SlideShare a Scribd company logo

Linux Security with SElinux

M
Manolis Kartsonakis

SElinux provides mandatory access controls that confine processes and restrict access between processes and files based on security contexts. It operates by default in enforcing mode, where no access is allowed unless explicitly granted by a policy rule. Users can view and manage security contexts, booleans that toggle rules, and troubleshoot issues using various GUI and command line tools.

Education
1 of 5
Download to read offline
Something like sandboxing… 2.6.x kernel and later, created from : What is it? SΕlinux SElinux Page 1
How does it work? A context determine whether a process can access a file, directory, or port. By default, the policy does not allow any interaction unless an explicit rule grants access. No allow rule => No access is allowed ps -eZ contexts: user , role, type, and sensitivity enforcing permissive disabled setenforce: getenforce: /etc/selinux/config /etc/selinux/*/contexts/files SElinux Page 2
Managing context chcon -t restorecon semanage Booleans getsebool -a semanage boolean -l semanage boolean -l -C setsebool -P <name> on/off yum install policycoreutils-gui setroubleshoot ---> system-config-selinux , sealert yum -y install setools-console ---> sesearch ! What is actualy changing when you turn on/off a boolean switch?? sla SElinux Page 3
SElinux tutorials sealert -a /var/log/audit/audit.log How can I see if something is allowed by a policy? sealert SElinux Page 4
SElinux tutorials SElinux Page 5

Recommended

Nodejs quick start
Nodejs quick startNodejs quick start
Nodejs quick startGuangyao Cao
 
Tutorial to make sure of nginx files starterpack.
Tutorial to make sure of nginx files starterpack.Tutorial to make sure of nginx files starterpack.
Tutorial to make sure of nginx files starterpack.Takashi Yoshioka
 
Sql related links
Sql related linksSql related links
Sql related linksEmmanuel Mugume Joshua
 
Visual Programming Framework for Unity - UniFlow のご紹介
Visual Programming Framework for Unity - UniFlow のご紹介Visual Programming Framework for Unity - UniFlow のご紹介
Visual Programming Framework for Unity - UniFlow のご紹介Mori Tetsuya
 
Стажировка 2016-07-27 02 Денис Нелюбин. PostgreSQL и jsonb
Стажировка 2016-07-27 02 Денис Нелюбин. PostgreSQL и jsonbСтажировка 2016-07-27 02 Денис Нелюбин. PostgreSQL и jsonb
Стажировка 2016-07-27 02 Денис Нелюбин. PostgreSQL и jsonbSmartTools
 
Managing thousands of databases
Managing thousands of databasesManaging thousands of databases
Managing thousands of databasesEmre Hasegeli
 
New kid on the block node.js
New kid on the block node.jsNew kid on the block node.js
New kid on the block node.jsJoel Divekar
 
仮想化環境におけるバイナリー・ポータビリティの考察 (WebAssemblyの場合)
仮想化環境におけるバイナリー・ポータビリティの考察 (WebAssemblyの場合)仮想化環境におけるバイナリー・ポータビリティの考察 (WebAssemblyの場合)
仮想化環境におけるバイナリー・ポータビリティの考察 (WebAssemblyの場合)Naoto MATSUMOTO
 

Recommended

Nodejs quick start
Nodejs quick startNodejs quick start
Nodejs quick startGuangyao Cao
 
Tutorial to make sure of nginx files starterpack.
Tutorial to make sure of nginx files starterpack.Tutorial to make sure of nginx files starterpack.
Tutorial to make sure of nginx files starterpack.Takashi Yoshioka
 
Sql related links
Sql related linksSql related links
Sql related linksEmmanuel Mugume Joshua
 
Visual Programming Framework for Unity - UniFlow のご紹介
Visual Programming Framework for Unity - UniFlow のご紹介Visual Programming Framework for Unity - UniFlow のご紹介
Visual Programming Framework for Unity - UniFlow のご紹介Mori Tetsuya
 
