SlideShare a Scribd company logo

How to use SELINUX (No I don't mean turn it off)

Chuck Reeves, profile picture
Chuck Reeves

The document provides an overview of using SELinux, highlighting its multi-level security features, context management, and the role of policies in access control. It discusses how each inode has a context that defines user, role, type, and level, and outlines mechanisms for troubleshooting and managing SELinux booleans. Key topics include setting contexts, checking access decisions, and resources for further information.

Technology
1 of 34
Downloaded 21 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
HOWTOUSE SELINUX CHUCK REEVES @MANCHUCK NO I DON'T MEAN TURN IT OFF
ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF ABOUT ▸ Built using Kernel Modules ▸ More permissions than CRUD and Access ▸ Allows Multi-Level Security using BLP and Biba Models ▸ Permissions set on the inode instead of the file ▸ Mandatory Access Control (MAC)
ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF
ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF WHAT YOU NEED TO KNOW ▸ Each iNode is given a single context ▸ Each context identifies a user, role, type and level ▸ SELINUX then allows (or denies) access using the context with a policy ▸ Decision is cached in the Access Vector Cache (AVC) ▸ Decisions is made after the DAC access is checked
ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF WHAT YOU NEED TO KNOW ▸ SELINUX manages: ▸ Users ▸ Sockets ▸ Memory ▸ Directories ▸ TCP/UDP connections
ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF PROCESS TYPES ▸ Confined ▸ Runs in own domain (role) ▸ Resources are limited to the roles and policy ▸ Un-Confined ▸ fallback to the DAC policies
ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF CONTEXTS ▸ Policy checks context of inode for access ▸ "If a process is running with <context_foo> then anything with <context_foo_type> is allowed access" ▸ Four parts: user, role, type and level (optional)
ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF CONTEXTS ▸ Set automatically based on the parent context (mostly) ▸ RPM ▸ Management tools (ansible, chef, puppet) ▸ When a File transitions (moving an uploaded file) ▸ By the sysadmin with chcon, restorecon
ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF FINDING CONTEXT ls -alZ /home
ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF FINDING CONTEXT ps -Z
ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF BOOLEANS ▸ On off settings for policies ▸ Allow HTTPD to make network connections ▸ Allow FTP to access home directories ▸ Overcomes issues with over labeling contexts
ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF TURNING IT BACK ON ▸ TARGETED ▸ PERMISSIVE ▸ DISABLED (You already know this one)
ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF TURNING IT BACK ON <edit> /etc/selinux/config
ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF TURNING IT BACK ON sudo yum install setroubleshoot setroubleshoot-server sudo service auditd restart
ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF TURNING IT BACK ON ls -alZ sudo touch /.autorelabel
ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF TURNING IT BACK ON ls -alZ
ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF
ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF
ZendCon 2016 TEXT TROUBLESHOOTING EXAMPLE: DATABASE tail -f /var/log/audit/audit.log
ZendCon 2016 TEXT TROUBLESHOOTING EXAMPLE: DATABASE tail -f /var/log/messages
ZendCon 2016 TEXT TROUBLESHOOTING EXAMPLE: DATABASE sealert -l <message id>
ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF BOOLEANS setsebool -P httpd_can_network_connect 1
ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF BOOLEANS semanage boolean -l | grep httpd_enable_ftp_server
ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF BOOLEANS getsebool -a getsebool <boolean>
ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF BOOLEANS semanage boolean -l | grep httpd_enable_ftp_server
ZendCon 2016 TEXT TROUBLESHOOTING EXAMPLE: FILE UPLOAD ls -Z
ZendCon 2016 TEXT TROUBLESHOOTING EXAMPLE: FILE UPLOAD sealert -l <message id>
ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF SETTING CONTEXT chcon -R -t httpd_sys_content_t web/ ls -Z web
ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF SETTING CONTEXT mkdir web/ touch web/file{1,2,3} ls -Z web
ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF
ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF
ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF
ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF RESOURCES ▸ RedHat Documentation for SELINUX: https://access.redhat.com/ documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security- Enhanced_Linux/index.html ▸ Servers for Hackers, Batteling SELINUX: https://serversforhackers.com/video/ battling-selinux-cast ▸ SELinux For Mere Mortals: https://www.youtube.com/watch?v=MxjenQ31b70
THANKS CHUCK REEVES @MANCHUCK

