Difference between revisions of "SE Linux Troubleshooting"
Jump to navigation
Jump to search
Michael.mast (talk | contribs) |
Michael.mast (talk | contribs) |
||
| Line 13: | Line 13: | ||
<pre> | <pre> | ||
Edit /etc/grub.conf and change selinux=0 to selinux=1, then add security=selinux enforcing=1 | Edit /etc/grub.conf and change selinux=0 to selinux=1, then add security=selinux enforcing=1 | ||
| + | </pre> | ||
| + | *<ref>https://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-sel-fsrelabel.html</ref>Then tell selinux you want to relable the filesystem | ||
| + | <pre> | ||
| + | touch /.autorelabel | ||
| + | </pre> | ||
| + | *Reboot and check selinux status | ||
| + | <pre> | ||
| + | sestatus | ||
| + | SELinux status: enabled | ||
| + | SELinuxfs mount: /selinux | ||
| + | SELinux root directory: /etc/selinux/ | ||
| + | Loaded policy name: targeted | ||
| + | Current mode: enforcing | ||
| + | Mode from config file: enforcing | ||
| + | Policy MLS status: enabled | ||
| + | Policy deny_unknown status: allowed | ||
| + | Max kernel policy version: 30 | ||
</pre> | </pre> | ||
| − | |||
Revision as of 11:41, 11 December 2017
yum install setroubleshoot setools sealert -a /var/log/audit/audit.log
Configure SELinux on Amazon Linux AMI
- Install packages
yum install libselinux libselinux-utils selinux-policy-minimum selinux-policy-mls selinux-policy-targeted policycoreutils
- Edit grub boot options
Edit /etc/grub.conf and change selinux=0 to selinux=1, then add security=selinux enforcing=1
- [3]Then tell selinux you want to relable the filesystem
touch /.autorelabel
- Reboot and check selinux status
sestatus SELinux status: enabled SELinuxfs mount: /selinux SELinux root directory: /etc/selinux/ Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 30
