Scribd
Upload
8 views

Se Linux

Uploaded by

aamir766757
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
8 views

Se Linux

Uploaded by

aamir766757
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 20

Selinux

• Security-Enhanced Linux (SELinux) is a security architecture for


Linux® systems that allows administrators to have more control over
who can access the system. It was originally developed by the United
States National Security Agency (NSA) as a series of patches to the
Linux kernel using Linux Security Modules (LSM).
• SELinux is the most popular Linux Security Module used to isolate
and protect system components from one another.
• getenforce command is used to check which mode you are in .


• The ls -Z command is typically used in Linux and Unix-like operating
systems, particularly those with SELinux (Security-Enhanced Linux)
enabled. It's similar to the ls command, but it includes security context
information for files and directories.

• Here's what each part of the command does:

• ls: This is the command for listing directory contents.


• -Z: This option adds security context information to the output. It shows
the SELinux security context of each file and directory.
Running webserver
• yum install –y httpd
To manage context labels
• semanage fcontext -l ….
• semanage is a powerful tool for administrators who need to configure and
manage SELinux policies to enhance the security of their Linux systems.

• The setbool command is used in Linux systems with SELinux (Security-
Enhanced Linux) enabled to manipulate SELinux boolean values.

• SELinux booleans are variables that can be toggled between true and
false states to control various aspects of SELinux policies. These
booleans allow administrators to customize the security policy without
modifying the underlying SELinux policy rules directl
• SELinux booleans can control various aspects of system behavior,
such as whether a service is allowed to access the network, whether it
can write to specific directories, whether it can use certain ports, and
so on
• abrt_anon_write: This boolean controls whether the abrt (Automatic
Bug Reporting Tool) daemon is allowed to write core dump files in
anonymous shared memory areas. In your system, it is currently set to
off, meaning that the abrt daemon is not allowed to perform
anonymous write operation
abrt_handle_event: This boolean controls whether the abrt daemon
is allowed to handle events. In your system, it is also set to off,
meaning that the abrt daemon is not currently handling events.
• abrt_upload_watch_anon_write: This boolean controls whether the
abrt daemon is allowed to watch and upload core dump files created
by anonymous shared memory write operations. In your system, it is
set to on, indicating that the abrt daemon is allowed to perform this
operation.
• Use the setsebool command to enable or disable the running state of
these behaviors.
• The httpd service policy includes the httpd_enable_homedirs Boolean,
which enables the sharing of home directories with httpd.

You might also like