SELinux AppArmor - yar145/mytestrepo1 GitHub Wiki
sestatus
SESELinux context by using the following syntax: Linux user:Role:Type:Level
ls -ldZ /etc/passwd -rw-r--r--. 1 root root system_u:object_r:passwd_file_t:s0 1915 ноя 11 2022 /etc/passwd
yum install setools-console
listing of the available SELinux types seinfo --type | head
id -Z
Check what ports SELinux allows for sshd: sudo semanage port -l | grep ssh
Add a new port to the SELinux policy. semanage port -a -t ssh_port_t -p tcp 2222
Modify a port in the SELinux policy
semanage port -m -t ssh_port_t -p tcp 443
Get a listing of all the current Linux user mappings semanage login -l
Get a listing of the SELinux users seinfo -u
Get a list of booleans along with their meaning. semanage boolean -l
Query the SELinux policy for a boolean. sesearch -b httpd_can_network_connect -A
Show local SELinux policy customizations. semanage boolean -l -C
SELinux File Context
Make temporary label changes. chcon -R -t httpd_sys_content_t /web/
Return labels to default settings. restorecon -R -v /web/
Make label changes permanent. semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
Show the context of the newly created files and directories. semanage fcontext -C -l
Apply the changes to the context. restorecon -R -v /web
Remove the new SELinux context. semanage fcontext -d "/web(/.*)?"
Apply the changes and verify the context returned to default_t. restorecon -R -v /web; ls -ldZ /web; ls -lZ /web
45. Принудительный контроль доступа - SElinux (RHCSA)
New install with SELinux, syslog-ng having permission issues?
AppArmor
How to disable AppArmor in Ubuntu and Debian
sudo apparmor_status
sudo systemctl stop apparmor
sudo systemctl disable apparmor
[How to Enable or Disable AppArmor on Ubuntu 24.04, 22.04, or 20.04](How to Enable or Disable AppArmor on Ubuntu 24.04, 22.04, or 20.04)
Check AppArmor Profiles Loaded
apparmor_status
Alternative Status Check: Using aa-status
aa-status
Backing Up AppArmor Profiles
cp -R /etc/apparmor.d /etc/apparmor.d.bak
Disabling a Specific AppArmor Profile
aa-disable /etc/apparmor.d/
Viewing Disabled AppArmor Profiles
ls /etc/apparmor.d/disable
[How do I block Internet for an app using an apparmor custom profile?](How do I block Internet for an app using an apparmor custom profile?)
apt-get install apparmor-utils
create your profile using generate profile tool:
aa-genprof /opt/sublime_text/sublime_text
apparmor_parser -r /etc/apparmor.d/opt.sublime_text.sublime_text
/opt/sublime_text/sublime_text {
deny network inet,
deny network inet6,
deny network raw, #include <abstractions/base>
/opt/sublime_text/sublime_text mr,
/opt/sublime-text/ rw,
/home/shady/.config/sublime-text-3/ rw,
}
Selectively block internet access via Apparmor
Безопасный Linux вместе с AppArmor
[How To Create an AppArmor Profile for Nginx on Ubuntu 14.04](How To Create an AppArmor Profile for Nginx on Ubuntu 14.04)
Crowdstrike
Installing CrowdStrike Falcon on Ubuntu
systemctl status falcon-sensor