As SELinux is a bit of complicated compared to the tools that we use currently, I have thought it is good to have some tips here.
1) seinfo: This is the selinux query tool to see statistics about your policy.
[root@rh54-3 ~]# seinfo
Statistics for policy file: /etc/selinux/targeted/policy/policy.21
Policy Version & Type: v.21 (binary, MLS)
Classes: 61 Permissions: 220
Types: [...]
If you want to disable only local login for normal users you can use the file /etc/security/access.conf for this purpose however it doesn’t work by default even if you configure this file properly. For example, if you want to allow root logins locally but not any other user, edit access.conf file such that;
-:ALL EXCEPT root:ALL
Literally [...]
When I install Gentoo, as far as I remember, by default normal users aren’t allowed to use “su” . If you want to let any user to use “su” then you have to add them into the “wheel” user group. In redhat, you can uncomment one line, and it works like a charm.
Edit the file [...]
Sometimes you need to view certificates with a simple utility rather then using a browser or MUA. Here is how you can do it with openssl. For instance you would like to display the certificate of https://192.168.200.1 , lets do it;
DISPLAYING A REMOTE CERTIFICATE
# openssl s_client -connect 192.168.200.1:443
CONNECTED(00000003)
depth=0 /C=–/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=localhost.localdomain/emailAddress=root@localhost.localdomain
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=–/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=localhost.localdomain/emailAddress=root@localhost.localdomain
verify error:num=9:certificate [...]
In this article we will configure samba based on a case in which SELinux is enabled again . The case is:
“Setup samba in such a way that only users mert and yigit will be able to access the folder /samba_share in the server”
1) First create the folder and set the permissions for these users and [...]
When SELinux and BIND are together, there is not much to say as there are only two booleans that you can toggle as you can see below;
[root@rh54-2 named]# getsebool -a | grep named
named_disable_trans –> off
named_write_master_zones –> off
SELinux (Security Enhanced Linux) is something that some of us may be afraid of because once it is enabled network services start to behave abnormally. However once it is configured properly you can restrict processes and enforce their access to files and directories as you wish. In this article we will speak briefly about integration [...]