Security-Enhanced Linux (SELinux) is a mandatory access control (MAC) security mechanism implemented in the kernel. SELinux was first introduced in CentOS 4 and significantly enhanced in later CentOS releases.
SELinux follows the model of least-privilege more closely. By default under a strict enforcing setting, everything is denied and then a series of exceptions policies are written that give each element of the system only the access required to function. If a service, program or user subsequently tries to access or modify a file or resource not necessary for it to function, then access is denied and the action is logged.
SELinux has three basic modes of operation discussed below:
- Enforcing: The default mode which will enable and enforce the SELinux security policy on the system, denying access and logging actions
- Permissive: In Permissive mode, SELinux is enabled but will not enforce the security policy, only warn and log actions. Permissive mode is useful for troubleshooting SELinux issues
- Disabled: SELinux is turned off
Some useful commands for understanding SELinux;
1.check SELinux status
sestatus
2.Check port is open
netstat -tlpn | grep 3306
3.check port is blocked by SELinux
semanage port -l | grep 3306
4.Open port
in
semanage
port -a -t http_port_t -p tcp 3306
5.Drop port in SELinux
semanage port -d -t http_port_t -p tcp 3306
6.check SELinux status
cat /var/log/audit/audit.log|grep -i
"mysql"
Hope this bring some basic understanding about SELinux !
0 comments:
Post a Comment