SELinux useful commands

(Featured image: Just something I created) starting log services # chkconfig –levels 2345 auditd on # chkconfig –levels 2345 rsyslog on # service auditd start When in permissive mode users can mislabel files, to fix this and force relabeling on boot use: #touch /.autorelabel; reboot Enable SELinux Run SELinux in permissive mode by changing¬†/etc/selinux/config SELINUX=permissive […]

SELinux Users

(Featured image is a screenshot of java class PS2PDF’s uses to execute external executables) Linux users are mapped to SELinux users via a policy. This allow inheriting rules that would restrict things they can do in a system. Following command will give you all the mapping and users on a CentOS/RHEL system # semanage login […]

SELinux Targeted Policy

(Featured image is a PostScript file written to exploit servers running GhostScript. It was used to get an shell on our servers to mine bitcoin) Default SELinux policy enabled in CentOS/RHEL is targeted policy. Processes that are targeted run in a confined domain. Other processes are run in unconfined domain. Processes runs on unconfined domain […]

SELinux Basics

(Featured image is a well know hex encoding of a code block that is used for buffer overflow attacks) SELinux Context: When SELinux is in enabled mode, all the files/processes are labeled with SELinux context. Context made of SELinux user/role/type and possibly a level. SELinux use these data, context, to make access control decisions. RHEL/CentOS […]