SELinux notes
Random SELinux notes
| Command | Description |
|---|---|
| ps -efZ | detailed list of all running processeswith their associated security contexts or SELinux contexts. |
| getenforce | current SELinux mode |
| sestatus | show SELinux status |
| setenforce 1 | set the SELinux mode to Enforcing, SELinux will actively enforce the security policies |
| setenforce 0 | set the SELinux mode to Permissive, SELinux will not actively enforce the security policies |
| ausearch -m AVC,USER_AVC,SELINUX_ERR,USER_SELINUX_ERR -ts today | searches the audit logs for specific types of security events |
| sealert -l “*” | display a list of all SELinux audit log messages that have been recorded |
| semanage port -l | displays a list of all ports defined in the SELinux policy |
| semanage port -a -t http_port_t -p tcp | add a new port to the SELinux policy (http) |
| semanage fcontext -a -t httpd_sys_content_t “/var/www(/.*)?” | add a new file context mapping that will apply to files and directories under the /var/www directory |
| restorecon -R -v /var/www | restore the default SELinux file contexts for all files and directories under the /var/www |