/ / What is SElinux ?

What is SElinux ?


SELinux, what is it?

Security-Enhanced Linux (SELinux) is a security architecture integrated into the 2.6.x kernel using the Linux Security Modules (LSM). Which defines the access control to elements of your system Linux. It classify the system applications into different groups.

Modes

  • Enforcing: It is the default mode when you install (Red Had, Fedora, Cent OS). In this mode, access is restricted based on SELinux rules on the server.
  • Permissive:This mode is a debug mode. In permissive mode , SELinux rules will be interviewed,logged access errors , but in this mode the access will not be blocked.
  • Disabled: SELinux is disabled. Nothing will be restricted , nothing will be logged
The command getenforce will be inform you about the currently active mode on your server.


The command setenforce to switch temporarily (will not be taken into account at the next reboot of your server)

Detect the current state

For the general state use the command sestatus:


 List of contexts for all processes use the command ps -ef -Z



Understanding SELinux context

SELinux context is presented as follows :



Simple example to understand

we will take simple example is a html file that is to be used with Apache. For this exercise , create a working directory in /var/www/html (remember to replace ScriptShell by the name of your current user ) :


To detect your username:

Create the HTML file named index.html , and insert the following code example :



Let's see what all this gives the point of view of the SELinux context :



With a web browser, now open the URL: http://localhost/selinux/index.html. You 'll find that it works:



Well then , why does it work?
By inspecting the ls output to the /var/www/html/selinux , you will see that the file is labeled httpd_sys_content_t; and that is one of the contexts in which the httpd process can access ; SELinux has allowed Apache to access this file.

Try one second handling:



Let's tell that SELinux contexts :


Now, open the URL http://localhost/selinux/selinux.html




Your browser will tell you "Forbidden - You do not-have permission to access /selinux/selinux.html on this server. ".
Why? The reason is simple: the file is labeled /var/www/html/selinux/selinux.html have user_tmp_t; context to which the apache process is not authorized to access, SElinux prevent you to access this file.
Share on Google Plus

About Unknown

I am a cloud engineering student, I am interested in system and network admnistration. I am looking for an intership in order to get my engineer diploma, the internship I am looking for would preferably be of 6 up to 10 months long counting from december 2015.

    Blogger Comment
    Facebook Comment

0 commentaires:

Post a Comment

Subscribe to: Post Comments ( Atom )