filmov
tv
RHCSA RHEL 8 - Diagnose and address routine SELinux policy violations
Показать описание
Your support on Ko-Fi is much appreciated:
Join our new discord channel:
Buy CSG Merchandise:
This video is based on RHEL 8.
Video to cover the section 'Diagnose and address routine SELinux policy violations' for the RHCSA (Red Hat Certified System Administrator).
Notes from the video:
SELinux defines access controls for the applications, processes, and files on a system. It uses security policies, which are a set of rules that tell SELinux what can or can’t be accessed, to enforce the access allowed by a policy.
When an application or process, known as a subject, makes a request to access an object, like a file, SELinux checks with an access vector cache (AVC), where permissions are cached for subjects and objects.
If SELinux is unable to make a decision about access based on the cached permissions, it sends the request to the security server. The security server checks for the security context of the app or process and the file. Security context is applied from the SELinux policy database. Permission is then granted or denied.
SELinux had a large number of the contexts already defined, for example the type context is defined for already for processes such as ssh.
As mentioned in previous videos/blogs, you need to use setroubleshoot-server to review the SELinux policy violations. If you haven’t installed already:
# dnf install setroubleshoot-server
To view all current policy violations for SELinux:
To search all logs in the audit log:
# ausearch -m AVC,USER_AVC,SELINUX_ERR
You can also view anything logged in the journal too:
# journalctl -t setroubleshoot
There is a tool that assists with the why it any of the issues were blocked:
# audit2why -a
There also is a tool that attempts to give you resolutions to the issues:
# audit2allow -w -a
Then using the approach recommended, we then can make the relevant change to fix the solution.
Note if you don’t have any voilations I found a good one to easily reproduce was removing access for users to be able to execute files in their directories and then attempting the same. To remove access for a particular user do the following (user1):
# echo "user1:user_u:s0-s0:c0.c1023" `append to` /etc/selinux/targeted/seusers
This will give the usser the user_u context.
The configure the selinux boolean to block the execution of files within their directories:
# setsebool -P user_exec_content off
One run, attempt to login as the user, it should then fail and generate an AVC denial.
#rhcsa #rhel #linux #redhat
Join our new discord channel:
Buy CSG Merchandise:
This video is based on RHEL 8.
Video to cover the section 'Diagnose and address routine SELinux policy violations' for the RHCSA (Red Hat Certified System Administrator).
Notes from the video:
SELinux defines access controls for the applications, processes, and files on a system. It uses security policies, which are a set of rules that tell SELinux what can or can’t be accessed, to enforce the access allowed by a policy.
When an application or process, known as a subject, makes a request to access an object, like a file, SELinux checks with an access vector cache (AVC), where permissions are cached for subjects and objects.
If SELinux is unable to make a decision about access based on the cached permissions, it sends the request to the security server. The security server checks for the security context of the app or process and the file. Security context is applied from the SELinux policy database. Permission is then granted or denied.
SELinux had a large number of the contexts already defined, for example the type context is defined for already for processes such as ssh.
As mentioned in previous videos/blogs, you need to use setroubleshoot-server to review the SELinux policy violations. If you haven’t installed already:
# dnf install setroubleshoot-server
To view all current policy violations for SELinux:
To search all logs in the audit log:
# ausearch -m AVC,USER_AVC,SELINUX_ERR
You can also view anything logged in the journal too:
# journalctl -t setroubleshoot
There is a tool that assists with the why it any of the issues were blocked:
# audit2why -a
There also is a tool that attempts to give you resolutions to the issues:
# audit2allow -w -a
Then using the approach recommended, we then can make the relevant change to fix the solution.
Note if you don’t have any voilations I found a good one to easily reproduce was removing access for users to be able to execute files in their directories and then attempting the same. To remove access for a particular user do the following (user1):
# echo "user1:user_u:s0-s0:c0.c1023" `append to` /etc/selinux/targeted/seusers
This will give the usser the user_u context.
The configure the selinux boolean to block the execution of files within their directories:
# setsebool -P user_exec_content off
One run, attempt to login as the user, it should then fail and generate an AVC denial.
#rhcsa #rhel #linux #redhat
0:16:14
RHCSA RHEL 8 - Diagnose and Correct File Permission Problems
RHCSA RHEL 8 - Diagnose and address routine SELinux policy violations
0:05:48
RHCSA RHEL 8 - Restore default file contexts
0:11:44
Diagnose and correct file permission problems
0:07:34
RHCSA RHEL 8 - List and identify SELinux file and process context
0:10:51
RHCSA RHEL 8 - Create and delete logical volumes
0:08:00
Troubleshooting SELinux With setroubleshoot server & sealert (RHCSA 8, Lesson 16G)
0:10:18
RHCSA RHEL 8 - Use boolean settings to modify system SELinux settings
0:14:34
RHCSA RHEL 8 - Configure superuser access
0:29:04
RHCSA RHEL 8 - Practice Exam - Questions 14 - 19
0:20:22
RHCSA on RHEL8 - Managing Local Users
0:03:34
RHCSA Redhat Linux - List, set, and change standard ugo/rwx permissions
0:17:51
RHCSA RHEL 8 - Use input-output redirection
0:06:29
RHCSA 8 - Red Hat Enterprise Linux 8 SELinux User Access
0:23:33
RHEL 7 Diagnose and address routine SELinux policy violations
0:36:55
RHCSA & RHCE on RHEL 8 Course | Lesson 1 | Into and Manual installation
0:15:49
RHCSA RHEL 8 - Manage Layered Storage (Stratis)
0:07:36
RHCSA RHEL 8 - Configure systems to boot into a specific target automatically
0:07:59
RHCSA RHEL 8 - Create, delete, and modify local groups and group memberships
0:11:01
RHCSA v8 Practice Session: Locate and interpret system log files and journals
0:15:45
RHCSA - SELinux Security
0:04:09
Managing Layered Storage With Stratis In Linux (RHCSA 8, Lesson 25A) - Understanding Statis | EX200
0:32:24
RHCSA RHEL 8 - Practice Exam - Questions 7 - 13
0:06:38
RHCSA RHEL 8 - Extend existing logical volumes
Комментарии