SELinux for idiots

ally_ukally_uk Member Posts: 1,145 ■■■■□□□□□□
Does such a thing exist? I am trying to get to grips with the basics so I can form a foundation of knowledge but even that is proving difficult. I am ending up with headaches I have watched tutorials and read some documentation but in all honesty I do not understand it :)

Gods of LInux can you summarise what SELinux is? like really break it down for me?

Or is there some really noob friendly documentation around? I am currently switching SElinux off completely but I wish to turn it on and actually understand what the hell it is doing lol

Many Thanks
Microsoft's strategy to conquer the I.T industry

" Embrace, evolve, extinguish "

Comments

  • OctalDumpOctalDump Member Posts: 1,722
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • alias454alias454 Member Posts: 648
    Here is an SELinux coloring book https://github.com/mairin/selinux-coloring-book
    “I do not seek answers, but rather to understand the question.”
  • ArchonArchon Member Posts: 183 ■■■□□□□□□□
    This book is awesome. No one in the office has any coloured pens or pencils though icon_sad.gif
  • OctalDumpOctalDump Member Posts: 1,722
    One step closer. I'm pretty sure this is the same presenter for the video I am thinking of.

    https://www.youtube.com/watch?v=cNoVgDqqJmM
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • VeritiesVerities Member Posts: 1,162
    SELinux is a Mandatory Access Control and it assigns different contexts to each file, known as subjects, objects, and actions. A subject is a process, an object is a file, and an action is what may be done by the subject to the object. It allows for fine grain access controls to a system, which provides a very powerful solution for administrators. This is just a the tip of the ice berg, so I suggest doing a bunch of reading in the Red Hat 7 SELinux Administrator's Guide for further information.

    Also you need to lab to understand SELinux...so configure a system and set SELinux to Permissive mode (logs all violations). Next install setroubleshoot-server and run sealert -a /var/log/audit/audit.log. Now you can read how to fix any violations and what degree of confidence the program suggests for each action to get resolved.
  • MagmadragoonMagmadragoon Member Posts: 172 ■■■□□□□□□□
    The best way I think of SELinux is it protects the Linux OS from anything that is not typical. For example, you have a Linux server that does SSH over port 22. If you decide to add SSH to port 2222 it is going to fail even if the port is open on the firewall. To enable the port 2222 to work in the system you use sudo semanage port -a -t ssh_port_t -p tcp 2222 .Then to verify if the port is now working use sudo semanage port -l | grep ssh.

    To check if the system has SELinux enabled you use the command getenforce and it should return Enforcing if SELinux is enabled or Permissive if disabled. To set the SELinux status use the setenforce 0 to go to Permissive and setenforce 1 to go to Enforcing.
Sign In or Register to comment.