : SE Linux

Hits : 1905

Security-Enhanced Linux :: Notes

ps -eZ

ls -Z file

Disable selinux (realtime)

# setenforce 0

&

# setenforce 1

to enable it

grep denied /var/log/audit/audit.log | tail -1 | audit2allow -a -M observium
semodule -i observium.pp

# Build a selinux module from selinux policy
mkdir -pv selinux.local/ebal
cd !$

vim ebal1.te

make -f /usr/share/selinux/devel/Makefile

semodule -i ebal1.pp

# List selinux booleans
semanage boolean -l

# Persistent change 
setsebool -P ssh_chroot_rw_homedirs on

Formatter "highlight/html" not found

# sestatus

# tail -f /var/log/audit/audit.log

# grep denied /var/log/audit/audit.log.1 | tail -1 | audit2allow

# grep denied /var/log/audit/audit.log.1 | tail -1 | audit2allow -M ebaltest1

# semodule -i ebaltest1.pp

# semanage boolean -l | grep http

# setsebool

# semanage boolean -l | grep poly

[root@ebalaskas conf]# setsebool -P httpd_enable_cgi off
[root@ebalaskas conf]# setsebool -P httpd_dbus_avahi off
[root@ebalaskas conf]# setsebool -P httpd_unified off
[root@ebalaskas conf]# setsebool -P httpd_tty_comm off

AVC: stands for Access Vector Cache

type=AVC msg=audit(1431012972.673:2907): avc:  denied  { search } for  pid=4757 comm="httpd" name="pnp4nagios" dev=vda1 ino=144905 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:nagios_var_lib_t:s0 tclass=dir

type=SYSCALL msg=audit(1431012972.673:2907): arch=c000003e syscall=4 success=no exit=-13 a0=7f614a7febb8 a1=7fffec5c3ce0 a2=7fffec5c3ce0 a3=7f6147cfc110 items=0 ppid=4512 pid=4757 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)

MyWackoSite: SE Linux