Am 19.01.21 um 17:25 schrieb Nicolas Kovacs:
Hi,
I have CentOS 7 running on a public server hosting all sorts of web applications, mail, XMPP, MPD, etc.
How do I reset SELinux configuration to defaults?
I know how to reset all my custom booleans to the initial state.
# cat /etc/selinux/targeted/active/booleans.local # This file is auto-generated by libsemanage # Do not edit directly.
httpd_unified=1 httpd_can_sendmail=1 spamd_enable_home_dirs=1 httpd_can_network_connect=1 ftpd_full_access=1 mpd_enable_homedirs=1 named_write_master_zones=1
Starting from there, I can manually reset them to 0 with setsebool.
On the other hand, I don't know how I would do something similar with the SELinux modules. I vaguely remember having created some of these, for example for Fail2ban to work correctly. But I don't remember what I did here over the years, what modules I created, etc.
How would I recreate the default SELinux configuration without having to wipe and reinstall the whole server?
list your modules with
semodule -l
and remove custom modules with
semodule -r myfail2ban
-- Leon