Differences

This shows you the differences between two versions of the page.

--- help:selinux [2016/07/11 12:38] – peter
+++ help:selinux [2020/07/19 20:09] (current) – old revision restored (2016/07/11 11:59) 192.99.4.140
@@ Line 16: / Line 16: @@
 [[SELinux:Change the SELinux mode|Change the SELinux mode]]
-[[SELinux:Check if SELinux is running|Check if SELinux is running]]
 [[SELinux:Check that SELinux is not denying actions|Check that SELinux is not denying actions]]
@@ Line 26: / Line 24: @@
 [[SELinux:Confine users|Confine users]]
-[[SELinux:Display SELinux Lables|Display SELinux Lables]]
-[[SELinux:Do Boolean Lockdown|Do Boolean Lockdown]]
 [[SELinux:Find Unprotected Services|Find Unprotected Services]]
@@ Line 58: / Line 52: @@
+===== See SELinux Labels =====
+Type the following command:
+<code bash>
+ls -lZ /path/to/file
+ls -lZd /path/to/dir
+ls -lZd /etc
+ls -lZ /dev/ | grep deviceName
+ls -lZ /etc/resolv.conf
+</code>
+Sample outputs:
+<code>
+-rw-r--r--  root root system_u:object_r:net_conf_t     /etc/resolv.conf
+</code>
+===== Do Boolean Lockdown =====
+Run the **getsebool -a** command and lockdown system:
+<code bash>
+getsebool -a | less
+getsebool -a | grep off
+getsebool -a | grep on
+</code>
+To secure the machine, look at settings which are set to ‘on’ and change to ‘off’ if they do not apply to your setup with the help of setsebool command.  Set correct SE Linux booleans to maintain functionality and protection.
+Please note that SELinux adds 2-8% overheads to a typical installation.