I have got chance to learn something about SELinux
(Security-Enhanced Linux). This is a online training from O’REILLY.
The Linux operating system was never designed with overall security in mind, and that’s exactly where SELinux
comes in. Using SELinux adds 21st century security to the Linux operating system. It is key to providing access control and is also an important topic in the Red Hat RHCSA, CompTIA Linux+ and Linux Foundation LFCS exams.
Security-Enhanced Linux
I am using a CentOS
machine in this training.
SELinux implements Mandatory Security. All syscalls are denied by default, unless specifically enabled
- All objects (files, ports, processes) are provided with a security label (the context)
- User, role and type part in the context
- Type part is the most important
- The SELinux policy contains rules where you can see which source context has access to which target context
To check if SELinux status, dsiabled or enforcing Enable SELinux
Z
flag is the magic to show SELinux information
1 | ls -Z /boot |
看到22:00,没来得及看完😂,唉。。。这个topic对于目前的我,有点用不上,晦涩。不过这个配置有时会被特别提起,disable or permissive.