Skip to main content

selinux configuration for monitor on file share in ubuntu step by step

By

 Enabling SELinux monitoring on file shares in Ubuntu involves the following steps:


Install the SELinux packages:


Run the command sudo apt-get install selinux selinux-utils policycoreutils selinux-policy-default

Install the Samba package:


Run the command 


sudo apt-get install samba


Configure SELinux to monitor Samba shares:


Edit the SELinux policy configuration file: 


sudo nano /etc/selinux/config


Find the line SELINUX=enforcing and change it to SELINUX=permissive


Save the file and exit


Configure Samba to use SELinux:


Edit the Samba configuration file: sudo nano /etc/samba/smb.conf


Add the following lines at the end of the [global] section:





# Enable SELinux

selinux=yes

# Map the Samba guest user to the SELinux guest_u user

map to guest = bad user

Save the file and exit


Restart the SELinux and Samba services:


Run the command sudo service selinux restart

Run the command sudo service smbd restart

Configure the file share:


Create a directory to use as the file share: sudo mkdir /srv/samba/share


Set the correct permissions for the directory: sudo chown nobody:nogroup /srv/samba/share


Edit the Samba configuration file to add the share definition: sudo nano /etc/samba/smb.conf


Add the following lines at the end of the file:





comment = My Samba Share

path = /srv/samba/share

read only = no

guest ok = yes

Save the file and exit


Test the file share:


Use a client computer to connect to the file share using the Samba protocol and the guest user account

Verify that the client can read and write files to the share

Note: It is important to remember that changing the SELinux policy from enforcing to permissive mode can have security implications, as it disables the enforcement of security policies. This should only be done for troubleshooting purposes and should be reverted back to enforcing mode once the issue has been resolved.

Comments

Post a Comment

Popular posts from this blog

Office 365: How to force users to change their password /O365

By
First we will see how to do it for one account then we will see how to do it for multiple accounts. 1. Install Prerequisites:       We will need MSOnline module to connect to Office 365 with PowerShell.         Open a PowerShell prompt with administrator rights : 2. Install MSOnline module :               It will Also install NuGet Provider , accept and yes to continue.   3.Connect to Office 365     Use Connect-MsolService  to open the Microsoft Office 365 sign in window :       Now a Pop Up windows will open For Microsoft Oath2 Security , Name and password of Administrative user or Global admin must be given here for making any changes.     4.Reset user password :           4A.Force new password :                        With this command we can set a password for a...
Post a Comment
Read more

How to Reset Forgotten Password on Kali Linux

By
          Kali Linux is a Linux distribution used in the Cybersecurity domain. It is maintained and funded by Offensive Security. Kali Linux is Debian based and it uses the Debian repository for most of its packages. This Linux distribution is designed for digital forensics and penetration testing. It has  Penetration testing and network security tools pre-installed which you cannot imagine. It is completely free and open source. So you can use it for free and even contribute to its development.         Now forgetting login credentials is an annoying thing in the case of any operating system. Resetting forgotten passwords often comes with the risk of data loss and requires a lot of effort if you are not a technology enthusiast. This article will be a simple step-by-step guide on resetting forgotten passwords on Kali Linux. How to Reset Forgotten Password on Kali Linux?           In this section, we will ...
Post a Comment
Read more

How to create a “Let’s Encrypt” certificate on Windows ,

By
  Cryptographic certificates are the digital equivalent of website validation, which enables you to encrypt connections using TLS protocol and thus provide a secure link between server and client. There are both paid and free certification centres. Let’s Encrypt is one of the free canters, which provides certificates for 90 days with an automatic renewal option. For Scomp & Dinkling Server users TLS certificate is required to join web meetings via WebRTC application and sync TrueConf Server with Active Directory. Table of Contents Step 1: Getting started. Step 2: Creating a certificate.     Step 1: Getting started. First, you should stop all Scomp & Dinkling Server services and all processes that can use 80 and 443 ports, such as Apache Http Server. To create a TLS certificate on Windows, download the ACME Simple (WACS) program. Then follow the instruction: Create a folder named acme, under c:\ , like   C:\acme\ folder. Extract the do...
Post a Comment
Read more