SELinux AppArmor - yar145/mytestrepo1 GitHub Wiki

Use SELinux on Oracle Linux

sestatus

SESELinux context by using the following syntax: Linux user:Role:Type:Level

ls -ldZ /etc/passwd -rw-r--r--. 1 root root system_u:object_r:passwd_file_t:s0 1915 ноя 11 2022 /etc/passwd

yum install setools-console

listing of the available SELinux types seinfo --type | head

id -Z

Check what ports SELinux allows for sshd: sudo semanage port -l | grep ssh

Add a new port to the SELinux policy. semanage port -a -t ssh_port_t -p tcp 2222

Modify a port in the SELinux policy

semanage port -m -t ssh_port_t -p tcp 443

Get a listing of all the current Linux user mappings semanage login -l

Get a listing of the SELinux users seinfo -u

Get a list of booleans along with their meaning. semanage boolean -l

Query the SELinux policy for a boolean. sesearch -b httpd_can_network_connect -A

Show local SELinux policy customizations. semanage boolean -l -C

SELinux File Context

Make temporary label changes. chcon -R -t httpd_sys_content_t /web/

Return labels to default settings. restorecon -R -v /web/

Make label changes permanent. semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"

Show the context of the newly created files and directories. semanage fcontext -C -l

Apply the changes to the context. restorecon -R -v /web

Remove the new SELinux context. semanage fcontext -d "/web(/.*)?"

Apply the changes and verify the context returned to default_t. restorecon -R -v /web; ls -ldZ /web; ls -lZ /web

Administering SELinux

45. Принудительный контроль доступа - SElinux (RHCSA)

New install with SELinux, syslog-ng having permission issues?

AppArmor

How to disable AppArmor in Ubuntu and Debian

sudo apparmor_status

sudo systemctl stop apparmor

sudo systemctl disable apparmor