SELinux

  • Modify the mode SELinux is running in: setenforce 0 or setenforce 1
  • Disable selinux in config file (symlink /etc/sysconfig/selinux): sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
  • Show all SELinux booleans: getsebool -a
  • Display the contexts of files and processes listed in the /etc/sestatus.conf file: sestatus -v
  • Display security context format for all processes: ps -efZ
  • Display security context for the file: ls -lZ /etc/fstab
  • List SELinux users: semanage user -l
  • List SELinux ports: semanage port -l
  • Allow Apache to listen on tcp port 81: semanage port -a -t http_port_t -p tcp 81
  • List file context mapping definitions for entries related to named: semanage fcontext -l | grep named or grep named /etc/selinux/targeted/contexts/files/file_contexts
  • Change files and directories file labels recursively: restorecon -r /var/www/html/
  • Set user USER in the target security context: chcon -u <user> <file>
  • Set role ROLE in the target security context: chcon -r <role> <file>
  • Set type TYPE in the target security context: chcon -t <type> <file>
  • Use RFILE’s security context rather than specifying a CONTEXT value: chcon --reference <rfile> <file>
  • Restore file default SELinux security contexts: restorecon -v /etc/fstab
  • Show any incorrect file labels, but do not change any file labels: fixfiles check
  • Change the labels of any incorrectly labeled files: fixfiles restore
  • Relabel all available filesystems: fixfiles relabel