Board index Linux Linux - Tips&Tricks

Moderator: chandranjoy

SELinux command line tools

Postby chandranjoy » Wed Sep 01, 2010 8:56 pm

Among the most significant features of Red Hat Enterprise Linux 4 is SELinux (Security Enhanced Linux), a powerful, kernel-level security layer that provides fine-grained control over what users and processes may access and execute on a system. By default, SELinux is enabled on Red Hat Enterprise Linux systems, enforcing a set of mandatory access controls that Red Hat calls the targeted policy. These access controls substantially enhance the security of the network services they target, but can sometimes affect the behavior of third-party applications and scripts that worked under previous versions of Red Hat Enterprise Linux.

An understanding of basic SELinux commandline tools is essential.
* sestatus - to see general status information and some boolean settings
* getenforce - to see the actual selinux mode
* setenforce 1/0 - to switch between enforcing-/warning-mode
* enforcing=1/0 - grub boot parameter to boot in selinux enforcing- or warning mode, regardless of the /etc/sysconfig/selinux settings
* system-config-securitylevel - to statically set the selinux mode and policy version
* -Z option - used by "ps" and "ls" to see the security context set on files and processes
* chcon - to change the security context on files (chcon --reference to use a reference)

Site Admin
Posts: 283
Joined: Fri Oct 23, 2009 11:19 pm

Return to Linux - Tips&Tricks

Who is online

Users browsing this forum: No registered users and 1 guest