SELinux : Operating Mode

 This is the Basic Usage and Configuration for SELinux (Security-Enhanced Linux).

It's possible to use MAC (Mandatory Access Control) feature on CentOS for various resources by SELinux.

[1]. Confirm the current status of SELinux like follows. (default mode is [Enforcing])

# display current mode

[root@dlp ~]# getenforce

Enforcing

# enforcing   ⇒  SELinux is enabled (default)

# permissive  ⇒  MAC is not enabled, but only records audit logs according to Policies

# disabled    ⇒  SELinux is disabled


# also possible to display with the command ([Current mode] line)

[root@dlp ~]# sestatus

SELinux status:                 enabled

SELinuxfs mount:                /sys/fs/selinux

SELinux root directory:         /etc/selinux

Loaded policy name:             targeted

Current mode:                   enforcing

Mode from config file:          enforcing

Policy MLS status:              enabled

Policy deny_unknown status:     allowed

Memory protection checking:     actual (secure)

Max kernel policy version:      31

[2]. It's possible to switch current mode between [permissive] ⇔ [enforcing] with [setenforce] command.

But if CentOS System is restarted, the mode returns to default.

[root@dlp ~]# getenforce

Enforcing

# switch to [Permissive] with [setenforce 0]

[root@dlp ~]# setenforce 0

[root@dlp ~]# getenforce

Permissive

# switch to [Enforcing] with [setenforce 1]

[root@dlp ~]# setenforce 1

[root@dlp ~]# getenforce

Enforcing

[3]. If you'd like to change Operating Mode permanently, change value in Configuration file.

[root@dlp ~]# vi /etc/selinux/config

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

#     enforcing - SELinux security policy is enforced.

#     permissive - SELinux prints warnings instead of enforcing.

#     disabled - No SELinux policy is loaded.

# change value you'd like to set

SELINUX=enforcing

# SELINUXTYPE= can take one of these three values:

#     targeted - Targeted processes are protected,

#     minimum - Modification of targeted policy. Only selected processes are protected.

#     mls - Multi Level Security protection.

SELINUXTYPE=targeted


# restart to apply change

[root@dlp ~]# reboot

[4]. If you change the Operating Mode from [Disabled] to [Enforcing/Permissive], it needs to re-label filesystem with SELinux Contexts. Because when some files or directories are created in [Disabled] mode, they are not labeled with SELinux Contexts, it needs to label to them, too.

# set re-labeling like follows, then it will be set on next system booting

[root@dlp ~]# touch /.autorelabel

[root@dlp ~]# reboot

Comments

Post a Comment

Popular posts from this blog

PostgreSQL - String Function

PostgreSQL string functions are used primarily for string manipulation. The following table details the important string functions − ASCII(str) Returns the numeric value of the leftmost character of the string str. Returns 0 if str is an empty string. Returns NULL if str is NULL. ASCII() works for characters with numeric values from 0 to 255. testdb=# SELECT ASCII('2'); +---------------------------------------------------------+ | ASCII('2') | +---------------------------------------------------------+ | 50 | +---------------------------------------------------------+ 1 row in set (0.00 sec) testdb=# SELECT ASCII('dx'); +---------------------------------------------------------+ | ASCII('dx') | +---------------------------------------------------------+ | 100 |
Read more

SwiftUI - TEXT

TEXT Text is used to display one or more lines of text content with the same effect as UILabel, but it is even better. If you want to create Text, just create it with Text("SwiftUI"); With chained syntax, you can also add multiple attributes to the text, such as fonts, colors, shadows, spacing between top left and right, and so on. Example: Text ( "SwiftUI" ) . foregroundColor ( . orange ) . bold () . font ( . system ( . largeTitle )) . fontWeight ( . medium ) . italic () . shadow ( color : . black , radius : 1 , x : 0 , y : 2 )
Read more

PostgreSQL - DATE/TIME Functions and Operators

Image
  We had discussed about the Date/Time data types in the chapter   Data Types . Now, let us see the Date/Time operators and Functions. The following table lists the behaviors of the basic arithmetic operators − The following is the list of all important Date and Time related functions available. AGE(timestamp, timestamp), AGE(timestamp) Example of the function AGE(timestamp, timestamp) is − testdb =# SELECT AGE ( timestamp '2001-04-10' , timestamp '1957-06-13' ); The above given PostgreSQL statement will produce the following result − age ------------------------- 43 years 9 mons 27 days Example of the function AGE(timestamp) is − testdb =# select age ( timestamp '1957-06-13' ); The above given PostgreSQL statement will produce the following result − age -------------------------- 55 years 10 mons 22 days CURRENT DATE/TIME() PostgreSQL provides a number of functions that return values related to the current date and time. Foll
Read more