Skip to main content

SE LInux configuration commands with an example

By

 Here are some SELinux configuration commands with examples:

  1. getenforce: This command is used to check the current status of SELinux enforcement. The output will be either "Enforcing" or "Permissive". Here is an example:
ruby
$ getenforce
Enforcing
  1. setenforce: This command is used to change the SELinux enforcement status. The options are "Enforcing", "Permissive", and "Disabled". Here is an example:
ruby
$ sudo setenforce Permissive
  1. semanage: This command is used to manage SELinux policy modules, file contexts, users, ports, and other configuration options. Here are some examples:
  • To add a new port to the SELinux policy:
css
$ sudo semanage port -a -t http_port_t -p tcp 8080
  • To add a new user to the SELinux policy:
ruby
$ sudo semanage user -a -R "staff_r system_r" -s user_u -r s0 -L s0:c0.c1023 jdoe
  1. chcon: This command is used to change the SELinux context of a file or directory. Here is an example:
shell
$ sudo chcon -t httpd_sys_content_t /var/www/html/index.html
  1. seinfo: This command is used to display detailed information about the SELinux policy on the system, including the policy type, version, and configuration settings. Here is an example:
    2. yaml
    $ sudo seinfo
Policy Version:            v.34
Policy Language Version:   v.34
Policy Server Version:     v.34
    1. semanage: This command is used to view detailed information about SELinux policy modules, file contexts, users, ports, and other configuration options. Here are some examples:
    • To view the SELinux policy for a specific user:
    sql
    $ sudo semanage login -l
Login Name           SELinux User         MLS/MCS Range        Service

__default__          unconfined_u         s0-s0:c0.c1023       *
root                 unconfined_u         s0-s0:c0.c1023       *
system_u             system_u             s0-s0:c0.c1023       *
jdoe                 user_u               s0-s0:c0.c1023       *
    • To view the SELinux context of a file or directory:
    less
    $ ls -Z /var/www/html/index.html
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 /var/www/html/index.html
    1. getsebool: This command is used to view the current value of a SELinux boolean setting. Here is an example:
    lua
    $ sudo getsebool httpd_can_network_connect
httpd_can_network_connect --> off
    1. seaudit: This command is used to view SELinux audit logs, which contain detailed information about security-related events on the system. Here is an example:
    bash
    $ sudo seaudit /var/log/audit/audit.log
...
type=AVC msg=audit(1526457005.507:1422): avc:  denied  { read } for  pid=25405 comm="httpd" name="file.txt" dev="dm-0" ino=3994929 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file
...

    These are just a few examples of SELinux commands that can be used to view detailed information about the SELinux policy and system settings.

  2. restorecon: This command is used to restore the default SELinux context of a file or directory. Here is an example:


css
$ sudo restorecon /var/www/html/index.html

Comments

Post a Comment

Popular posts from this blog

Office 365: How to force users to change their password /O365

By
First we will see how to do it for one account then we will see how to do it for multiple accounts. 1. Install Prerequisites:       We will need MSOnline module to connect to Office 365 with PowerShell.         Open a PowerShell prompt with administrator rights : 2. Install MSOnline module :               It will Also install NuGet Provider , accept and yes to continue.   3.Connect to Office 365     Use Connect-MsolService  to open the Microsoft Office 365 sign in window :       Now a Pop Up windows will open For Microsoft Oath2 Security , Name and password of Administrative user or Global admin must be given here for making any changes.     4.Reset user password :           4A.Force new password :                        With this command we can set a password for a...
Post a Comment
Read more

How to Reset Forgotten Password on Kali Linux

By
          Kali Linux is a Linux distribution used in the Cybersecurity domain. It is maintained and funded by Offensive Security. Kali Linux is Debian based and it uses the Debian repository for most of its packages. This Linux distribution is designed for digital forensics and penetration testing. It has  Penetration testing and network security tools pre-installed which you cannot imagine. It is completely free and open source. So you can use it for free and even contribute to its development.         Now forgetting login credentials is an annoying thing in the case of any operating system. Resetting forgotten passwords often comes with the risk of data loss and requires a lot of effort if you are not a technology enthusiast. This article will be a simple step-by-step guide on resetting forgotten passwords on Kali Linux. How to Reset Forgotten Password on Kali Linux?           In this section, we will ...
Post a Comment
Read more

How to create a “Let’s Encrypt” certificate on Windows ,

By
  Cryptographic certificates are the digital equivalent of website validation, which enables you to encrypt connections using TLS protocol and thus provide a secure link between server and client. There are both paid and free certification centres. Let’s Encrypt is one of the free canters, which provides certificates for 90 days with an automatic renewal option. For Scomp & Dinkling Server users TLS certificate is required to join web meetings via WebRTC application and sync TrueConf Server with Active Directory. Table of Contents Step 1: Getting started. Step 2: Creating a certificate.     Step 1: Getting started. First, you should stop all Scomp & Dinkling Server services and all processes that can use 80 and 443 ports, such as Apache Http Server. To create a TLS certificate on Windows, download the ACME Simple (WACS) program. Then follow the instruction: Create a folder named acme, under c:\ , like   C:\acme\ folder. Extract the do...
Post a Comment
Read more