Difference between revisions of "SELinux"
Jump to navigation
Jump to search
↑ "SELinux/Commands - FedoraProject". Retrieved 2015-11-25.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
↑ "chcon". Linuxcommand.org. Archived from the original on 2004-10-24. Retrieved 2013-02-06.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
↑ "restorecon(8) - Linux man page". Linux.die.net. Retrieved 2013-02-06.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
↑ "restorecond(8) - Linux man page". Linux.die.net. Retrieved 2013-02-06.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
↑ "runcon(1) - Linux man page". Linux.die.net. Retrieved 2013-02-06.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
↑ "secon(1) - Linux man page". Linux.die.net. Retrieved 2013-02-06.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
↑ "fixfiles(8): fix file SELinux security contexts - Linux man page". Linux.die.net. Retrieved 2013-02-06.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
↑ "setfiles(8): set file SELinux security contexts - Linux man page". Linux.die.net. Retrieved 2013-02-06.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
↑ "load_policy(8) - Linux man page". Linux.die.net. Retrieved 2013-02-06.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
↑ "booleans(8) - Linux man page". Linux.die.net. Retrieved 2013-02-06.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
↑ "getsebool(8): SELinux boolean value - Linux man page". Linux.die.net. Retrieved 2013-02-06.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
↑ "setsebool(8): set SELinux boolean value - Linux man page". Linux.die.net. Retrieved 2013-02-06.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
↑ "togglesebool(8) - Linux man page". Linux.die.net. Retrieved 2013-02-06.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
↑ "Ubuntu Manpage: selinux-config-enforcing - change /etc/selinux/config to set enforcing". Canonical Ltd. Archived from the original on 2012-12-20. Retrieved 2013-02-06.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
↑ "Ubuntu Manpage: selinuxenabled - tool to be used within shell scripts to determine if". Canonical Ltd. Archived from the original on 2013-02-09. Retrieved 2013-02-06.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
↑ "Ubuntu Manpage: selinux-policy-upgrade - upgrade the modules in the SE Linux policy". Canonical Ltd. Archived from the original on 2012-04-04. Retrieved 2013-02-06.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
Tags: Mobile web edit, Mobile edit |
|||
| (18 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| − | + | [[wikipedia:Security-Enhanced Linux]] is a [[Linux kernel]] security module that provides a mechanism for supporting access control security policies, including [[mandatory access controls]] (MAC). | |
| + | <code>[[semanage]]</code> and <code>[[restorecon]]</code> command line utilities can be used to manage SELinux configuration and behavior. | ||
| + | |||
| + | SELinux is available in [[RHEL]] 4 since 2005 and in [[Ubuntu]]. As of 2018 [[Ubuntu]] 18.04 LTS do not install SELinux by default. | ||
| + | |||
| + | |||
| + | == Command-line utilities == | ||
| + | <ref>{{cite web|url=https://fedoraproject.org/wiki/SELinux/Commands |title=SELinux/Commands - FedoraProject |accessdate=2015-11-25}}</ref> | ||
| + | <code>[[chcon]]</code>,<ref>{{cite web |url=http://linuxcommand.org/man_pages/chcon1.html |archive-url=https://web.archive.org/web/20041024211853/http://linuxcommand.org/man_pages/chcon1.html |url-status=dead |archive-date=2004-10-24 |title=chcon |publisher=Linuxcommand.org |accessdate=2013-02-06 }}</ref> | ||
| + | <code>restorecon</code>,<ref>{{cite web|url=http://linux.die.net/man/8/restorecon |title=restorecon(8) - Linux man page |publisher=Linux.die.net |date= |accessdate=2013-02-06}}</ref> | ||
| + | <code>restorecond</code>,<ref>{{cite web|url=http://linux.die.net/man/8/restorecond |title=restorecond(8) - Linux man page |publisher=Linux.die.net |date= |accessdate=2013-02-06}}</ref> | ||
| + | <code>runcon</code>,<ref>{{cite web|url=http://linux.die.net/man/1/runcon |title=runcon(1) - Linux man page |publisher=Linux.die.net |date= |accessdate=2013-02-06}}</ref> | ||
| + | <code>secon</code>,<ref>{{cite web|url=http://linux.die.net/man/1/secon |title=secon(1) - Linux man page |publisher=Linux.die.net |date= |accessdate=2013-02-06}}</ref> | ||
| + | <code>fixfiles</code>,<ref>{{cite web|url=http://linux.die.net/man/8/fixfiles |title=fixfiles(8): fix file SELinux security contexts - Linux man page |publisher=Linux.die.net |date= |accessdate=2013-02-06}}</ref> | ||
