githubfoam · August 12, 2021 23:05
diff --git a/SELinux cheat sheet b/SELinux cheat sheet
 $ rpm -qa | grep selinux
 libselinux-2.5-11.el7.x86_64
 libselinux-python-2.5-11.el7.x86_64
 selinux-policy-targeted-3.13.1-166.el7_4.9.noarch
 libselinux-utils-2.5-11.el7.x86_64
 selinux-policy-3.13.1-166.el7_4.9.noarch

 yum install policycoreutils policycoreutils-python selinux-policy selinux-policy-targeted libselinux-utils setroubleshoot-server setools setools-console mcstrans

 $ getenforce
 Enforcing

 $ sestatus
 SELinux status:                 enabled
 SELinuxfs mount:                /sys/fs/selinux
 SELinux root directory:         /etc/selinux
 Loaded policy name:             targeted
 Current mode:                   enforcing
 Mode from config file:          enforcing
 Policy MLS status:              enabled
 Policy deny_unknown status:     allowed
 Max kernel policy version:      28

 $ sudo setenforce permissive
 $ sestatus
 SELinux status:                 enabled
 SELinuxfs mount:                /sys/fs/selinux
 SELinux root directory:         /etc/selinux
 Loaded policy name:             targeted
 Current mode:                   permissive
 Mode from config file:          enforcing
 Policy MLS status:              enabled
 Policy deny_unknown status:     allowed
 Max kernel policy version:      28

 #enable/disable/configure SELinux 
 vi /etc/sysconfig/selinux
 #SELINUX=enforcing
 #SELINUX=permissive
 SELINUX=disabled

 cat /var/log/messages | grep "SELinux is preventing"
 cat /var/log/messages | grep "SELinux"

 sudo semodule -l 
 ls -l /etc/selinux/targeted/modules/active/modules/
 sudo semanage boolean -l | less

 $ sudo semanage boolean -l | grep ftpd
 $ sudo setsebool ftpd_anon_write on
 $ sudo getsebool ftpd_anon_write
 ftpd_anon_write --> on
	$ rpm -qa \| grep selinux
	libselinux-2.5-11.el7.x86_64
	libselinux-python-2.5-11.el7.x86_64
	selinux-policy-targeted-3.13.1-166.el7_4.9.noarch
	libselinux-utils-2.5-11.el7.x86_64
	selinux-policy-3.13.1-166.el7_4.9.noarch

	yum install policycoreutils policycoreutils-python selinux-policy selinux-policy-targeted libselinux-utils setroubleshoot-server setools setools-console mcstrans

	$ getenforce
	Enforcing

	$ sestatus
	SELinux status: enabled
	SELinuxfs mount: /sys/fs/selinux
	SELinux root directory: /etc/selinux
	Loaded policy name: targeted
	Current mode: enforcing
	Mode from config file: enforcing
	Policy MLS status: enabled
	Policy deny_unknown status: allowed
	Max kernel policy version: 28

	$ sudo setenforce permissive
	$ sestatus
	SELinux status: enabled
	SELinuxfs mount: /sys/fs/selinux
	SELinux root directory: /etc/selinux
	Loaded policy name: targeted
	Current mode: permissive
	Mode from config file: enforcing
	Policy MLS status: enabled
	Policy deny_unknown status: allowed
	Max kernel policy version: 28

	#enable/disable/configure SELinux
	vi /etc/sysconfig/selinux
	#SELINUX=enforcing
	#SELINUX=permissive
	SELINUX=disabled

	cat /var/log/messages \| grep "SELinux is preventing"
	cat /var/log/messages \| grep "SELinux"

	sudo semodule -l
	ls -l /etc/selinux/targeted/modules/active/modules/
	sudo semanage boolean -l \| less

	$ sudo semanage boolean -l \| grep ftpd
	$ sudo setsebool ftpd_anon_write on
	$ sudo getsebool ftpd_anon_write
	ftpd_anon_write --> on
No results found