Your support on Ko-Fi is much appreciated:
👉 [ Ссылка ]

Join our new discord channel:
👉 [ Ссылка ]

Buy CSG Merchandise:
👉 [ Ссылка ]

This video is based on RHEL 8.

Video to cover the section 'Set enforcing and permissive modes for SELinux' for the RHCSA (Red Hat Certified System Administrator).

More information on the required learning: [ Ссылка ]

Notes from the video:

SELinux defines access controls for the applications, processes, and files on a system. It uses security policies, which are a set of rules that tell SELinux what can or can’t be accessed, to enforce the access allowed by a policy.

When an application or process, known as a subject, makes a request to access an object, like a file, SELinux checks with an access vector cache (AVC), where permissions are cached for subjects and objects.

If SELinux is unable to make a decision about access based on the cached permissions, it sends the request to the security server. The security server checks for the security context of the app or process and the file. Security context is applied from the SELinux policy database. Permission is then granted or denied.

If permission is denied, an “avc: denied” message will be available in /var/log/messages.

To view the current SELINUX enforcement status:

# getenforce

To get the complete SELINUX status:

# sestatus

To change from enforce to permissive edit the following file:

# vi /etc/selinux/config

The line to edit is:

SELINUX=enforcing

to

SELINUX=permissive

#rhcsa #rhel #linux #redhat

свернуть