Am 19.01.21 um 17:25 schrieb Nicolas Kovacs: > Hi, > > I have CentOS 7 running on a public server hosting all sorts of web > applications, mail, XMPP, MPD, etc. > > How do I reset SELinux configuration to defaults? > > I know how to reset all my custom booleans to the initial state. > > # cat /etc/selinux/targeted/active/booleans.local > # This file is auto-generated by libsemanage > # Do not edit directly. > > httpd_unified=1 > httpd_can_sendmail=1 > spamd_enable_home_dirs=1 > httpd_can_network_connect=1 > ftpd_full_access=1 > mpd_enable_homedirs=1 > named_write_master_zones=1 > > Starting from there, I can manually reset them to 0 with setsebool. > > On the other hand, I don't know how I would do something similar with the > SELinux modules. I vaguely remember having created some of these, for example > for Fail2ban to work correctly. But I don't remember what I did here over the > years, what modules I created, etc. > > How would I recreate the default SELinux configuration without having to wipe > and reinstall the whole server? list your modules with semodule -l and remove custom modules with semodule -r myfail2ban -- Leon