DIR Return Create A Forum - Home
       ---------------------------------------------------------
       Nigerian Hardware and Software Forum
  HTML https://nairateck.createaforum.com
       ---------------------------------------------------------
       *****************************************************
   DIR Return to: Phone/System software news
       *****************************************************
       #Post#: 192--------------------------------------------------
       Understanding SELinux or Security Enhanced Linux
       By: magbytes120 Date: June 17, 2017, 1:08 pm
       ---------------------------------------------------------
  HTML https://www.technotification.com/wp-content/uploads/2016/10/selinux-696x443.jpg
  HTML https://www.technotification.com/2016/10/selinux-explained.html
       SELinux refers to the security policy or security module that is
       integrated in Linux Kernel 2.6.*. SELinux offers US Department
       of Defence style mandatory access control and is much secure
       than PAM. It was introduced by Red Hat with version 4 and is
       generally available with Red Hat based distributions. Further it
       became available with certain Debian and Ubuntu distros too.
       Security Enhanced Linux defines the access rights of every user,
       application, process and file present in the system. It then
       monitor the activity that requires access to certain
       files/directory, it may be a user or an applications request to
       access those. The request is sent to the security server in the
       kernel, where it checks for the security context of the request
       source and the requested data. If the context are compatible,
       the permission is granted. If it is denied, then a message is
       issued in /var/log/message with avc: denied. In modern systems,
       however, a graphical notification pops up displaying the
       detailed report of all the players in the process along with the
       commands to deal with the permissions.
       SELinux works in three operating modes:
       1. Enforcing: Security Enhanced Linux policies are enforced,
       i.e. strict denial as soon as the contexts mismatch without the
       consent of the user.
       2. Permissive: Security Enhanced Linux issues warning messages
       but the policy is not enforced. Here, the user makes the
       decision to grant/deny the permission.
       3. Disabled: This disable the Security Enhanced Linux policy
       entirely.
       Checking SELinux Status
       To check the current SELinux status, open the terminal and type
       the follwing:
       [user@PC:~]$ getenforce
       For more detailed status:
       [user@PC:~]$ sestatus
       Following image shows the output from both the commands:
  HTML https://www.technotification.com/wp-content/uploads/2016/10/getenforce-1024x288.png
       Enabling SELinux
       There are two ways in which setting are enabled in Linux system
       :Temporary and Persistent .
       Temporary way:
       Open the terminal and type the following:
       [user@PC:~]$ setenforce 1
       Persistent way:
       We need to make entry in the SELinux file present in the system,
       which is the primary configuration file for SELinux. We can make
       entry in either “/etc/sysconfig/selinux” or
       “/etc/selinux/config” file, by editing SELINUX = ENFORCING. Open
       the terminal and type the following:
       [user@PC:~]$ sudo vim /etc/sysconfig/selinux
       This will open the selinux config file:
       # This file controls the state of SELinux on the system.
       # SELINUX= can take one of these three values:
       # enforcing – SELinux security policy is enforced.
       # permissive – SELinux prints warnings instead of enforcing.
       # disabled – No SELinux policy is loaded.
       SELINUX=ENFORCING
       # SELINUXTYPE= can take one of these three values:
       # targeted – Targeted processes are protected,
       # minimum – Modification of targeted policy. Only selected
       processes are protected.
       # mls – Multi Level Security protection.
       SELINUXTYPE=targeted
       Following image shows the config file, here, changes are made in
       line no. 7.
  HTML https://www.technotification.com/wp-content/uploads/2016/10/enforcing-1-1024x325.png
       Disabling SELinux
       Temporary way:
       Open the terminal and type the following:
       [user@PC:~]$ setenforce 0
       Persistent way:
       Editing the “/etc/sysconfig/selinux” or “/etc/selinux/config”
       file, by changing SELINUX = DISABLED. Open the terminal and type
       the following:
       [user@PC:~]$ sudo vim /etc/sysconfig/selinux
       This will open the selinux config file:
       # This file controls the state of SELinux on the system.
       # SELINUX= can take one of these three values:
       # enforcing – SELinux security policy is enforced.
       # permissive – SELinux prints warnings instead of enforcing.
       # disabled – No SELinux policy is loaded.
       SELINUX= DISABLED
       # SELINUXTYPE= can take one of these three values:
       # targeted – Targeted processes are protected,
       # minimum – Modification of targeted policy. Only selected
       processes are protected.
       # mls – Multi Level Security protection.
       SELINUXTYPE=targeted
       Following image shows the config file, here, changes are made in
       line no. 7.
  HTML https://www.technotification.com/wp-content/uploads/2016/10/disabled-1024x319.png
       The similar approach can be applied for activating permissive
       mode too.
       Security Enhanced Linux provide variety of features, that
       include individual policy assigning and advanced secure
       environment. Keep in check with us to follow comparison among
       SELinux, PAM and APPArmor.
       *****************************************************