SELinux AppArmor - yar145/mytestrepo1 GitHub Wiki
sestatus
SESELinux context by using the following syntax: Linux user:Role:Type:Level
ls -ldZ /etc/passwd -rw-r--r--. 1 root root system_u:object_r:passwd_file_t:s0 1915 ноя 11 2022 /etc/passwd
yum install setools-console
listing of the available SELinux types seinfo --type | head
id -Z
Check what ports SELinux allows for sshd: sudo semanage port -l | grep ssh
Add a new port to the SELinux policy. semanage port -a -t ssh_port_t -p tcp 2222
Modify a port in the SELinux policy
semanage port -m -t ssh_port_t -p tcp 443
Get a listing of all the current Linux user mappings semanage login -l
Get a listing of the SELinux users seinfo -u
Get a list of booleans along with their meaning. semanage boolean -l
Query the SELinux policy for a boolean. sesearch -b httpd_can_network_connect -A
Show local SELinux policy customizations. semanage boolean -l -C
SELinux File Context
Make temporary label changes. chcon -R -t httpd_sys_content_t /web/
Return labels to default settings. restorecon -R -v /web/
Make label changes permanent. semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
Show the context of the newly created files and directories. semanage fcontext -C -l
Apply the changes to the context. restorecon -R -v /web
Remove the new SELinux context. semanage fcontext -d "/web(/.*)?"
Apply the changes and verify the context returned to default_t. restorecon -R -v /web; ls -ldZ /web; ls -lZ /web
45. Принудительный контроль доступа - SElinux (RHCSA)
New install with SELinux, syslog-ng having permission issues?
AppArmor
How to disable AppArmor in Ubuntu and Debian
sudo apparmor_status
sudo systemctl stop apparmor
sudo systemctl disable apparmor