Стажировка 2016-07-27 02 Денис Нелюбин. PostgreSQL и jsonb
Стажировка 2016-07-27 02 Денис Нелюбин. PostgreSQL и jsonbСтажировка 2016-07-27 02 Денис Нелюбин. PostgreSQL и jsonb
Стажировка 2016-07-27 02 Денис Нелюбин. PostgreSQL и jsonbSmartTools
 
Managing thousands of databases
Managing thousands of databasesManaging thousands of databases
Managing thousands of databasesEmre Hasegeli
 
New kid on the block node.js
New kid on the block node.jsNew kid on the block node.js
New kid on the block node.jsJoel Divekar
 
仮想化環境におけるバイナリー・ポータビリティの考察 (WebAssemblyの場合)
仮想化環境におけるバイナリー・ポータビリティの考察 (WebAssemblyの場合)仮想化環境におけるバイナリー・ポータビリティの考察 (WebAssemblyの場合)
仮想化環境におけるバイナリー・ポータビリティの考察 (WebAssemblyの場合)Naoto MATSUMOTO
 
macOS アプリで Swift Package Manager を使ってみる #love_swift #hakataswift
macOS アプリで Swift Package Manager を使ってみる #love_swift #hakataswiftmacOS アプリで Swift Package Manager を使ってみる #love_swift #hakataswift
macOS アプリで Swift Package Manager を使ってみる #love_swift #hakataswiftTomohiro Kumagai
 
PHP Cookies and Sessions
PHP Cookies and SessionsPHP Cookies and Sessions
PHP Cookies and SessionsNisa Soomro
 
Cara instal
Cara instalCara instal
Cara instalعبد المنان الشافعي
 
Cookie and session
Cookie and sessionCookie and session
Cookie and sessionAashish Ghale
 
Creación de máquinas virtuales basada en kernel usando qemu y virsh
Creación de máquinas virtuales basada en kernel usando qemu y virshCreación de máquinas virtuales basada en kernel usando qemu y virsh
Creación de máquinas virtuales basada en kernel usando qemu y virshJonathan Franchesco Torres Baca
 
PHP on Windows Azure
PHP on Windows Azure PHP on Windows Azure
PHP on Windows Azure Microsoft Openness Japan
 
A 2-2 php on windows azure
A 2-2 php on windows azureA 2-2 php on windows azure
A 2-2 php on windows azureGoAzure
 
Katchum
KatchumKatchum
KatchumCaio Tarifa
 
Petru Ratiu - Linux bonding meets sysfs
Petru Ratiu - Linux bonding meets sysfsPetru Ratiu - Linux bonding meets sysfs
Petru Ratiu - Linux bonding meets sysfsAsociatia ProLinux
 
Php ssession - cookies -introduction
Php ssession - cookies -introductionPhp ssession - cookies -introduction
Php ssession - cookies -introductionProgrammer Blog
 
Capodieci - Proof of... what?
Capodieci - Proof of... what?Capodieci - Proof of... what?
Capodieci - Proof of... what?Roberto Capodieci
 
Php Basics part 1
Php Basics part 1Php Basics part 1
Php Basics part 1KRISHNA PATTAR
 
File-I/O -- ist doch ganz einfach, oder?
File-I/O -- ist doch ganz einfach, oder?File-I/O -- ist doch ganz einfach, oder?
File-I/O -- ist doch ganz einfach, oder?Christian Kauhaus
 
Openstack installation using rdo
Openstack installation using rdoOpenstack installation using rdo
Openstack installation using rdoNarasimha sreeram
 
Videos on Android - Stuff What I Learned
Videos on Android - Stuff What I LearnedVideos on Android - Stuff What I Learned
Videos on Android - Stuff What I LearnedMark Hemmings
 
