Thursday, May 27, 2021
Security Enhanced Linux (SELinux) is a set of kernel medications developed by the NSA and later distributed to the public to secure computer systems. Most people would disable it on install because it's a pain to work with. But, if configured correctly it could harden your system considerably.
First let's install all the packages that we need for SELinux with the following yum command
yum install policycoreutils policycoreutils-python selinux-policy selinux-policy-targeted libselinux-utils setroubleshoot-server setools setools-console mcstrans
Select "y" when asked for a confirmation.
Now we want to see if SELinux is enabled by getting the status with this command
getenforce | sestatus
As we can see SELinux is enabled on our system. Currently it is enabled at the highest level which is enforcing.
There are security mode in SELinux, they are the following:
First let's install all the packages that we need for SELinux with the following yum command
yum install policycoreutils policycoreutils-python selinux-policy selinux-policy-targeted libselinux-utils setroubleshoot-server setools setools-console mcstrans
Select "y" when asked for a confirmation.
Now we want to see if SELinux is enabled by getting the status with this command
getenforce | sestatus
As we can see SELinux is enabled on our system. Currently it is enabled at the highest level which is enforcing.
There are security mode in SELinux, they are the following:
- Enforcing - In this mode all access from users or processes that are not authorized are denied, and the even will be logged.
- Permissive - In this mode as the name implies is permission meaning non of the access is denied. This will be the mode we start out with because we want to test and SELinux using this mode.
- Disabled - Means SELinux is not enabled.
The first we want to do is set the security mode to "Permissive" so that we can setup and configure SELinux.
Open the file /etc/selinux/config with your favorite editor and change the line SELinux=enforcing to SELinux=permissive so that all files can be labeled
To get into Permissive mode you have to reboot the system type in the command reboot now
Now let's check to see that the Permissive mode was successful with the command grep 'SELinux' /var/log/messages
The next step is to change /etc/selinux/config file back to SELINUX back to enforcing, then reboot the system again.
Subscribe to:
Post Comments (Atom)
Search This Blog
Tags
Web Development
Linux
Javascript
DATA
CentOS
ASPNET
SQL Server
Cloud Computing
ASP.NET Core
ASP.NET MVC
SQL
Virtualization
AWS
Database
ADO.NET
AngularJS
C#
CSS
EC2
Iaas
System Administrator
Azure
Computer Programming
JQuery
Coding
ASP.NET MVC 5
Entity Framework Core
Web Design
Infrastructure
Networking
Visual Studio
Errors
T-SQL
Ubuntu
Stored Procedures
ACME Bank
Bootstrap
Computer Networking
Entity Framework
Load Balancer
MongoDB
NoSQL
Node.js
Oracle
VirtualBox
Container
Docker
Fedora
Java
Source Control
git
ExpressJS
MySQL
NuGet
Blogger
Blogging
Bower.js
Data Science
JSON
JavaEE
Web Api
DBMS
DevOps
HTML5
MVC
SPA
Storage
github
AJAX
Big Data
Design Pattern
Eclipse IDE
Elastic IP
GIMP
Graphics Design
Heroku
Linux Mint
Postman
R
SSL
Security
Visual Studio Code
ASP.NET MVC 4
CLI
Linux Commands
Powershell
Python
Server
Software Development
Subnets
Telerik
VPC
Windows Server 2016
angular-seed
font-awesome
log4net
servlets
tomcat
AWS CloudWatch
Active Directory
Angular
Blockchain
Collections
Compatibility
Cryptocurrency
DIgital Life
DNS
Downloads
Google Blogger
Google Chrome
Google Fonts
Hadoop
IAM
KnockoutJS
LINQ
Linux Performance
Logging
Mobile-First
Open Source
Prototype
R Programming
Responsive
Route 53
S3
SELinux
Software
Unix
View
Web Forms
WildFly
XML
cshtml
githu
Thanks for posting such a great blog
ReplyDeleteVermicompost Manufacturers | Vermicompost in chennai
To be honest your article is informative and very helpful. Hp Laptop
ReplyDeleteHp Laptop online
Get yourself this fantastic stainless-steel rocker garlic press. Comfortable grip and rocking motion allows you to crush the garlic in record time. Easy to store and
ReplyDeleteclean.
garlic crusher
cell phone holder for car
I think this is among the most significant info for me. And i’m glad reading your article.
ReplyDeleteskills you can learn online
Nice post. It is really interesting. Thanks for sharing the post!
ReplyDeleteOppo A11k 32GB 2GB Smartphone v2kart.xyz
Realme 3 Pro (Lightning Purple, 128 GB) (6 GB RAM) Refurbished v2kart.xyz
A very inspiring blog your article is so convincing.
ReplyDeleteBest aeronautical engineering colleges in coimbatore
Best colleges for aeronautical engineering in coimbatore
Top most engineering colleges in coimbatore
ReplyDeleteMyMovers is a team of technically-skilled and experienced Packers and movers in Bangalore who deliver their services across India. They provide various services to their customers to remove the word Shifting bizarre from the dictionary.
movers and packers in Bangalore
Packers and movers in Bangalore
Save more on your move with Cloud packers and Movers Delhi
ReplyDeleteHow Can You Hire Flexible Packers and Movers as per your need