SELinux Administration

Use the getenforce administrative command. What is the current setting?
0 1 Enforcing Enabled Active Permissive Disabled Inactive

What is the absolute pathname to the selinux directory in /sys?

How does the information from getenforce compare to the related enforce status value stored in /sys?
0 1 Enforcing Enabled Active Permissive Disabled Inactive

How many files and directories are actually in the top level of the SELinux directory in /sys?

Locate the syslog daemon (called rsyslogd). What is the full true pathname?

What is the SELinux label of this executable rsyslogd file?

The daemon rsyslogd uses /etc/rsyslog.conf as its configuration file. What is the SELinux label of the rsyslogd configuration file?

Given that rsyslogd is running currently, what is the label of the process. Use the list of running processes to discover this.

With the label of the running process, and the label of the configuration file, use sesearch to find the semantic rules to allow the process to read the configuration file. Make sure you look only for allow rules, and limit the search to the specific source type and target type, and also limit your search to just file rules.

Save the output of this command to /root/selinux1.

There are other allow rules, not just ones which relate to files. Confirm the existance of one for accessing directories fo the syslog daemon's configuration file label. Use a class of "dir" to do this. Again there should be only 1.

Save the output of this command to /root/selinux2 and confirm the contents visually.

What directories in the top level of /etc have this configuration type label?

Use an "ls -Z" command on /etc, and combine it with 2 greps so you locate the correct syslog configuration label while restricting your search to just directories. Save this output to /root/selinux3.

Now use the "find" command to find all files and directories in /etc which have this configuration type label. You need to use -context. HINT: -context is the whole label, so use filename-style wildcards so you only need to specify the type.

Save this output to /root/selinux4.

The syslog daemon you investigated is allowed to open a number of ports, both tcp and udp. Use the sesearch on the syslogd_t type, focusing on tcp sockets and the name_bind permission. Include the -C to better understand conditional rules.

You should ignore rules where the line begins with DT or DF. This indicates the conditional rule is currently disabled.

How many ENABLED name_bind permissions are allowed from syslogd_t.

Use the types of the previous answer to loop up the ports associated with those types. Taking ONLY the tcp ports, make a list ordered in ascending port number, seperated by commas if necessary, and without any white space. So if all the port types together give you tcp ports 1,5, and 10, your answer would be "1,5,10".

Take the highest numbered tcp port you discovered from the last question and look it up in /etc/services. What is the services name (the first column) for this port?

Locate the Network Manager daemon (called NetworkManager). What is the full true pathname?

Given that NetworkManager is running currently, what is the label of the process. Use the list of running processes to discover this

When NetworkManager runs, it executes files in /etc/NetworkManager/dispatcher.d whenever a network interface changes state. What is the label for the executables in the dispatcher.d directory?

When the NetworkManager process type executes a file in the dispatcher.d directory, what process transition is followed? Find the one process transition which manages this. What process type do these files run as?