Basics of SELinux in Linux

Posted by Unknown Kamis, 13 September 2012 0 komentar
http://www.linuxnix.com/2012/09/basics-of-selinux-in-linux.html


Basics of SElinux

What is SELinux?
SELinux is a set of security policies/modules which are going to apply on the machine to improve the overall security of the machine. These are the Linux security modules(LSM) which are loaded in to kernel to improve security on accessing services/files which improve security. SELinux is short form of Security Enhanced Linux. SElinux is a security feature which was shipped with RHEL5, it is much secure than any other security such as PAM and Initd. Apparmor is some times consider as eloquent to SELinux. Below is the security model in Linux.

Setting of SELinux

SELinux is set in three modes.
  • Enforcing - SELinux security policy is enforced. IF this is set SELinux is enabled and will try to enforce the SELinux policies strictly
  • Permissive – SELinux prints warnings instead of enforcing. This setting will just give warning when any SELinux policy setting is breached
  • Disabled – No SELinux policy is loaded. This will totally disable SELinux policies.

And SELinux is set in two levels
  • Targeted – Targeted processes are protected,
  • Mls - Multi Level Security protection.

Get SELinux Status

Example1:Is SELinux enabled or not on your box? use below command to get the status.
#getenforce

The output will be either “Enabled” or “Disabled”
Example2: To see SELinux status in simplified way you can use sestatus

#sestatus
Sample output:
SElinux status : enabled
SELinux mount : /selinux
Current mode : enforcing
Mode from config file : enforcing
Policy version : 21
Policy from config file : targeted
From the above output we can see that SElinux is enabled and it is in enforced mode.
and to see detailed status you can use -b option, this will give on which services SElinux is enabled and which services are disabled.
Example3:To get elobrated info on difference status of SELinux on different services use -b option along sestatus
#sestatus -b
Sample output:
[root@centos1 ~]# sestatus -b
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: permissive
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted
Policy booleans:
abrt_anon_write off
allow_console_login on
allow_corosync_rw_tmpfs off
allow_cvs_read_shadow off
allow_daemons_dump_core on
allow_daemons_use_tty on
allow_domain_fd_use on
allow_execheap off
allow_execmem on
allow_execmod on
allow_execstack on
allow_ftpd_anon_write off
==Cliped the output here==

Disabling SELinux

Example4:How to disable SElinux
We can do it in two ways
1)Permanent way : edit /etc/selinux/config
change the status of SELINUX from enforcing to disabled
SELINUX=enforcing
to
SELINUX=disabled
Save the file and exit.
2)Temporary way : Execute below command
echo 0 > /selinux/enforce
or
setenforce 0

Enabling SELinux

Example5:How about enabling SELinux
1)Permanent way : edit /etc/selinux/config
change the status of SELINUX from disabled to enforcing
SELINUX=disabled
to
SELINUX=enforcing
Save the file and exit.
2)Temporary way : Execute below command
echo 1 > /selinux/enforce
or
setenforce 1
TERIMA KASIH ATAS KUNJUNGAN SAUDARA
Judul: Basics of SELinux in Linux
Ditulis oleh Unknown
Rating Blog 5 dari 5
Semoga artikel ini bermanfaat bagi saudara. Jika ingin mengutip, baik itu sebagian atau keseluruhan dari isi artikel ini harap menyertakan link dofollow ke http://androidjapane.blogspot.com/2012/09/basics-of-selinux-in-linux.html. Terima kasih sudah singgah membaca artikel ini.

0 komentar:

Posting Komentar

Trik SEO Terbaru support Online Shop Baju Wanita - Original design by Bamz | Copyright of android japan.