SELinux : Operating Mode

 This is the Basic Usage and Configuration for SELinux (Security-Enhanced Linux).

It's possible to use MAC (Mandatory Access Control) feature on CentOS for various resources by SELinux.

[1]. Confirm the current status of SELinux like follows. (default mode is [Enforcing])

# display current mode

[root@dlp ~]# getenforce

Enforcing

# enforcing   ⇒  SELinux is enabled (default)

# permissive  ⇒  MAC is not enabled, but only records audit logs according to Policies

# disabled    ⇒  SELinux is disabled


# also possible to display with the command ([Current mode] line)

[root@dlp ~]# sestatus

SELinux status:                 enabled

SELinuxfs mount:                /sys/fs/selinux

SELinux root directory:         /etc/selinux

Loaded policy name:             targeted

Current mode:                   enforcing

Mode from config file:          enforcing

Policy MLS status:              enabled

Policy deny_unknown status:     allowed

Memory protection checking:     actual (secure)

Max kernel policy version:      31

[2]. It's possible to switch current mode between [permissive] ⇔ [enforcing] with [setenforce] command.

But if CentOS System is restarted, the mode returns to default.

[root@dlp ~]# getenforce

Enforcing

# switch to [Permissive] with [setenforce 0]

[root@dlp ~]# setenforce 0

[root@dlp ~]# getenforce

Permissive

# switch to [Enforcing] with [setenforce 1]

[root@dlp ~]# setenforce 1

[root@dlp ~]# getenforce

Enforcing

[3]. If you'd like to change Operating Mode permanently, change value in Configuration file.

[root@dlp ~]# vi /etc/selinux/config

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

#     enforcing - SELinux security policy is enforced.

#     permissive - SELinux prints warnings instead of enforcing.

#     disabled - No SELinux policy is loaded.

# change value you'd like to set

SELINUX=enforcing

# SELINUXTYPE= can take one of these three values:

#     targeted - Targeted processes are protected,

#     minimum - Modification of targeted policy. Only selected processes are protected.

#     mls - Multi Level Security protection.

SELINUXTYPE=targeted


# restart to apply change

[root@dlp ~]# reboot

[4]. If you change the Operating Mode from [Disabled] to [Enforcing/Permissive], it needs to re-label filesystem with SELinux Contexts. Because when some files or directories are created in [Disabled] mode, they are not labeled with SELinux Contexts, it needs to label to them, too.

# set re-labeling like follows, then it will be set on next system booting

[root@dlp ~]# touch /.autorelabel

[root@dlp ~]# reboot

Comments

Post a Comment

Popular posts from this blog

LINUX Move and copy files using SSH

Often you will need to move one or more files/folders or copy them to a different location. You can do so easily using an SSH connection. The commands which you would need to use are mv (short from move) and cp (short from copy). The mv command syntax looks like this: mv configuration.php-dist configuration.php By issuing the above command we will move (rename) the file configuration.php-dist to configuration.php. You can also use mv to move a whole directory and its content: mv includes/* ./ This will move all files (and folders) in the includes/ directory to the current working directory. In some cases however, we will need to only update the files and move only files that were changed, which we can do by passing ‘ -u ’ as argument to the command: mv -u includes/* admin/includes The copy (cp) command works the same way as mv, but instead of moving the files/folders it copies them. For example: cp configuration.php-dist configuration.php The command will copy the co
Read more

Java : Variables Declaring

[1]. Java Variables Variables are containers for storing data values. In Java, there are different types of variables, for example: String - stores text, such as "Hello". String values are surrounded by double quotes int - stores integers (whole numbers), without decimals, such as 123 or -123 float - stores floating point numbers, with decimals, such as 19.99 or -19.99 char - stores single characters, such as 'a' or 'B'. Char values are surrounded by single quotes boolean - stores values with two states: true or false [2]. Declaring (Creating) Variables To create a variable, you must specify the type and assign it a value: Syntax type variable = value ; Where type is one of Java's types (such as int or String), and variable is the name of the variable (such as x or name). The equal sign is used to assign values to the variable. To create a variable that should store text, look at the following example: Example Create a variable called  name  of type  Stri
Read more

SQL Self JOIN

SQL Self JOIN A self JOIN is a regular join, but the table is joined with itself. Self JOIN Syntax SELECT column_name(s) FROM table1 T1, table1 T2 WHERE condition; T1 and T2 are different table aliases for the same table.
Read more