Changing To A Different Role; When To Reboot; Analyst Control Of Selinux; Enabling Kernel Auditing - Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT Deployment Manual
Hide thumbs
Also See for ENTERPRISE LINUX 5 - DEPLOYMENT:
- Manual (402 pages) ,
- Configuration (86 pages) ,
- Overview (68 pages)
Table of Contents
Advertisement
Chapter 45. Working With SELinux
togglesebool boolean ...
This command toggles the setting of one or more booleans. This effects boolean settings in
memory only; changes are not persistent across reboots.
45.2.13. Changing to a Different Role
You use the newrole command to run a new shell with the specified type and/or role. Changing roles
is typically only meaningful in the strict policy; the targeted policy is generally restricted to a single role.
Changing types may be useful for testing, validation, and development purposes.
newrole -r <role_r> -t <type_t> [-- [ARGS]...]
The ARGS are passed directly to the shell specified in the user's entry in the /etc/passwd file.
Note
The newrole command is part of the policycoreutils-newrole package, which
is required if you install the strict or MLS policy. It is not installed by default in Red Hat
Enterprise Linux.
45.2.14. When to Reboot
The primary reason for rebooting the system from an SELinux perspective is to completely relabel the
file system. On occasion you might need to reboot the system to enable or disable SELinux.
45.3. Analyst Control of SELinux
This section describes some common tasks that a security analyst might need to perform on an
SELinux system.
45.3.1. Enabling Kernel Auditing
As part of an SELinux analysis or troubleshooting exercise, you might choose to enable complete
kernel-level auditing. This can be quite verbose, because it generates one or more additional audit
messages for each AVC audit message. To enable this level of auditing, append the audit=1
parameter to your kernel boot line, either in the /etc/grub.conf file or on the GRUB menu at boot
time.
This is an example of a full audit log entry when httpd is denied access to ~/public_html because
the directory is not labeled as Web content. Notice that the time and serial number stamps in the
audit(...) field are identical in each case. This makes it easier to track a specific event in the audit logs:
Jan 15 08:03:56 hostname kernel: audit(1105805036.075:2392892): \
avc:
denied
{ getattr } for
path=/home/auser/public_html dev=hdb2 ino=921135 \
scontext=user_u:system_r:httpd_t \
tcontext=system_u:object_r:user_home_t tclass=dir
The following audit message tells more about the source, including the kind of system call involved,
showing that httpd tried to stat the directory:
768
pid=2239 exe=/usr/sbin/httpd \
Advertisement
Table of Contents
Related Manuals for Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT
Related Products for Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT
- Red Hat CLUSTER FOR ENTERPRISE LINUX 5.0
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 5.1
- Red Hat ENTERPRISE LINUX 5 - DM MULTIPATH
- Red Hat ENTERPRISE LINUX 5.1 DM MULTIPATH
- Red Hat ENTERPRISE LINUX 5.1 - LVM ADMINISTRATION
- Red Hat ENTERPRISE LINUX 5.1 - LINUX ORACLE
- Red Hat ENTERPRISE LINUX 5.3 - RELEASE MANIFEST
- Red Hat ENTERPRISE LINUX 5.5 - S 2010
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 5.2
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.5
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.7
- Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE
- Red Hat ENTERPRISE LINUX 3 - USING BINUTILS
- Red Hat ENTERPRISE LINUX 3 - STEP BY STEP GUIDE
- Red Hat ENTERPRISE LINUX 4 - DM MULTIPATH
- Red Hat ENTERPRISE LINUX 4.5.0 -
Need help?
Do you have a question about the ENTERPRISE LINUX 5 - DEPLOYMENT and is the answer not in the manual?
Questions and answers