noslin005/selinux.md

Last active January 27, 2022 14:43

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/noslin005/728b2bd47f5216b8342342c4e9bad1a1.js"></script>
Save noslin005/728b2bd47f5216b8342342c4e9bad1a1 to your computer and use it in GitHub Desktop.

Download ZIP

SELinux

Raw

SELinux

Controll the folder access by applications

Commands

getenforce
sestatus

Generate the Log Messages /var/log/audit/audit.log

Set SELinux to permissive

sudo setenforce permissive

tail -f /var/log/audit/audit.log

Use the log messages to create the templates

Copy the settings from a default folder, i.e,:

ls -laZ /var/www

Change the type of the folder

sudo chcon -Rv --type=httpd_sys_content_t /netshare/www

Non default program

Install dnf install policycoreutils-devel to provide audi2allow
Set selinux to permissive

sudo setenforce permissive
`

2. Use the audit error log to create a policy module
```bash
sudo grep httpd /var/log/audit/audit.log | audit2allow -M httpd

Install the policy file

sudo semodule -i httpd.pp

Set SELinux to enforcing mode

sudo setenforce enforcing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment