SELinux Disabled? Here's Why That's a Huge Mistake

MANAGING SELINUX: How does SELinux work? SELinux defines access controls for the applications, processes, and files on a system. It uses security policies, which are a set of rules that tell SELinux what can or can’t be accessed, to enforce the access allowed by a policy. What are booleans? Booleans are on/off settings for functions in SELinux. There are hundreds of settings that can turn SELinux capabilities on or off, and many are already predefined. You can find out which booleans have already been set in your system by running #getsebool -a. Important SELinux configuration Files /etc/selinux/config is the main configuration file of SELinux. /etc/sysconfig/selinux contains a symbolic link to the actual configuration file, /etc/selinux/config. #cat /etc/selinux/config SELINUX=enforcing Modes of SELinux • There are three modes in which SELinux can be at a time, they are Enforcing: Permissive: Disabled: LAB WORK:- To check the SELinux Mode #getenforce #sestatus Display the SELinux context of a file • To display the context of a file the syntax is #ls –Z filename To display the context of a directory the syntax is #ls –ldZ directory name Displaying the SELinux Context of a Process • To display the context of a process running in the system, the syntax is #ps –efZ |grep process name #ps –efZ |grep http Changing the SELinux Context of a file or directory • To change the context of the file the steps are • Check the existing context of the file by #ls –ldZ filename Observe that the type is admin_home_t, let’s change it to public_content_t, so that it will be available for all users. • To change the context of a file or directory the syntax is #chcon –t argument file/dir name #chcon –t public_content_t ktfile #ls -ldz ktdir To change the context for a directory and its contents • Check the context of both directory and its contents #ls -ldz ktdir #ls -lz ktdir To change the context for a directory and its contents, the syntax is #chcon –R –t argument dir name #ls -ldz ktdir #chcon –R –t public_content_t ktdir #ls -ldz ktdir Restoring back the modified SELinux context to its default value • To restore the modified/changed SELinux context of a file to its default form, the syntax is #restorecon –v filename #ls -ldz ktdir #restorecon –v ktfile #ls -ldz ktdir To restore back the same of a directory with its contents, the syntax is #restorecon –Rv dir name #ls -ldz ktdir #resotrecon –Rv ktdir #ls -ldz ktdir #ls -lz ktdir Changing the Modes of SElinux • To change the mode of SElinux the syntax is #setenforce option Options used are 0 or 1 (Where 0 means Permissive and 1 means Enforcing) • To change the SELinux Mode to permissive #setenforce 0 • Verify it by getenforce or sestatus command. #getenforce To change the SELinux Mode back to Enforcing mode #setenforce 1 Disabling and Enabling the SELinux Security • To disable the SELinux protection or to change it to disabled Mode • Edit the /etc/selinux/config file and change SELINUX=disabled • Whenever changing the mode of SELinux from Enforcing/Permissive to Disabled or Disabled to Permissive/Enforcing, you need to restart the system so that the changes can take effect. #getenforce #sestatus Checking the Booleans and modifying it. • To see the Booleans of a particular service, the syntax is #getsebool –a |grep service name #getsebool –a |grep ftp #getenforce #getsebool -a | grep ftp To change any Boolean just copy the Boolean and give the option (the only possible option for a Boolean to enable and disable is on/off). The syntax for changing Boolean value is #setsebool Boolean option (on/off) sestatus,setenforce,getsebool,setsebool,Mastering SELinux in Linux: Essential Commands for Security,selinux context,selinux mode changer,linux selinux,selinux enforcing vs permissive,how to change booleans in selinux,MAC,disable selinux,selinux tutorial,Mastering SELinux in Linux,Managing SELinux in Linux Servers,I Mastered SELinux in 30 Days and You Can Too!, Secure Your Linux Servers with THESE 5 Pro Tips!,From Zero to SELinux Hero in 2024?selinux, what is selinux, selinux tutorial, linux selinux, selinux policy, selinux permissive, how to enable selinux, how to disable selinux, disable selinux, selinux mode changer, selinux explained, selinux in linux, understanding selinux policy in red hat, use of selinux in linux, selinux centos, how to setup selinux, selinux context, selinux commands, selinux linux, mprashant, m prashant, linux, selinux telugu,selinux, linux, security-enhanced linux, selinux permissive, what is linux administration, disable selinux, linux tutorial commands, how to disable selinux, selinux context, selinux changer, set selinux to permissive permanently, selinux linux, how to enable selinux, linux selinux, how to set selinux to permissive, linux security, chris titus tech, how to, open source, how to setup selinux, what is selinux, selinux commands, selinux tutorial,Mastering SELinux: Boost Your Linux Security