Openstack kilo installation using rdo
Openstack kilo installation using rdoOpenstack kilo installation using rdo
Openstack kilo installation using rdoNarasimha sreeram
 
OUTDATED (Encore)
OUTDATED (Encore)OUTDATED (Encore)
OUTDATED (Encore)Stefan Adolf
 
Solaris 11 base box for Vagrant using Packer
Solaris 11 base box for Vagrant using PackerSolaris 11 base box for Vagrant using Packer
Solaris 11 base box for Vagrant using PackerAlan Chalmers
 
Ssh2 install
Ssh2 installSsh2 install
Ssh2 installGGclub
 
Gerenciando múltiplas versões do PostgreSQL com pgvm
Gerenciando múltiplas versões do PostgreSQL com pgvmGerenciando múltiplas versões do PostgreSQL com pgvm
Gerenciando múltiplas versões do PostgreSQL com pgvmDickson S. Guedes
 
4 effective methods to disable se linux temporarily or permanently
4 effective methods to disable se linux temporarily or permanently4 effective methods to disable se linux temporarily or permanently
4 effective methods to disable se linux temporarily or permanentlychinkshady
 
SELinux Basic Usage
SELinux Basic UsageSELinux Basic Usage
SELinux Basic UsageDmytro Minochkin
 

More Related Content

What's hot

macOS アプリで Swift Package Manager を使ってみる #love_swift #hakataswift
macOS アプリで Swift Package Manager を使ってみる #love_swift #hakataswiftmacOS アプリで Swift Package Manager を使ってみる #love_swift #hakataswift
macOS アプリで Swift Package Manager を使ってみる #love_swift #hakataswiftTomohiro Kumagai
 
PHP Cookies and Sessions
PHP Cookies and SessionsPHP Cookies and Sessions
PHP Cookies and SessionsNisa Soomro
 
Creación de máquinas virtuales basada en kernel usando qemu y virsh
Creación de máquinas virtuales basada en kernel usando qemu y virshCreación de máquinas virtuales basada en kernel usando qemu y virsh
Creación de máquinas virtuales basada en kernel usando qemu y virshJonathan Franchesco Torres Baca
 
A 2-2 php on windows azure
A 2-2 php on windows azureA 2-2 php on windows azure
A 2-2 php on windows azureGoAzure
 
Petru Ratiu - Linux bonding meets sysfs
Petru Ratiu - Linux bonding meets sysfsPetru Ratiu - Linux bonding meets sysfs
Petru Ratiu - Linux bonding meets sysfsAsociatia ProLinux
 
Php ssession - cookies -introduction
Php ssession - cookies -introductionPhp ssession - cookies -introduction
Php ssession - cookies -introductionProgrammer Blog
 
Capodieci - Proof of... what?
Capodieci - Proof of... what?Capodieci - Proof of... what?
Capodieci - Proof of... what?Roberto Capodieci
 
File-I/O -- ist doch ganz einfach, oder?
File-I/O -- ist doch ganz einfach, oder?File-I/O -- ist doch ganz einfach, oder?
File-I/O -- ist doch ganz einfach, oder?Christian Kauhaus
 
Openstack installation using rdo
Openstack installation using rdoOpenstack installation using rdo
Openstack installation using rdoNarasimha sreeram
 
Videos on Android - Stuff What I Learned
Videos on Android - Stuff What I LearnedVideos on Android - Stuff What I Learned
Videos on Android - Stuff What I LearnedMark Hemmings
 
Openstack kilo installation using rdo
Openstack kilo installation using rdoOpenstack kilo installation using rdo
Openstack kilo installation using rdoNarasimha sreeram
 
Solaris 11 base box for Vagrant using Packer
Solaris 11 base box for Vagrant using PackerSolaris 11 base box for Vagrant using Packer
Solaris 11 base box for Vagrant using PackerAlan Chalmers
 
