Skip to content

Instantly share code, notes, and snippets.

@noslin005

noslin005/selinux.md

Last active January 27, 2022 14:43
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save noslin005/728b2bd47f5216b8342342c4e9bad1a1 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save noslin005/728b2bd47f5216b8342342c4e9bad1a1 to your computer and use it in GitHub Desktop.
Download ZIP
SELinux
Raw
selinux.md

SELinux

Controll the folder access by applications

Commands

  • getenforce
  • sestatus

Generate the Log Messages /var/log/audit/audit.log

  1. Set SELinux to permissive
sudo setenforce permissive
  1. tail -f /var/log/audit/audit.log

Use the log messages to create the templates

  1. Copy the settings from a default folder, i.e,:
ls -laZ /var/www
  1. Change the type of the folder
sudo chcon -Rv --type=httpd_sys_content_t /netshare/www

Non default program

  1. Install dnf install policycoreutils-devel to provide audi2allow
  2. Set selinux to permissive
sudo setenforce permissive
`

2. Use the audit error log to create a policy module
```bash
sudo grep httpd /var/log/audit/audit.log | audit2allow -M httpd
  1. Install the policy file
sudo semodule -i httpd.pp
  1. Set SELinux to enforcing mode
sudo setenforce enforcing
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment