Dear All,
Currently i have using CentOS4.4 and Kernel Version is 2.6.9-42.EL. I have disabled selinux on kickstart installation and command is *selinux --disabled * Can any one help me or guide me to 1. Enable the selinux 2. Selinux Customize my own policy
Regards -S.Balaji
Balaji wrote:
- Can any one help me or guide me to
- Enable the selinux
setenforce 1
Use "getenforce" to determine the current status of selinux. Look in /etc/selinux/config for details of policy being used - e.g. targeted.
- Selinux Customize my own policy
man setsebool man getsebool
These will help you modify options in the supplied policies. For example, use "getsebool -a | grep http" to list all selinux options and filter the list for those pertaining to http. You can of course create your own policy and local customisations based on audit logs etc, but I've not ventured down this path myself. Others on the list will be able to assist if you need to go that way.
Hope that gets you started :)
Cheers,
Ian
Dear All, I have executed the following command and i have changed the "/etc/selinux/config" file and reboot the PC also setenforce 1 i have getting the following message only setenforce: SELinux is disabled
Regards -S.Balaji
Ian Blackwell wrote:
Balaji wrote:
- Can any one help me or guide me to
- Enable the selinux
setenforce 1
Use "getenforce" to determine the current status of selinux. Look in /etc/selinux/config for details of policy being used - e.g. targeted.
- Selinux Customize my own policy
man setsebool man getsebool
These will help you modify options in the supplied policies. For example, use "getsebool -a | grep http" to list all selinux options and filter the list for those pertaining to http. You can of course create your own policy and local customisations based on audit logs etc, but I've not ventured down this path myself. Others on the list will be able to assist if you need to go that way.
Hope that gets you started :)
Cheers,
Ian _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Balaji wrote:
Dear All, I have executed the following command and i have changed the "/etc/selinux/config" file and reboot the PC also setenforce 1 i have getting the following message only setenforce: SELinux is disabled
Please post your /etc/selinux/config file.
Thanks,
Ian
PS: Please bottom post and trim messages - these are the guidelines for this list.
Dear All,
Find attached the selinux configuration file "/etc/selinux/config"
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=enforcing # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted
Find attached the system log "/var/log/messages" file for your guidelines
Regards -S.Balaji
Ian Blackwell wrote:
Balaji wrote:
Dear All, I have executed the following command and i have changed the "/etc/selinux/config" file and reboot the PC also setenforce 1 i have getting the following message only setenforce: SELinux is disabled
Please post your /etc/selinux/config file.
Thanks,
Ian
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=enforcing # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted
Dear All,
Find attached the selinux configuration file "/etc/selinux/config"
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=enforcing # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted
Please post /boot/grub/grub.conf as well. There may be an "selinux" or "enforcing" parameter on the kernel line that is producing unexpected results.
Dear All, Find attached the grub boot loader configuration file "/boot/grub/grub.conf"
Regards -S.Balaji
Barry Brimer wrote: Please post /boot/grub/grub.conf as well. There may be an "selinux" or "enforcing" parameter on the kernel line that is producing unexpected results.
# grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes to this file # NOTICE: You have a /boot partition. This means that # all kernel and initrd paths are relative to /boot/, eg. # root (hd0,0) # kernel /vmlinuz-version ro root=/dev/vgroot/LogVol02 # initrd /initrd-version.img #boot=/dev/hda default=2 timeout=5 password --md5 $1$KzqM8$cLC0UIaUN8QwVAlwDMGWl0 splashimage=(hd0,0)/grub/splash.xpm.gz hiddenmenu title Red Hat Enterprise Linux ES (2.6.9-34.ELhugemem) root (hd0,0) kernel /vmlinuz-2.6.9-34.ELhugemem ro root=/dev/vgroot/LogVol02 rhgb quiet initrd /initrd-2.6.9-34.ELhugemem.img title Red Hat Enterprise Linux ES (2.6.9-34.ELsmp) root (hd0,0) kernel /vmlinuz-2.6.9-34.ELsmp ro root=/dev/vgroot/LogVol02 rhgb quiet initrd /initrd-2.6.9-34.ELsmp.img title Red Hat Enterprise Linux ES (2.6.9-34.EL) root (hd0,0) kernel /vmlinuz-2.6.9-34.EL ro root=/dev/vgroot/LogVol02 rhgb quiet initrd /initrd-2.6.9-34.EL.img
Dear All,
I have wrongly attached RHEL grub configuration with previous mail and now I am attached the CentOS grub boot loader configuration file "/boot/grub/grub.conf"
Regards -S.Balaji Balaji wrote:
Dear All, Find attached the grub boot loader configuration file "/boot/grub/grub.conf"
Regards -S.Balaji
Barry Brimer wrote: Please post /boot/grub/grub.conf as well. There may be an "selinux" or "enforcing" parameter on the kernel line that is producing unexpected results.
# grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes to this file # NOTICE: You do not have a /boot partition. This means that # all kernel and initrd paths are relative to /, eg. # root (hd0,0) # kernel /boot/vmlinuz-version ro root=/dev/hda1 # initrd /boot/initrd-version.img #boot=/dev/hda default=0 timeout=5 splashimage=(hd0,0)/boot/grub/splash.xpm.gz hiddenmenu title CentOS-4 i386 (2.6.9-42.EL) root (hd0,0) kernel /boot/vmlinuz-2.6.9-42.EL ro root=LABEL=/ rhgb quiet initrd /boot/initrd-2.6.9-42.EL.img
On Wed, 15 Oct 2008, Balaji wrote:
Dear All, Find attached the grub boot loader configuration file "/boot/grub/grub.conf"
Regards -S.Balaji
Barry Brimer wrote: Please post /boot/grub/grub.conf as well. There may be an "selinux" or "enforcing" parameter on the kernel line that is producing unexpected results.
