Some times working with Linux (CentOS/Red Hat), we need to disable the SELinux. Some admin who are working with Linux, sometimes are not aware about SELinux. So lets have a small discussion about working with SELinux.
Discussion and working with SELinux in Linux (CentOS/Red Hat)
SELinux is generally for Security Enhanced Linux. It is developed by NSA. They mainly developed it for Red Hat Enterprise Linux. This Linux security tool is related to firewall of ip tables (generally for layer 3 and layer 4). And we all know this firewall works with different type of networking protocol like TCP/IP, ICMP, UDP etc. SELinux is directory based and mainly works with different types of directory like samba, ftp, http etc.
Generally SELinux has three modes. They are:
- Enforcing mode (1)
- Permissive mode (0)
- Disable mode
usage: setenforce [ Enforcing | Permissive | 1 | 0 ] [root@localhost ~]# setenforce 1
setenforce: SELinux is disabled
[root@localhost ~]# setenforce permissive
setenforce: SELinux is disabled
[root@localhost ~]# getenforce
Disabled
[root@localhost ~]# nano /etc/sysconfig/selinux
SELINUX=disabled
[root@localhost ~]# reboot
[root@localhost ~]# getenforce
Now lets view the SELinux context:
[root@localhost ~]# cd / [root@localhost ~]# ls -ZSELinux contexts generally has 4 types.They are :
- user, which is system_u
- type, which is admin_home_t
- role, which is object_r
- sensitivity, which is s0
[root@localhost ~]# yum install -y httpd
[root@localhost ~]#ls -lZ /var/www/
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 html
[root@localhost ~]#ls -lZ /etc/passwd
-rw-r–r–. root root system_u:object_r:passwd_file_t:s0 /etc/passwd
[root@localhost ~]#ls -lZ /home
drwx——. student 1000 unconfined_u:object_r:user_home_dir_t:s0 user1
drwx——. 5001 5001 unconfined_u:object_r:user_home_dir_t:s0 user2
Now we’ll test SELinux:
[root@localhost ~]# cd[root@localhost ~]# ls -Zd ~
dr-xr-x—. root root system_u:object_r:admin_home_t:s0 /root [root@localhost ~]# cal
May 2016
Su Mo Tu We Th Fr Sa
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31 [root@localhost ~]# cal > calender [root@localhost ~]# cat calender
May 2016
Su Mo Tu We Th Fr Sa
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31
[root@localhost ~]# ls -Z calender
-rw-r–r– root root ? calender
[root@localhost ~]# cp calender /var/www/html/calender2 [root@localhost ~]# mv calender /var/www/html/ [root@localhost ~]# ls -Zd /var/www/html/
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /var/www/html/
[root@localhost ~]# ls -Z /var/www/html/*
-rw-r–r– root root ? /var/www/html/calender
-rw-r–r– root root ? /var/www/html/calender2
-rw-r–r– root root ? /var/www/html/index.html
[root@localhost ~]# echo “HEllo World” >> /var/www/html/index.html
[root@localhost ~]# ls -Z /var/www/html/*
-rw-r–r– root root ? /var/www/html/calender
-rw-r–r– root root ? /var/www/html/calender2
-rw-r–r– root root ? /var/www/html/index.html
[root@localhost ~]# mkdir /websites [root@localhost ~]# ls -Zd /websites
drwxr-xr-x root root ? /websites
[root@localhost ~]# restorecon /websites
[root@localhost ~]# ls -Zd /websites
drwxr-xr-x root root ? /websites
[root@localhost ~]# touch /websites/index.html
[root@localhost ~]# echo “HEllo SELinux World” >> /websites/index.html
[root@localhost ~]# ls -Z /websites
-rw-r–r– root root ? index.html
[root@localhost ~]# ls -Z /websites
-rw-r–r– root root ? index.html
So, we have configured the SELinux. Now lets reload the firewall.
[root@localhost ~]# systemctl restart firewalld
[root@localhost ~]# firewall-cmd –permanent –add-port=80/tcp
[root@localhost ~]# firewall-cmd –reload
Now lets test the SELinux.
- Go to desktop.
- Open browser (firefox)
- In the address bar, type: 192.168.2.2+X (your server IP)
Hope that you’ve able to do this work successfully. And also you’ve enjoyed this session. Finally, do’t forget to comment. Thanks.
Leave a Reply