Ssh2 install
Ssh2 installSsh2 install
Ssh2 installGGclub
 
Gerenciando múltiplas versões do PostgreSQL com pgvm
Gerenciando múltiplas versões do PostgreSQL com pgvmGerenciando múltiplas versões do PostgreSQL com pgvm
Gerenciando múltiplas versões do PostgreSQL com pgvmDickson S. Guedes
 

What's hot (20)

macOS アプリで Swift Package Manager を使ってみる #love_swift #hakataswift
macOS アプリで Swift Package Manager を使ってみる #love_swift #hakataswiftmacOS アプリで Swift Package Manager を使ってみる #love_swift #hakataswift
macOS アプリで Swift Package Manager を使ってみる #love_swift #hakataswift
 
PHP Cookies and Sessions
PHP Cookies and SessionsPHP Cookies and Sessions
PHP Cookies and Sessions
 
Cara instal
Cara instalCara instal
Cara instal
 
Cookie and session
Cookie and sessionCookie and session
Cookie and session
 
Creación de máquinas virtuales basada en kernel usando qemu y virsh
Creación de máquinas virtuales basada en kernel usando qemu y virshCreación de máquinas virtuales basada en kernel usando qemu y virsh
Creación de máquinas virtuales basada en kernel usando qemu y virsh
 
PHP on Windows Azure
PHP on Windows Azure PHP on Windows Azure
PHP on Windows Azure
 
A 2-2 php on windows azure
A 2-2 php on windows azureA 2-2 php on windows azure
A 2-2 php on windows azure
 
Katchum
KatchumKatchum
Katchum
 
Petru Ratiu - Linux bonding meets sysfs
Petru Ratiu - Linux bonding meets sysfsPetru Ratiu - Linux bonding meets sysfs
Petru Ratiu - Linux bonding meets sysfs
 
Php ssession - cookies -introduction
Php ssession - cookies -introductionPhp ssession - cookies -introduction
Php ssession - cookies -introduction
 
Capodieci - Proof of... what?
Capodieci - Proof of... what?Capodieci - Proof of... what?
Capodieci - Proof of... what?
 
Php Basics part 1
Php Basics part 1Php Basics part 1
Php Basics part 1
 
File-I/O -- ist doch ganz einfach, oder?
File-I/O -- ist doch ganz einfach, oder?File-I/O -- ist doch ganz einfach, oder?
File-I/O -- ist doch ganz einfach, oder?
 
Openstack installation using rdo
Openstack installation using rdoOpenstack installation using rdo
Openstack installation using rdo
 
Videos on Android - Stuff What I Learned
Videos on Android - Stuff What I LearnedVideos on Android - Stuff What I Learned
Videos on Android - Stuff What I Learned
 
Openstack kilo installation using rdo
Openstack kilo installation using rdoOpenstack kilo installation using rdo
Openstack kilo installation using rdo
 
OUTDATED (Encore)
OUTDATED (Encore)OUTDATED (Encore)
OUTDATED (Encore)
 
Solaris 11 base box for Vagrant using Packer
Solaris 11 base box for Vagrant using PackerSolaris 11 base box for Vagrant using Packer
Solaris 11 base box for Vagrant using Packer
 
Ssh2 install
Ssh2 installSsh2 install
Ssh2 install
 
Gerenciando múltiplas versões do PostgreSQL com pgvm
Gerenciando múltiplas versões do PostgreSQL com pgvmGerenciando múltiplas versões do PostgreSQL com pgvm
Gerenciando múltiplas versões do PostgreSQL com pgvm
 

Similar to Linux Security with SElinux

4 effective methods to disable se linux temporarily or permanently
4 effective methods to disable se linux temporarily or permanently4 effective methods to disable se linux temporarily or permanently
4 effective methods to disable se linux temporarily or permanentlychinkshady
 
selinuxbasicusage.pptx
selinuxbasicusage.pptxselinuxbasicusage.pptx
selinuxbasicusage.pptxPandiya Rajan
 