| + | <code>setfiles</code>,<ref name="auto">{{cite web|url=http://linux.die.net/man/8/setfiles |title=setfiles(8): set file SELinux security contexts - Linux man page |publisher=Linux.die.net |date= |accessdate=2013-02-06}}</ref> | ||
| + | <code>load_policy</code>,<ref>{{cite web|url=http://linux.die.net/man/8/load_policy |title=load_policy(8) - Linux man page |publisher=Linux.die.net |date= |accessdate=2013-02-06}}</ref> | ||
| + | <code>booleans</code>,<ref>{{cite web|url=http://linux.die.net/man/8/booleans |title=booleans(8) - Linux man page |publisher=Linux.die.net |date= |accessdate=2013-02-06}}</ref> | ||
| + | <code>getsebool</code>,<ref>{{cite web|url=http://linux.die.net/man/8/getsebool |title=getsebool(8): SELinux boolean value - Linux man page |publisher=Linux.die.net |date= |accessdate=2013-02-06}}</ref> | ||
| + | <code>setsebool</code>,<ref>{{cite web|url=http://linux.die.net/man/8/setsebool |title=setsebool(8): set SELinux boolean value - Linux man page |publisher=Linux.die.net |date= |accessdate=2013-02-06}}</ref> | ||
| + | <code>togglesebool</code><ref>{{cite web|url=http://linux.die.net/man/8/togglesebool |title=togglesebool(8) - Linux man page |publisher=Linux.die.net |date= |accessdate=2013-02-06}}</ref> | ||
| + | <code>setenforce</code>, | ||
| + | <code>semodule</code>, | ||
| + | <code>postfix-nochroot</code>, | ||
| + | <code>check-selinux-installation</code>, | ||
| + | <code>semodule_package</code>, | ||
| + | <code>checkmodule</code>, | ||
| + | <code>selinux-config-enforcing</code>,<ref>{{cite web |url=http://manpages.ubuntu.com/manpages/natty/man8/selinux-config-enforcing.8.html |title=Ubuntu Manpage: selinux-config-enforcing - change /etc/selinux/config to set enforcing |publisher=[[Canonical Ltd]] |accessdate=2013-02-06 |url-status=dead |archiveurl=https://web.archive.org/web/20121220020432/http://manpages.ubuntu.com/manpages/natty/man8/selinux-config-enforcing.8.html |archivedate=2012-12-20 }}</ref> | ||
| + | <code>selinuxenabled</code>,<ref>{{cite web |url=http://manpages.ubuntu.com/manpages/natty/man1/selinuxenabled.1.html |title=Ubuntu Manpage: selinuxenabled - tool to be used within shell scripts to determine if |publisher=[[Canonical Ltd]] |accessdate=2013-02-06 |url-status=dead |archiveurl=https://web.archive.org/web/20130209033811/http://manpages.ubuntu.com/manpages/natty/man1/selinuxenabled.1.html |archivedate=2013-02-09 }}</ref> | ||
| + | and <code>selinux-policy-upgrade</code><ref>{{cite web |url=http://manpages.ubuntu.com/manpages/natty/man8/selinux-policy-upgrade.8.html |title=Ubuntu Manpage: selinux-policy-upgrade - upgrade the modules in the SE Linux policy |publisher=[[Canonical Ltd]] |accessdate=2013-02-06 |url-status=dead |archiveurl=https://web.archive.org/web/20120404160143/http://manpages.ubuntu.com/manpages/natty/man8/selinux-policy-upgrade.8.html |archivedate=2012-04-04 }}</ref> | ||
| + | |||
| + | [[sestatus]] | ||
| + | [[setenforce]] enforcing | ||
| + | |||
| + | |||
| + | <code>setenforce 0</code> | ||
| + | |||
| + | == Related == | ||
| + | * [[selinux-utils]] | ||
== See also == | == See also == | ||
| − | * | + | * {{AppArmor}} |
| − | * seccomp | + | * {{seccomp}} |
| + | * {{SELinux}} | ||
| + | * {{Security modules}} | ||
| + | |||
[[Category:Linux]] | [[Category:Linux]] | ||
| + | [[Category:Security]] | ||
| + | [[Category:SELinux]] | ||
Latest revision as of 09:51, 7 November 2021
wikipedia:Security-Enhanced Linux is a Linux kernel security module that provides a mechanism for supporting access control security policies, including mandatory access controls (MAC).
semanage and restorecon command line utilities can be used to manage SELinux configuration and behavior.
SELinux is available in RHEL 4 since 2005 and in Ubuntu. As of 2018 Ubuntu 18.04 LTS do not install SELinux by default.
Command-line utilities[edit]
[1]
chcon,[2]
restorecon,[3]
restorecond,[4]
runcon,[5]
secon,[6]
fixfiles,[7]
setfiles,[8]
load_policy,[9]
booleans,[10]
getsebool,[11]
setsebool,[12]
togglesebool[13]
setenforce,
semodule,
postfix-nochroot,
check-selinux-installation,
semodule_package,
checkmodule,
selinux-config-enforcing,[14]
selinuxenabled,[15]
and selinux-policy-upgrade[16]
sestatus setenforce enforcing
setenforce 0
Related[edit]
See also[edit]
- AppArmor,
/etc/apparmor.d/libvirt,apparmor_status - Seccomp
- SELinux,
semanage,sestatus,getenforce,chcon, security context,setsebool - Mandatory access control: AppArmor, SELinux, seccomp, System Integrity Protection (macOS)
Advertising:
