If you can see this check that

Main Page

SELinux Administration


SELinux Administration

User:
Password:
This tutorial is focused on the system administration side of SELinux. It is very much a primer in exploring how SELinux works and how some of the databases are used.

To reset all the check buttons from a previous attempt click here

Question 1: Global Settings

Use the getenforce administrative command. What is the current setting?

Tests - not attempted
Correct value UNTESTED

What is the absolute pathname to the selinux directory in /sys?

Tests - not attempted
Correct value UNTESTED

How does the information from getenforce compare to the related enforce status value stored in /sys?

Tests - not attempted
Correct value UNTESTED

How many files and directories are actually in the top level of the SELinux directory in /sys?

Tests - not attempted
Number of items UNTESTED

Question 2: Basic Labels

Locate the syslog daemon (called rsyslogd). What is the full true pathname?

Tests - not attempted
Full Pathname UNTESTED

What is the SELinux label of this executable rsyslogd file?

UserRoleTypeSensitivity

Tests - not attempted
User Correct UNTESTED
Role Correct UNTESTED
Type Correct UNTESTED
Sensitivity Correct UNTESTED

The daemon rsyslogd uses /etc/rsyslog.conf as its configuration file. What is the SELinux label of the rsyslogd configuration file?

UserRoleTypeSensitivity

Tests - not attempted
User Correct UNTESTED
Role Correct UNTESTED
Type Correct UNTESTED
Sensitivity Correct UNTESTED

Given that rsyslogd is running currently, what is the label of the process. Use the list of running processes to discover this.

UserRoleTypeSensitivity

Tests - not attempted
User Correct UNTESTED
Role Correct UNTESTED
Type Correct UNTESTED
Sensitivity Correct UNTESTED

With the label of the running process, and the label of the configuration file, use sesearch to find the semantic rules to allow the process to read the configuration file. Make sure you look only for allow rules, and limit the search to the specific source type and target type, and also limit your search to just file rules.

Save the output of this command to /root/selinux1.

Tests - not attempted
Allow correct UNTESTED

There are other allow rules, not just ones which relate to files. Confirm the existance of one for accessing directories fo the syslog daemon's configuration file label. Use a class of "dir" to do this. Again there should be only 1.

Save the output of this command to /root/selinux2 and confirm the contents visually.

Tests - not attempted
Allow correct UNTESTED

What directories in the top level of /etc have this configuration type label?

Use an "ls -Z" command on /etc, and combine it with 2 greps so you locate the correct syslog configuration label while restricting your search to just directories. Save this output to /root/selinux3.

Tests - not attempted
Just directories matching UNTESTED

Now use the "find" command to find all files and directories in /etc which have this configuration type label. You need to use -context. HINT: -context is the whole label, so use filename-style wildcards so you only need to specify the type.

Save this output to /root/selinux4.

Tests - not attempted
Find info correct UNTESTED

Question 3: Port Rules

The syslog daemon you investigated is allowed to open a number of ports, both tcp and udp. Use the sesearch on the syslogd_t type, focusing on tcp sockets and the name_bind permission. Include the -C to better understand conditional rules.

You should ignore rules where the line begins with DT or DF. This indicates the conditional rule is currently disabled.

How many ENABLED name_bind permissions are allowed from syslogd_t.

Tests - not attempted
Count correct UNTESTED

Use the types of the previous answer to loop up the ports associated with those types. Taking ONLY the tcp ports, make a list ordered in ascending port number, seperated by commas if necessary, and without any white space. So if all the port types together give you tcp ports 1,5, and 10, your answer would be "1,5,10".

Tests - not attempted
TCP ports from types UNTESTED

Take the highest numbered tcp port you discovered from the last question and look it up in /etc/services. What is the services name (the first column) for this port?

Tests - not attempted
Service name UNTESTED

Question 4: Process Transitions

Locate the Network Manager daemon (called NetworkManager). What is the full true pathname?

Tests - not attempted
Full Pathname UNTESTED

Given that NetworkManager is running currently, what is the label of the process. Use the list of running processes to discover this

UserRoleTypeSensitivity

Tests - not attempted
User Correct UNTESTED
Role Correct UNTESTED
Type Correct UNTESTED
Sensitivity Correct UNTESTED

When NetworkManager runs, it executes files in /etc/NetworkManager/dispatcher.d whenever a network interface changes state. What is the label for the executables in the dispatcher.d directory?

UserRoleTypeSensitivity

Tests - not attempted
User Correct UNTESTED
Role Correct UNTESTED
Type Correct UNTESTED
Sensitivity Correct UNTESTED

When the NetworkManager process type executes a file in the dispatcher.d directory, what process transition is followed? Find the one process transition which manages this. What process type do these files run as?

Tests - not attempted
Process type UNTESTED


Centos 7 intro: Paths | BasicShell | Search
Linux tutorials: intro1 intro2 wildcard permission pipe vi essential admin net SELinux1 SELinux2 fwall DNS diag Apache1 Apache2 log Mail
Caine 10.0: Essentials | Basic | Search | Acquisition | SysIntro | grep | MBR | GPT | FAT | NTFS | FRMeta | FRTools | Browser | Mock Exam |
Caine 13.0: Essentials | Basic | Search | Acquisition | SysIntro | grep | MBR | GPT | FAT | NTFS | FRMeta | FRTools | Browser | Registry | Mock Exam |
CPD: Cygwin | Paths | Files and head/tail | Find and regex | Sort | Log Analysis
Kali: 1a | 1b | 1c | 2 | 3 | 4a | 4b | 5 | 6 | 7a | 8a | 8b | 9 | 10 |
Kali 2020-4: 1a | 1b | 1c | 2 | 3 | 4a | 4b | 5 | 6 | 7 | 8a | 8b | 9 | 10 |
Useful: Quiz | Forums | Privacy Policy | Terms and Conditions

Linuxzoo created by Gordon Russell.
@ Copyright 2004-2024 Edinburgh Napier University