sestatus show selinux status
getenforce show enforcing status of selinux
setenforce enforcing|permissive set status of selinux
getsebool -a show the boolean value of the service
setsebool -P set the the boolean value
chcon - u(user) -r (role) -t (type) change context of a file
chcon --reference=<dir> <dir_to_change_context> copy the context of the dir as referrence
restorecon -F myfile restore file default file context
User
unconfined_u unprotected user
system_u system user
user_u normal user
Role
object_r file
system_r users processes
domain
unconfined_r unprotected file or process
Set enforcing and permissive modes for SELinux
-thru configfile edit /etc/sysconfig/selinux
-or use the command setenforce
#setenforce Enforcing|Permissive
List and identify SELinux file and process context
- File
ls -lZ
-Process
ps -eZ|grep <process name>
Restore default file contexts
restorecon -F myfile
chcon - u(user) -r (role) -t (type) change context of a file
chcon --reference=<dir> <dir_to_change_context> copy the context of the dir as referrence
Use boolean settings to modify system SELinux settings
getsebool -a show the boolean value of the service
setsebool -P <boolean>=1/0 set the the boolean value
Diagnose and address routine SELinux policy violations
To get man pages for a certain commands
man -k _selinux
Description of the boolean
semanage boolean -l #provided by the policycoreutils-python
To survive a SELinux relabel
ex: #semanage fcontext -a -s system_u -t httpd_sys_script_exec_t /var/www/cgi-bin
I am prepping for the class next week. Thanks for all your notes. I am working through them and trying to make sure I understand as much as I can before I go to the week long class. I have been using Jang's book for the RHEL 5 class, but there are quite a few differences between it and RHEL 6. Postfix 2 and the lack of an xorg.conf are just the starters... I wish I had been able to wait until his new book was out, but such is life...
ReplyDeleteMost of the information that they are testing for I believe I have got already. However, the two hour time limit is a bit worrysome (especially if I hit SELinux problems...grrr). Any idea what the test is like?
Also, I noticed on the requirements page they have a bunch of stuff on virtual machines. Since Red Hat has put such a big effort in KVM it is probably a good guess that the virtual machines are KVM. Any idea on the level of complexity that they are going to ask?
Thanks again.
~S~
Thanks for visiting my site, I don't have any idea on how the exam looks like. Also waiting for Michael jang book and hopefully it will be out before i sit for the exam. You can also check out Damian tomasino book which so far the only book for rhel6 exam to date. Check out my site and books listing. Good luck to us. If you have further inquiries (not dumps) pls email me at mctofferatgmaildotcom
ReplyDelete