Cool Dba

  • Home
  • Sql tricks
  • Security
  • Maintainance
  • Backups
  • Recovery
  • Replication
  • Installation
  • Linux

Thursday, May 26, 2016

SELinux mechanism in linux environment.

 Anil Joshi     11:22 PM     Linux, Security, SELinux     No comments   




Security-Enhanced Linux (SELinux) is a mandatory access control (MAC) security mechanism implemented in the kernel. SELinux was first introduced in CentOS 4 and significantly enhanced in later CentOS releases. 

SELinux follows the model of least-privilege more closely. By default under a strict enforcing setting, everything is denied and then a series of exceptions policies are written that give each element of the system  only the access required to function. If a service, program or user subsequently tries to access or modify a file or resource not necessary for it to function, then access is denied and the action is logged.

SELinux has three basic modes of operation discussed below:
  • Enforcing: The default mode which will enable and enforce the SELinux security policy on the system, denying access and logging actions
  • Permissive: In Permissive mode, SELinux is enabled but will not enforce the security policy, only warn and log actions. Permissive mode is useful for troubleshooting SELinux issues
  • Disabled: SELinux is turned off

Some useful commands for understanding SELinux;

1.check SELinux status

  sestatus

2.Check port is open

   netstat -tlpn | grep 3306

3.check port is blocked by SELinux

   semanage port -l | grep 3306

4.Open port in SELinux

semanage port -a -t http_port_t -p tcp 3306

5.Drop port in SELinux

semanage port -d -t http_port_t -p tcp 3306

6.check SELinux status
cat /var/log/audit/audit.log|grep -i "mysql"

Hope this bring some basic understanding about SELinux !

  • Share This:  
  •  Facebook
  •  Twitter
  •  Google+
  •  Stumble
  •  Digg
Email ThisBlogThis!Share to XShare to Facebook
Newer Post Older Post Home

0 comments:

Post a Comment

Deals on Amazon

Mobiles on Amazon

About Me

My photo
Anil Joshi
New Delhi, Delhi, India
I am a simple man with little knowledge of computer software and Tehnology.
View my complete profile

Popular Posts

  • SELinux mechanism in linux environment.
    Security-Enhanced Linux (SELinux) is a mandatory access control (MAC) security mechanism implemented in the kernel. SELinux was first ...
  • Finding and preventing ddos attack on Linux Server
    A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usual...
  • Master-Slave Replication without downtime
    First, we configure master’s   /etc/mysql/my.cnf   by including these lines in the [mysqld] section: server - id = 1 bin...
  • Mysql Security
    Improved  MySQL Database Se curity 1. Secure your server Many known attacks are possible only once physical access to a machi...
  • Check and Repair Mysql Tables
      Check a Specific Table in a Database If your application throws an error message saying that a specific table is corrupted, exe...
  • Filter Replication Variables
    Filtering can be done on the Master or on the Slave. Filtering on the Slave is normally preferred as in this case you get full binary lo...
  • Complete uninstallation of Mysql Server on centos
    Step 1: Check list the mysql rpm which is installed on server rpm -qa | grep mysql or yum list installed | grep mysql Step 2 : Re...
  • Tracing the execution of processes using strace
    Strace is quite simply a tool that traces the execution of system calls. It can trace the execution of a binary from start to end, and ou...
  • Mysql Installation using rpm package
        1.Download the required rpm filess MySQL-client-community-5.1.25-0.rhel5.i386.rpm MySQL-server-community-5.1.25-0.rhel5.i386....
  • MySQL Restart Failed
           MySQL Restart Failed :   The Server Quit Without Updating PID File [root@server: ~ ] $ service mysqld start Starti...
Best Shoes on amazon

Categories

  • Backups
  • Database Maintainance
  • Installation
  • Linux
  • Mysql
  • Recovery
  • Replication
  • Scripts
  • Security
  • SELinux
  • sql tricks
  • Strace

Pages

  • Home

Blog Archive

  • ▼  2016 (19)
    • ►  June (1)
    • ▼  May (18)
      • Finding and preventing ddos attack on Linux Server
      • Tracing the execution of processes using strace
      • SELinux mechanism in linux environment.
      • Simple bash script's for managing mysql
      • Running multiple mysql instance on single server(C...
      • Mysql Installation using rpm package
      • Check and Repair Mysql Tables
      • Dual Master Replication(Master-Master)
      • Filter Replication Variables
      • Master-Slave Replication without downtime
      • How to Export and Import files in Mysql
      • Recovering InnoDB MySQL Tables Data from ibdata ...
      • Check Database Size,Compare tables & column Differ...
      • Store Procedure & Views Backups
      • Mysql Security
      • MySQL Restart Failed
      • Running select statement inside an update query
      • Mass Killing Mysql Process

Sample Text

Copyright © Cool Dba | Powered by Blogger
Design by Hardeep Asrani | Blogger Theme by NewBloggerThemes.com | Distributed By Gooyaabi Templates