If you can see this check that

Main Page

SELinux Usage


SELinux Usage

User:
Password:
This tutorial considers the everyday SELinux challenges you might face using SELinux.

Question 1: Basic Labelling

Create 2 directories in /root, "secure" and "protect". Set the SELinux type of secure to system_conf_t, and set the type of protect to etc_t.

Tests - not attempted
Directories exist UNTESTED
Type secure UNTESTED
Type protect UNTESTED

Create a file called "test1" in secure, and "test2" in protect. Look at the types of these files. How does the types of these new files get decided?

Tests - not attempted
How type is set UNTESTED
Directories exist UNTESTED

Copy test1 to protect/test3. What happens to the test3 type in comparison to test1?

Tests - not attempted
How type is set UNTESTED
File copied UNTESTED

Rename secure/test1 to protect/test4. What happens to the test4 type in comparison to the type test1 was when it was in secure (system_conf_t)?

Tests - not attempted
How type is set UNTESTED
File copied UNTESTED

Use matchpathcon to find the type which would be set if you did a restorecon on protect/test2. Save the output of matchpathcon to /root/match1. What type would be set if you did do restorecon?

Tests - not attempted
Type unchanged UNTESTED
matchpathcon type UNTESTED
matchpathcon output UNTESTED

Use semanage and list the fcontext for all regular expressions, and grep the list for those which start with /root. Grep through this with the restorecon type from the previous question. This should reduce the list to just 1 regular expression, i.e. the one which matchpathcon used to produce the answer above. What is that expression?

Tests - not attempted
Regular expression UNTESTED

Add a rule to semanage fcontext so that any files in /root/ which end with .bin will be set to type bin_t. Create a file /root/test.bin and do a restorecon on that file to confirm it takes on bin_t.

Tests - not attempted
Check dot escaped UNTESTED
Check in root UNTESTED
Check in subdir UNTESTED

Question 2: Boolean control

In this section we will practice accessing and using a selinux boolean.

There is a boolean called httpd_tmp_exec. Is the boolean on or off?

Tests - not attempted
Status correct UNTESTED

Change the boolean called httpd_tmp_exec to on.

Tests - not attempted
Status on UNTESTED

Find out all allow rules which are switched on by setting this boolean to on. Save the output of sesearch to /root/boolrule. When you search, find all rules, unrestricted by source types.

Tests - not attempted
File correct UNTESTED

Question 3: Auditing

Click on the button to cause a mislabelling error for httpd.

Tests - not attempted
Error caused UNTESTED

Start httpd with systemctl. It should fail... this should cause an event.

Tests - not attempted
Status looks like a fail UNTESTED
At least 1 audit event in last 10 mins UNTESTED

Save the AVC event to /root/event. MAKE SURE ONLY THE AVC EVENT IS SAVED, AND THERE IS ONLY 1 AVC LINE.

Tests - not attempted
File looks plausable - count UNTESTED
File looks plausable - content UNTESTED

Use the inode information from the event. What is the full pathname of the directory in the event?

Tests - not attempted
Pathname correct UNTESTED

Use restorecon on that single directory to fix the label. Confirm that httpd now starts.

Tests - not attempted
Label fixed UNTESTED
httpd running UNTESTED


Linux tutorials: intro1 intro2 wildcard permission pipe vi essential admin net SELinux1 SELinux2 fwall DNS diag Apache1 Apache2 Mail
Caine 6.0: Essentials | Basic | Search | SysIntro | 5a | 5b | 5c | 6 | 7a | 7b | 8a | 8b | WebBrowserA | WebBrowserB | Registry | Browser
Digital Investigation: Editing | Email | Logs | Strength
Kali: 1a | 1b | 1c | 2 | 3 | 4a | 4b | 5 | 6 | 7a | 8a | 8b | 9 | 10 |
Useful: Quiz | Forums | Privacy Policy | Terms and Conditions
Site Links:XMLZoo ActiveSQL ProgZoo SQLZoo

Linuxzoo created by Gordon Russell.
@ Copyright 2004-2017 Edinburgh Napier University