CentOS 6.x on VMware Player: Part 7

Note these documents are subject to update, this one was last edited 05/28/2014

selinux_banner

Part 7: Setting SELinux to enforcing

  • SELinux was originally written by the National Security Administration and is mostly used to confine daemons. The stock policy has come a long way and with the following additions this basic implementation is an important part of a multi-pronged security approach.
  • # ls -Z in this case / and in addition to standard permissions, user and group you will also see the SELinux contexts of user:role:type:level before the file name.

  • # setenforce permissive
  • # yum provides /usr/sbin/semanage
  • # yum install -y policycoreutils-python
  • # yum install -y setroubleshoot
  • This script with proper edits will get your web server’s SELinux in basic order:

  • Edit to your configuration, put script in /usr/local/bin with the appropriate permissions and execute.
  • # vi /etc/sysconfig/selinux
  • Edit SELINUX=permissive to SELINUX=enforcing. Save and quit vi.
  • # setenforce 1 then # getenforce to confirm it is enforcing.
  • Additional SELinux booleans and associated file permissions can be a significant part of a thorough security plan – be sure and check back for more!
  • I do expect to update this substantially over time so be sure and check back.

If you have any questions or suggestions don’t hesitate to reach out to me!