Dec 08

Redhat/CentOS, Selinux: Linux Security: and related

From my history (i.e. taken from output of history command)

Check if internet connection is there otherwise yum might not work as yum goes to the internet to find packages (unless you are using local yum servers)

ping yahoo.com
nslookup

yum install selinux : will not work as it is

you can try yum install selinux*, or yum -y install selinux*

-y is to say yes to all prompt during installation

you can install individual modules of selinux as well like policy, core

yum install selinux-policy

 

Install some services that will help to experiment with selinux
service httpd status
yum install httpd
service httpd start
service httpd vsftpd
yum install vsftpd
service start vsftpd
service vsftpd start
service httpd start

 

Query selinux command

rpm -qa | grep selinux

output for me:

[root@yumserver ~]# rpm -qa | grep selinux
selinux-policy-targeted-3.13.1-166.el7_4.5.noarch
libselinux-utils-2.5-11.el7.x86_64
selinux-policy-3.13.1-166.el7_4.5.noarch
libselinux-2.5-11.el7.x86_64
libselinux-python-2.5-11.el7.x86_64

 

Install selinux by modules
yum install policycoreutils policycoreutils-python selinux-policy-targeted libselinux-utils setroubleshoot-server setools setools-console mcstrans

getenforce
sestatus
vim /etc/sysconfig/selinux
reboot

Check if any error message from selinux
cat /var/log/messages | grep Selinux
cat /var/log/messages | grep "Selinux"
getenforce
sestatus
setenforce permissive
semodule -l
semodule -l | less
ls -l /etc/selinux/targeted/modules/active/modules/
ls -l /etc/selinux/targeted/policy/

Selinux Booleans

semanage boolean -l
semanage boolean -l | less
getsebool ftpd_anon_write
setsebool ftpd_anon_write on
nano .bash_history
setsebool ftpd_anon_write ooff

 

Misc Permission Commands

ll -d /sdata
chmod g+w /sdata
ll - d /sdata
ll -d /sdata
su jerry; cd /sdata/
su jerry
vi /etc/cron.allow
su jerry
chmod 1755 /var -v
chmod u-t /var
ll
chmod o-t /var

Skip to toolbar