[CentOS] Restore pristine SELinux configuration ?

Tue Jan 19 18:29:17 UTC 2021
Leon Fauster <leonfauster at googlemail.com>

Am 19.01.21 um 17:25 schrieb Nicolas Kovacs:
> Hi,
> I have CentOS 7 running on a public server hosting all sorts of web
> applications, mail, XMPP, MPD, etc.
> How do I reset SELinux configuration to defaults?
> I know how to reset all my custom booleans to the initial state.
>    # cat /etc/selinux/targeted/active/booleans.local
>    # This file is auto-generated by libsemanage
>    # Do not edit directly.
>    httpd_unified=1
>    httpd_can_sendmail=1
>    spamd_enable_home_dirs=1
>    httpd_can_network_connect=1
>    ftpd_full_access=1
>    mpd_enable_homedirs=1
>    named_write_master_zones=1
> Starting from there, I can manually reset them to 0 with setsebool.
> On the other hand, I don't know how I would do something similar with the
> SELinux modules. I vaguely remember having created some of these, for example
> for Fail2ban to work correctly. But I don't remember what I did here over the
> years, what modules I created, etc.
> How would I recreate the default SELinux configuration without having to wipe
> and reinstall the whole server?

list your modules with

semodule -l

and remove custom modules with

semodule -r myfail2ban