Managing SELinux Security - RHCSA (RH134).pdf

support8872 646 views 14 slides Sep 21, 2024
Slide 1
Slide 1 of 14
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14

About This Presentation

Slides on how to manage SELinux security - Part of RHCSA (RH134) syllabus

Size: 715.76 KB
Language: en
Added: Sep 21, 2024
Slides: 14 pages

Slide Content

Managing SELinux Security

SELinux
●SELinux: Linux kernel security module

●Enforces access control policies

●Implements mandatory access controls
(MAC)

●Regulates access to system resources with
fine-grained permissions.

●Apache compromise alone doesn't access user home directories
●SELinux rules must be configured for Apache to access user home files when
compromised

Options in SELinux
1. Enforcing Mode: Actively enforces access control policies

2. Permissive Mode: Logs policy violations without
enforcement

3. Disabled Mode: No access control or security enforcement

Note - The /etc/selinux/config file stores configuration
settings for SELinux.

Commands
●To check which option is enabled in SELinux.
Command: sestatus








Command : getenforce

Change SELinux option
●Change to permissive / disable from enforcing
Command: setenforce 0






●Change to enforcing from permissive / disable
Command : setenforce 1

●To permanently modify SELinux configuration , make change in
/etc/selinux/config file :
○From enforcing to disabled
■SELINUX=disabled

○From disabled to enforcing
■SELINUX=enforcing




Note: Disabling SELinux can compromise system security; always
have a backup or create a /.autorelabel file before rebooting.

SELinux main concepts
1.Labeling: Assigns security
labels to system resources,
determining their access
permissions

2.Type Enforcement: Controls
access based on the security
context of objects and subjects,
ensuring policy compliance

Labeling commands
●List all the labels for each file in a directory
Command: ls -lZ /etc/ssh







●List the labels of a directory
Command : ls -dZ /etc/ssh

● SELinux assigns labels at socket level
Command: netstat –tnlpZ | grep ssh





●SSH processes labeled in memory by SELinux
Command : ps axZ | grep sshd

● To change a type of a file or directory in label
Command: chcon -t httpd_sys_content_t /etc/ssh





●To restore it back to its original type
Command : restorecon -v /etc/ssh && ls -dZ /etc/ssh

SELinux Booleans
SELinux booleans are binary values that toggle specific system
behaviors and permissions
●Get list of all booleans
Command: getsebool -a

●Semanage with boolean -l is also use to list all booleans
Command : semanage boolean -l

●To set boolean to yes
Command : setsebool -P ssh_use_tcpd 1





●To set boolean to yes
Command : setsebool -P ssh_use_tcpd 0
Tags
rhcsa red hat certified system admin rhel rh134 red hat red hat linux selinux linux security selinux options labeling
Categories
Design
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 646
  • Slides 14
  • Age 456 days
Related Slideshows
MGV Residential Design projects for different clients, including a New Mexico Adobe project-1-.pdf 1
MGV Residential Design projects for different clients, including a New Mexico Adobe project-1-.pdf
mannyvesa
39 views
EUNITED_Advocacy and Public Engagement through Visual Media 16
EUNITED_Advocacy and Public Engagement through Visual Media
GeorgeDiamandis11
43 views
DESIGN THINKINGGG PPT 2 TOPIC IDEATION.pptx 31
DESIGN THINKINGGG PPT 2 TOPIC IDEATION.pptx
HibaZaidi2
37 views
DESIGN THINKING CHAPTER 1 PPTT PPT 1.pptx 36
DESIGN THINKING CHAPTER 1 PPTT PPT 1.pptx
HibaZaidi2
43 views
Hinduism and Its History - PowerPoint Slides.pptx 112
Hinduism and Its History - PowerPoint Slides.pptx
ConorMcCormack10
40 views
Service Attributes of Manufactured Parts.pptx 20
Service Attributes of Manufactured Parts.pptx
MustafaEnesKrmac
37 views
View More in This Category