SELinux workshop
SELinux workshopSELinux workshop
SELinux workshopjohseg
 
SELinux_@gnu_group_meetup
SELinux_@gnu_group_meetupSELinux_@gnu_group_meetup
SELinux_@gnu_group_meetupJayant Chutke
 
Lcj pg sql-lt-kaigai
Lcj pg sql-lt-kaigaiLcj pg sql-lt-kaigai
Lcj pg sql-lt-kaigaiKohei KaiGai
 
How to live with SELinux
How to live with SELinuxHow to live with SELinux
How to live with SELinuxBert Desmet
 
LCJ2010-KaiGai-sepgsql
LCJ2010-KaiGai-sepgsqlLCJ2010-KaiGai-sepgsql
LCJ2010-KaiGai-sepgsqlKohei KaiGai
 
SELinux for Everyday Users
SELinux for Everyday UsersSELinux for Everyday Users
SELinux for Everyday UsersPaulWay
 
Security Enhanced Linux Overview
Security Enhanced Linux OverviewSecurity Enhanced Linux Overview
Security Enhanced Linux OverviewEmre Can Kucukoglu
 
Lxc – next gen virtualization for cloud intro (cloudexpo)
Lxc – next gen virtualization for cloud intro (cloudexpo)Lxc – next gen virtualization for cloud intro (cloudexpo)
Lxc – next gen virtualization for cloud intro (cloudexpo)Boden Russell
 
Red Hat Linux 5 Hardening Tips - National Security Agency
Red Hat Linux 5 Hardening Tips - National Security AgencyRed Hat Linux 5 Hardening Tips - National Security Agency
Red Hat Linux 5 Hardening Tips - National Security Agencysanchetanparmar
 
Securing Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformSecuring Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformAll Things Open
 
QEMU Sandboxing for dummies
QEMU Sandboxing for dummiesQEMU Sandboxing for dummies
QEMU Sandboxing for dummiesEduardo Otubo
 
Common linuxcommandspocketguide07
Common linuxcommandspocketguide07Common linuxcommandspocketguide07
Common linuxcommandspocketguide07Teja Bheemanapally
 

Similar to Linux Security with SElinux (20)

4 effective methods to disable se linux temporarily or permanently
4 effective methods to disable se linux temporarily or permanently4 effective methods to disable se linux temporarily or permanently
4 effective methods to disable se linux temporarily or permanently
 
SELinux Basic Usage
SELinux Basic UsageSELinux Basic Usage
SELinux Basic Usage
 
selinuxbasicusage.pptx
selinuxbasicusage.pptxselinuxbasicusage.pptx
selinuxbasicusage.pptx
 
SELinux workshop
SELinux workshopSELinux workshop
SELinux workshop
 
Introduction To SELinux
Introduction To SELinuxIntroduction To SELinux
Introduction To SELinux
 
SELinux_@gnu_group_meetup
SELinux_@gnu_group_meetupSELinux_@gnu_group_meetup
SELinux_@gnu_group_meetup
 
Lcj pg sql-lt-kaigai
Lcj pg sql-lt-kaigaiLcj pg sql-lt-kaigai
Lcj pg sql-lt-kaigai
 
How to live with SELinux
How to live with SELinuxHow to live with SELinux
How to live with SELinux
 
LCJ2010-KaiGai-sepgsql
LCJ2010-KaiGai-sepgsqlLCJ2010-KaiGai-sepgsql
LCJ2010-KaiGai-sepgsql
 
SELinux for Everyday Users
SELinux for Everyday UsersSELinux for Everyday Users
SELinux for Everyday Users
 
Hacking the swisscom modem
Hacking the swisscom modemHacking the swisscom modem
Hacking the swisscom modem
 
کارگاه امنیت با عنوان Stop Disabling SElinux
کارگاه امنیت با عنوان Stop Disabling SElinuxکارگاه امنیت با عنوان Stop Disabling SElinux
کارگاه امنیت با عنوان Stop Disabling SElinux
 
