Understanding SELinux How it works

By -

SELinux on Ubuntu

Here is a simple objective of this post is to install, activate and disable the SELinux on Ubunutu.

How does SELinux works?


What is actually SELinux?

Security-Enhanced Linux (SELinux) is a security architecture for Linux® systems that allows administrators to have more control over who can access the system. Security-Enhanced Linux is a Linux kernel security module that provides a mechanism for supporting access control security policies, including mandatory access controls. SELinux is a set of kernel modifications and user-space tools that have been added to various Linux distributions.

Here I'll explore the possible options on Ubuntu.

How to install SELinux on Ubuntu?

This regular package installation 
apt install policycoreutils selinux-utils selinux-basics -y

How to activate SELinux on Ubuntu?

To activate the SELinux we need to edit the config file. 
selinux-activate

To get this effected need to reboot the Linux VM/machine.

Understanding Configure SELinux


SELinux configuration file available at /etc/selinux/config
The configuration contains two directives in the config file:
I. SELINUX that dictates SELinux Mode and it can have three values as shown
SELinux modules can take one of these three values
1. enforcing - any unauthorized access attempts by users and processes are denied
2. permissive - semi-enabled state, SELinux doesn't apply its policy in Permissive mode, so no access is denied instead it gives a warning
3. disabled - No SELinux policy is loaded

II. SELINUXTYPE tells that what policy will be used.
 SELINUXTYPE= can take one of these three values:
 default - equivalent to the old strict and targeted policies
 mls     - Multi-Level Security (for military and educational use)
 src     - Custom policy built from source

How to disable SELinux on Ubuntu?

To disable this feature edit the config file and change 
SELINUX=permissive
to 
SELINUX=disable
after disabled



How do you know the current mode of SELinux?

There are two options to know about the SELinux current status which includes a current mode.





getenforce # to check the current SELinux mode
sestatus # SELinux status

Example output of 'sestatus' command








before reboot sestatus output



When it has no changes in configuration

This is the requirement for running Docker and Kubernetes.




Troubleshooting on SELinux Configuration



Here is a very minute mistake instead 'disabled' used 'disable' then the sestatus shows the 'error' :































































Comments





Post a Comment
























Popular posts from this blog









Ansible Jinja2 Templates: A Complete Guide with Examples







By







-














Image







Here I'm starting this post with famous ARISTOTLE quote. "We are what we repeatedly do. Excellence, then is not an act, but a Habit" Welcome back Ansible Automations  and who are habituated as Ansible automation specialists this post for them to give boosted walk through, In this post, I would like to share my experiments with Jinja2 templates usage on the Ansible playbook. Of-course Jinja is from Japan it is world famous for templatization capabilities badvanced Ansible templating techniquesy integrating with multiple languages such as Python, Ruby, Salt talk etc. In this post we will be cover the following topics: What is Jinja2 template do in Ansible? Template with filters Template with Lists and sets Template module in Ansible Template with Flow Control Template using Looping Template inheritance** What is Jinja2 template do in Ansible? Jinja2 is another Python library created for Flask web framework, that comes part of Ansible installation. It is special ability as i...








Read more










Ansible 11 The uri module with examples







By







-














Image







 Hey DevSecOps Automation specialist, Welcome back to the DevOps Hunter blog. In this post, I made it for learning more about all possible parameters that we can use when an application validation is done with the Ansible 'uri' module.  Why uri module? Web Application returns status HTTPCode 200 for success, 404 for failures, and also for 503 for Server internal issues. When you work on the restart of a web application we need to know the status of the application to proceed with the next move. So this uri module is most important for reboot and restart of web applications using ansible. The uri module parameters Supported parameters include: attributes, backup, body, body_format, client_cert, client_key,        content, creates, delimiter, dest, directory_mode, follow, follow_redirects, force, force_basic_auth,        group, headers, http_agent, method, mode, owner, regexp, remote_src, removes, return_content,        selevel, serole, setype, seuser, src, status_code, timeout,...








Read more










DevOps Weapons







By







-














Image







       To achieve faster application delivery and stable environments, the right tools must be used in DevOps environments. There is no single tool that fits all your needs such as server provisioning, configuration management, automated builds, code deployments, and monitoring. Many factors determine the use of a particular tool in your infrastructure.     In this article, we will look into core tools which can be used in a typical Devops environment.     Version Control Tools:   Git  - An awesome tool to version your source code and collaborate.   Terraform  - A tool used in building, changing, and versioning the infrastructure across platforms.       Build Orchestration/Continuous Integration Tools:  Jenkins - It is an open-source, lightweight CI tool written in Java, with high extensibility and a fast release cycle.  Buildbot  - An open-source framework for automating software build, test and release process.  CruiseControl  - A CI server written in  # Ruby ...








Read more