Security

How to use and configure SELinux

HomeSecurityHow to use and configure SELinux

Rocky Linux is a popular distribution of the Linux operating system, known for its stability and reliability. One of the key features of Rocky Linux is its support for SELinux, a security-enhanced Linux implementation that provides additional security controls and protections.

To enable SELinux on Rocky Linux, you need to edit the /etc/selinux/config file. This file contains the SELinux configuration options, including the mode in which SELinux should operate. To enable SELinux, you need to set the SELINUX option to enforcing. For example:


SELINUX=enforcing

Once you have edited the /etc/selinux/config file and set the SELINUX option to enforcing, you need to reboot your system for the changes to take effect. After the system has rebooted, SELinux will be enabled and will start enforcing the security policies.

To check the current status of SELinux, you can use the sestatus command. This command will display the current SELinux mode, as well as other information about the SELinux configuration. For example:

Copy code
# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31

As you can see, the output of the sestatus command shows that SELinux is enabled and operating in enforcing mode.

To manage the SELinux policies on Rocky Linux, you can use the semanage command. This command allows you to view and modify the SELinux policy rules, as well as add or remove SELinux users and roles. For example, to list the currently defined SELinux users, you can use the following command:


# semanage user -l

This will display a list of all the SELinux users that are currently defined on the system.

To add a new SELinux user, you can use the semanage user -a command. For example, to add a new user named webuser, you would use the following command:


# semanage user -a -R 'staff_r webadm_r' webuser

This will add the webuser user to the staff_r and webadm_r roles, which will allow the user to access the necessary resources.

In conclusion, SELinux is a powerful security feature of Rocky Linux that provides.

Tags:
Christian Wells

Older Post

What is Firewall-cmd and how to configure.

Next Post

How to create a Logical Volume on Ubuntu

Related Product

How to Secure Your Server with DenyHosts on Ubuntu 24.04

How to Set Up UFW Firewall on Debian 12