[CentOS] reinventing the wheel? page checker
James B. Byrne
byrnejb at harte-lyne.ca
Mon Jun 25 11:52:22 UTC 2012
On Fri, June 22, 2012 16:38, m.roth at 5-cent.us wrote:
>
> Not true. It will issue an AVC every time something tries to happen.
> Big things to know:
> a) ll -Z shows you the selinux context
> b) chcon [-R] -[urt] <whatever> <file or directory>
> c) getsebool and setsebool
>
> mark
If you are working with SELinux issues then the following are most
helpful to have installed:
setools-libs.x86_64 3.3.7-4.el6
setools-libs-python.x86_64 3.3.7-4.el6
setroubleshoot-plugins.noarch 3.0.16-1.el6
setroubleshoot-server.x86_64 3.0.38-2.1.el6
The files you need be aware of are:
/var/log/messages
/var/log/audit/audit.log
There are several utilities to be aware (and refer to the man pages) of:
# audit2allow
# audit2why
# ausearch
# chcon
# getenforce
# getsebool
# restorecon
# sealert
# semanage
# semodule
# setenforce
# setsebool
# system-config-securitylevel
You will also find large measures of patience and forbearance to be of
value.
For issues about missing policies and contexts and developing same you
should monitor the SELinix policy mailing list at
refpolicy at oss1.tresys.com.
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
More information about the CentOS
mailing list