RHCSA RHEL 8 - Set enforcing and permissive modes for SELinux

Показать описание

Your support on Ko-Fi is much appreciated:

Join our new discord channel:

Buy CSG Merchandise:

This video is based on RHEL 8.

Video to cover the section 'Set enforcing and permissive modes for SELinux' for the RHCSA (Red Hat Certified System Administrator).

Notes from the video:

SELinux defines access controls for the applications, processes, and files on a system. It uses security policies, which are a set of rules that tell SELinux what can or can’t be accessed, to enforce the access allowed by a policy.

When an application or process, known as a subject, makes a request to access an object, like a file, SELinux checks with an access vector cache (AVC), where permissions are cached for subjects and objects.

If SELinux is unable to make a decision about access based on the cached permissions, it sends the request to the security server. The security server checks for the security context of the app or process and the file. Security context is applied from the SELinux policy database. Permission is then granted or denied.

If permission is denied, an “avc: denied” message will be available in /var/log/messages.

To view the current SELINUX enforcement status:

# getenforce

To get the complete SELINUX status:

# sestatus

To change from enforce to permissive edit the following file:

# vi /etc/selinux/config

The line to edit is:

SELINUX=enforcing

to

SELINUX=permissive

#rhcsa #rhel #linux #redhat

Рекомендации по теме

Комментарии

Instead of editing "/etc/selinux/config" you can also just type "setenforce 0" to set it to permissive and "setenforce 1" to set it to enforcing. It's also important to mention that disabling SELinux only works by editing "/etc/selinux/config" and changing the variable to "disabled" and requires a reboot to be applied.

inoMadv

I might be going crazy, but I don't have a /var/log/messages on my machine (Rocky Linux). I've certainly seen that log in the past, though I can't remember if it was on rhel or another linux distribution. I appear to get the same output you do by using journalctl.

Franchyze

When I type se status it is showing inaccessible or not found error

sshudishkumar.

Sir, kindly upload Linux boot process.

narenchandrasekaran

RHCSA RHEL 8 - Set enforcing and permissive modes for SELinux

RHCSA RHEL 8 - List, set, and change standard ugo/rwx permissions

RHCSA - Configure RHEL 8 Network Part 1

RHCSA RHEL 8 - Configure time service clients

RHCSA RHEL 8 - Create and configure set-GID directories for collaboration

#RHCSA RHEL 8 Automated Installation | RHCSA 8 Complete Course | Linux Certification | Ex200

RHCSA RHEL 8 - Practice on the go

RHCSA RHEL 8 - Configure superuser access

RHCSA RHEL 8 - Adjust process scheduling

RHCSA RHEL 8 - Set enforcing and permissive modes for SELinux

RHCSA RHEL 8 - Create and remove physical volumes and LVM introduction

RHCSA RHEL 8 - Create and delete logical volumes

RHCSA RHEL 8 - Practice Exam - Environment Setup

RHCSA RHEL 8 - Configure disk compression

1.2 Lab Setup on VMWare & Installing RHEL 8 | RHCSA [RHEL 8]

RHCSA RHEL 8 - Practice Exam - Questions 1-6

RHCSA RHEL 8 - Configure systems to mount file systems at boot by UUID or label

Red Hat Certified System Administrator (RHCSA) RHEL 8 Training Course Preview

RHCSA RHEL 8 - Configure systems to boot into a specific target automatically

RHCSA RHEL 8 - Modify the system bootloader

How To Configure NFS Service In Linux - RHEL 8 (RHCSA 8, Lesson 22 )

How to set password in a user in REDHAT RHCSA RHEL 8

RHCSA 8 - Static DNS Using nmcli - Red Hat Enterprise Linux 8

RHCSA RHEL 8 - Configure hostname resolution

RHCSA RHEL 8 - Create and use file access control lists