SE Linux Troubleshooting
Revision as of 12:02, 11 December 2017 by Michael.mast (talk | contribs)
Setroubleshoot
yum install setroubleshoot setools sealert -a /var/log/audit/audit.log
Audit2allow (without setroubleshoot)
sudo grep fail2ban /var/log/audit/audit.log | audit2allow -M fail2ban2 ******************** IMPORTANT *********************** To make this policy package active, execute: semodule -i fail2ban2.pp [ec2-user@ip-172-26-5-161 ~]$ nano fail2ban2. [ec2-user@ip-172-26-5-161 ~]$ nano fail2ban2.pp [ec2-user@ip-172-26-5-161 ~]$ sudo semodule -i fail2ban2.pp
Configure SELinux on Amazon Linux AMI
- Install packages
yum install libselinux libselinux-utils selinux-policy-minimum selinux-policy-mls selinux-policy-targeted policycoreutils
- Edit grub boot options
Edit /etc/grub.conf and change selinux=0 to selinux=1, then add security=selinux enforcing=1
- [4]Then tell selinux you want to relable the filesystem
touch /.autorelabel
- Reboot and check selinux status
sestatus SELinux status: enabled SELinuxfs mount: /selinux SELinux root directory: /etc/selinux/ Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 30
- ↑ http://www.serverlab.ca/tutorials/linux/administration-linux/troubleshooting-selinux-centos-red-hat/
- ↑ https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security-enhanced_linux/sect-security-enhanced_linux-fixing_problems-allowing_access_audit2allow
- ↑ http://www.chrisumbel.com/article/selinux_amazon_aws_ec2_ami_linux
- ↑ https://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-sel-fsrelabel.html