Security Enhanced Linux Overview
Security Enhanced Linux OverviewSecurity Enhanced Linux Overview
Security Enhanced Linux Overview
 
First steps on CentOs7
First steps on CentOs7First steps on CentOs7
First steps on CentOs7
 
Lxc – next gen virtualization for cloud intro (cloudexpo)
Lxc – next gen virtualization for cloud intro (cloudexpo)Lxc – next gen virtualization for cloud intro (cloudexpo)
Lxc – next gen virtualization for cloud intro (cloudexpo)
 
Introduction to SELinux Part-I
Introduction to SELinux Part-IIntroduction to SELinux Part-I
Introduction to SELinux Part-I
 
Red Hat Linux 5 Hardening Tips - National Security Agency
Red Hat Linux 5 Hardening Tips - National Security AgencyRed Hat Linux 5 Hardening Tips - National Security Agency
Red Hat Linux 5 Hardening Tips - National Security Agency
 
Securing Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformSecuring Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container Platform
 
QEMU Sandboxing for dummies
QEMU Sandboxing for dummiesQEMU Sandboxing for dummies
QEMU Sandboxing for dummies
 
Common linuxcommandspocketguide07
Common linuxcommandspocketguide07Common linuxcommandspocketguide07
Common linuxcommandspocketguide07
 

More from Manolis Kartsonakis

Troubleshooting linux booting process
Troubleshooting linux booting processTroubleshooting linux booting process
Troubleshooting linux booting processManolis Kartsonakis
 
Linux LVM Logical Volume Management
Linux LVM Logical Volume ManagementLinux LVM Logical Volume Management
Linux LVM Logical Volume ManagementManolis Kartsonakis
 
Linux cron - crontab - temp files
Linux cron - crontab - temp filesLinux cron - crontab - temp files
Linux cron - crontab - temp filesManolis Kartsonakis
 

More from Manolis Kartsonakis (6)

Troubleshooting linux booting process
Troubleshooting linux booting processTroubleshooting linux booting process
Troubleshooting linux booting process
 
Linux File System Partitioning
Linux File System PartitioningLinux File System Partitioning
Linux File System Partitioning
 
Linux LVM Logical Volume Management
Linux LVM Logical Volume ManagementLinux LVM Logical Volume Management
Linux LVM Logical Volume Management
 
Linux grep and regex
Linux grep and regexLinux grep and regex
Linux grep and regex
 
RedHat - Centos Firewalld
RedHat - Centos FirewalldRedHat - Centos Firewalld
RedHat - Centos Firewalld
 
Linux cron - crontab - temp files
Linux cron - crontab - temp filesLinux cron - crontab - temp files
Linux cron - crontab - temp files
 

Recently uploaded

Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 

Recently uploaded (20)

Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 

Linux Security with SElinux

  • 1. Something like sandboxing… 2.6.x kernel and later, created from : What is it? SΕlinux SElinux Page 1
  • 2. How does it work? A context determine whether a process can access a file, directory, or port. By default, the policy does not allow any interaction unless an explicit rule grants access. No allow rule => No access is allowed ps -eZ contexts: user , role, type, and sensitivity enforcing permissive disabled setenforce: getenforce: /etc/selinux/config /etc/selinux/*/contexts/files SElinux Page 2
  • 3. Managing context chcon -t restorecon semanage Booleans getsebool -a semanage boolean -l semanage boolean -l -C setsebool -P <name> on/off yum install policycoreutils-gui setroubleshoot ---> system-config-selinux , sealert yum -y install setools-console ---> sesearch ! What is actualy changing when you turn on/off a boolean switch?? sla SElinux Page 3
  • 4. SElinux tutorials sealert -a /var/log/audit/audit.log How can I see if something is allowed by a policy? sealert SElinux Page 4