Admin Insight
30 | DECEMBER 2017 | OPEN SOURCE FOR YOU | http://www.OpenSourceForU.comBy: Kshitij Upadhyay
The author is RHCSA and RHCE certified and loves to write about new technologies.
He can be reached at [email protected].Figure 7: Changing the context of a fileFigure 8: Changing the SELinux Booleancontent isn’t published by
the users. If access has been
granted, then additional steps
need to be taken to solve the
problem.
The most common SELinux
issue is an incorrect file context.
This can occur when a file is
created in a location with one
file context, and moved into a
place where a different context
is expected. In most cases,
running restorecon will correct
the issue. Correcting issues
in this way has a very narrow
impact on the security of the
rest of the system.
Another remedy could be
adjustment of the Boolean. For
example, the ftpd_anon_write
Boolean controls whether
anonymous FTP users can
upload files. This Boolean may
be turned on if you want to
allow anonymous FTP users to
upload files to a server.
It is possible that the SELinux
policy has a bug that prevents
a legitimate access. However,
since SELinux has matured, this
is a rare occurrence.The getsebool command is
used to display SELinux Booleans
and their current values. The -a
option helps this command to list
all the Booleans.
The getsebool command is used
to display SELinux Booleans and
setsebool is used to modify these.
setsebool -P modifies the SELinux
policy to make the modifications
persistent. semanage boolean
-1 will show whether or not a
Boolean is persistent, along with a
short description of it. To list only
local modifications to the state
of the SELinux Booleans (any
setting that differs from the default
in the policy), the -C option with
semanage Boolean can be used.
In Figure 8, the Boolean
was first modified, and then this
modification was made persistent;
the -C option was used with
semanage to list the modifications.Troubleshooting in SELinux
Sometimes, SELinux prevents
access to files on the server.
Here are the steps that should be
followed when this occurs.
Before thinking of making any
adjustments, consider that SELinux
may be doing its job correctly by
prohibiting the attempted access.
If a Web server tries to access the
files in /home, this could signal aFigure 6: Preserving the context of the filecompromise of the service if WebMONTH THEME
March 2017 Open Source Firewall, Network security and Monitoring
April 2017 Databases management and Optimisation
May 2017 Open Source Programming (Languages and tools)
June 2017 Open Source and IoT
July 2017 Mobile App Development and Optimisation
August 2017 Docker and Containers
September 2017 Web and desktop app Development
October 2017 Artificial Intelligence, Deep learning and Machine Learning
November 2017 Open Source on Windows
December 2017 BigData, Hadoop, PaaS, SaaS, Iaas and Cloud
January 2018 Data Security, Storage and Backup
February 2018 Best in the world of Open Source (Tools and Services)OSFY Magazine Attractions During 2017-18