Differences

This shows you the differences between two versions of the page.

--- selinux [2015/09/21 07:18] – luke7858
+++ selinux [2024/05/23 07:26] (current) – external edit 127.0.0.1
@@ Line 20: / Line 20: @@
 ) Disabled
 \\
+\\
+\\
+**__Managing SELinux__**
+\\
+) SELinux Tools
+\\
+) /etc/sysconfig/selinux
+\\
+\\
+\\
+**__Resolving Label Issue__**
+\\
+If SELinux has been disabled for a while, chances are the labels for some directories and files will be incorrect. To reset the system to the correct labels you will need to create the following file and then reboot the system:
+\\
+<sxh bash>
+/.autorelabel
+</sxh>
+When the system reboots then this file will cause the relabel to happen early in the boot process.
+\\
+\\
+\\
+**__SE Policie Control__**
+\\
+<sxh bash>SELINUXTYPE=targeted|strict</sxh>
+\\
+E.g.
+\\
+You are able to target the following daemons: dhcpd, httpd (apache.te), named, nscd, ntpd, portmap, snmpd, squid
+<sxh bash>SELINUXTYPE=httpd|strict</sxh>
+\\
+You are able to control policy enforcement for daemons using boolean values:
+\\
+Value 1 - disabled SELinux protection for a daemon.
+\\
+\\
+\\
+**__List SELinux Booleans__**
+^ SEBool Value^Meaning |
+| 0 | Enabled  |
+| 1 | Disabled |
+\\
+The following command lists all SELinux booleans
+<sxh bash>
+getsebool -a
+</sxh>
+The following command is slightly better, you can view default preferences. EG. will is start on boot
+<sxh bash>
+semanage boolean -l | grep httpd
+</sxh>
+The following command