I don't see anything in your grub.conf that alters how SELinux is handled.
Balaji wrote:
Dear All, I have executed the following command and i have changed the "/etc/selinux/config" file and reboot the PC also setenforce 1 i have getting the following message only setenforce: SELinux is disabled
Try using the GUI tools to enable and configure SELinux. Let us know if anything changes or not.
Ian
Dear All, Sorry for the delay and i am on the leave and today only i have seen you response mail. I have enabled selinux using GUI tools, but i have getting same SELinux is disabled message.
Regards -S.Balaji
Ian Blackwell wrote:
Balaji wrote:
Dear All, I have executed the following command and i have changed the "/etc/selinux/config" file and reboot the PC also setenforce 1 i have getting the following message only setenforce: SELinux is disabled
Try using the GUI tools to enable and configure SELinux. Let us know if anything changes or not.
Ian
I have enabled selinux using GUI tools, but i have getting same SELinux is disabled message.
What is the output of "rpm -qa | grep -i -e selinux" and "cat /proc/cmdline" ?? Are you using a CentOS supplied kernel, or your own kernel? I suppose you would try adding "selinux=1 enforcing=1" to the end of your kernel line in your grub.conf, although I've never needed to do that to get SELinux to activate.
Barry
Dear All, I have executed the following command at centos pc and command output are placed below [root@localhost ~]# rpm -qa | grep -i -e selinux libselinux-devel-1.19.1-7.2 selinux-doc-1.14.1-1 libselinux-1.19.1-7.2 selinux-policy-targeted-sources-1.17.30-2.140 selinux-policy-targeted-1.17.30-2.140 [root@localhost ~]# cat /proc/cmdline auto BOOT_IMAGE=linux ro BOOT_FILE=/boot/vmlinuz-2.6.9-42.EL rhgb quiet root=LABEL=/
Regards -S.Balaji
Barry Brimer wrote:
I have enabled selinux using GUI tools, but i have getting same SELinux is disabled message.
What is the output of "rpm -qa | grep -i -e selinux" and "cat /proc/cmdline" ?? Are you using a CentOS supplied kernel, or your own kernel? I suppose you would try adding "selinux=1 enforcing=1" to the end of your kernel line in your grub.conf, although I've never needed to do that to get SELinux to activate.
Barry _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
I have executed the following command at centos pc and command output are placed below [root@localhost ~]# rpm -qa | grep -i -e selinux libselinux-devel-1.19.1-7.2 selinux-doc-1.14.1-1 libselinux-1.19.1-7.2 selinux-policy-targeted-sources-1.17.30-2.140 selinux-policy-targeted-1.17.30-2.140 [root@localhost ~]# cat /proc/cmdline auto BOOT_IMAGE=linux ro BOOT_FILE=/boot/vmlinuz-2.6.9-42.EL rhgb quiet root=LABEL=/
Regards -S.Balaji
Did you try my previous suggestion of adding "selinux=1 enforcing=1" to the kernel line in your grub.conf? While you're at it .. make sure that you're editing /boot/grub/grub.conf .. most people use /etc/grub.conf .. which is a symlink to /boot/grub/grub.conf .. if the symlink is broken and /etc/grub.conf is an independent file, you can edit it all day and not affect grub. Same goes for /etc/selinux/config which is the real file, and /etc/sysconfig/selinux which is what most people edit.
Barry
Dear All, I have tried with your previous suggestion of adding "selinux=1 enforcing=1" to the kernel line in my grub.conf file and my grub configuration details are below # grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes to this file # NOTICE: You do not have a /boot partition. This means that # all kernel and initrd paths are relative to /, eg. # root (hd0,0) # kernel /boot/vmlinuz-version ro root=/dev/hda1 # initrd /boot/initrd-version.img #boot=/dev/hda default=0 timeout=5 splashimage=(hd0,0)/boot/grub/splash.xpm.gz hiddenmenu title CentOS-4 i386 (2.6.9-42.EL) root (hd0,0) kernel /boot/vmlinuz-2.6.9-42.EL ro root=LABEL=/ rhgb quiet selinux=1 enforcing=1 initrd /boot/initrd-2.6.9-42.EL.img and I have executed the "cat /proc/cmdline" and its output is "auto BOOT_IMAGE=linux ro BOOT_FILE=/boot/vmlinuz-2.6.9-42.EL rhgb quiet root=LABEL=/" I don't know i have added correctly "selinux=1 enforcing=1" to the kernel line in my grub.conf file. If i am wrong please guide me where can i add the "selinux=1 enforcing=1" to the kernel line in my grub.conf file
Regards -S.Balaji
Did you try my previous suggestion of adding "selinux=1 enforcing=1" to the kernel line in your grub.conf? While you're at it .. make sure that you're editing /boot/grub/grub.conf .. most people use /etc/grub.conf .. which is a symlink to /boot/grub/grub.conf .. if the symlink is broken and /etc/grub.conf is an independent file, you can edit it all day and not affect grub. Same goes for /etc/selinux/config which is the real file, and /etc/sysconfig/selinux which is what most people edit.
Barry _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos