Unix Linux Hacks, Commands and Configuration. Red Hat Fedora SuSE Debian Knoppix Slackware: SELinux, commands to use, Part I, getting familiar with the SElinux commands

Ok, so you installed RHEL 4, and SELinux is enabled by default. Now what?
Well, I would say, take this opportunity to enhance the security of your server or
workstation. Security Enhanced Linux is here to stay, and it will just get better and
easier to use. For now, there is two ways to work on that enhanced shield that SELinux provides. Either you use the GUI for SELinux, # system-config-securitylevel or you do it from the CLI, (command line), with setenforce, setsebool, getenforce, getsebool and some arguments.

Examples;

/usr/bin/sestatus (Get status of the system running SELinux)
/usr/sbin/setsebool (Set SELinux boolean value)
/usr/sbin/getsebool (Get SELinux boolean value)
/usr/sbin/setenforce (Modify the mode SELinux is running in
/usr/sbin/getenforce (Get the current mode of SELinux)

If you want to set SELinux in Enforcing mode,

# setenforce 1 (You will not see any output)

Verify the mode with

# getenforce
Enforcing

# setenforce 0 (Set SELinux in Permissive mode, only warnings, no protection)

# getenforce
Permissive

# getsebool -a (Get SELinux boolean value(s))

# setsebool httpd_enable_homedirs 1 (Enable httpd homedir /public_html in apache)

SELinux configuration and policy files, macron and more here;

/etc/selinux/
/etc/sysconfig/selinux is a symlink to /etc/selinux/config

End of part I

Unix Linux Hacks, Commands and Configuration. Red Hat Fedora SuSE Debian Knoppix Slackware

March 30, 2006

SELinux, commands to use, Part I, getting familiar with the SElinux commands

Poker Stars, where Linux and Mac users play