More Related Content

What's hot (20)

PDF
The SElinux Notebook :the foundations - Vol 1
Eliel Prado
 
PPTX
Security Enhanced Linux Overview
Emre Can Kucukoglu
 
ODP
chroot and SELinux
Shay Cohen
 
PDF
SELinux basics
Lubomir Rintel
 
ODP
SELinux for Everyday Users
PaulWay
 
PDF
How to not disable SELinux
Rémy Gottschalk
 
PDF
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
Shawn Wells
 
PDF
How Many Linux Security Layers Are Enough?
Michael Boelen
 
PDF
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
Anne Nicolas
 
PPTX
Linux security introduction
Mohamed Gad
 
PPT
Linux Security
nayakslideshare
 
PPT
Threats, Vulnerabilities & Security measures in Linux
Amitesh Bharti
 
PPT
Linux Operating System Vulnerabilities
Information Technology
 
PPT
Basic Linux Security
pankaj009
 
PPT
Security and Linux Security
Rizky Ariestiyansyah
 
ODP
Security, Hack1ng and Hardening on Linux - an Overview
Kaiwan Billimoria
 
ODP
Introduction To Linux Security
Michael Boman
 
PDF
2008 08-12 SELinux: A Key Component in Secure Infrastructures
Shawn Wells
 
ODP
Linux Network Security
Amr Ali
 
PPTX
Ssh (The Secure Shell)
Mehedi Farazi
 
The SElinux Notebook :the foundations - Vol 1
Eliel Prado
 
Security Enhanced Linux Overview
Emre Can Kucukoglu
 
chroot and SELinux
Shay Cohen
 
SELinux basics
Lubomir Rintel
 
SELinux for Everyday Users
PaulWay
 
How to not disable SELinux
Rémy Gottschalk
 
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
Shawn Wells
 
How Many Linux Security Layers Are Enough?
Michael Boelen
 
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
Anne Nicolas
 
Linux security introduction
Mohamed Gad
 
Linux Security
nayakslideshare
 
Threats, Vulnerabilities & Security measures in Linux
Amitesh Bharti
 
Linux Operating System Vulnerabilities
Information Technology
 
Basic Linux Security
pankaj009
 
Security and Linux Security
Rizky Ariestiyansyah
 
Security, Hack1ng and Hardening on Linux - an Overview
Kaiwan Billimoria
 
Introduction To Linux Security
Michael Boman
 
2008 08-12 SELinux: A Key Component in Secure Infrastructures
Shawn Wells
 
Linux Network Security
Amr Ali
 
Ssh (The Secure Shell)
Mehedi Farazi
 

Similar to How to use SELINUX (No I don't mean turn it off) (20)

PPTX
11 - SELinux in Red Hat
Shafaan Khaliq Bhatti
 
PDF
Zend Core on IBM i - Security Considerations
ZendCon
 
PDF
4 effective methods to disable se linux temporarily or permanently
chinkshady
 
ODP
How to live with SELinux
Bert Desmet
 
PDF
Linux Security with SElinux
Manolis Kartsonakis
 
PDF
کارگاه امنیت با عنوان Stop Disabling SElinux
جشنوارهٔ روز آزادی نرم‌افزار تهران
 
PDF
3 technical-dns-workshop-day2
DNS Entrepreneurship Center
 
PDF
Running open source PHP applications on you IBM i
Proximity Group
 
PDF
Your Inner Sysadmin - LonestarPHP 2015
Chris Tankersley
 
PDF
Conquering the Command Line
Adrian Cardenas
 
PPT
PHP Security on i5/OS
ZendCon
 
PDF
Zend Framework 1.8 workshop
Nick Belhomme
 
PPTX
selinuxbasicusage.pptx
Pandiya Rajan
 
PDF
Make your cheap VM fly
Code Enigma
 
PPT
Apache Street Smarts Presentation (SANS 99)
Michael Dobe, Ph.D.
 
PDF
PowerPoint Presentation
webhostingguy
 
KEY
Apache Wizardry - Ohio Linux 2011
Rich Bowen
 
PPTX
Getting started with PHP on IBM i
Zend by Rogue Wave Software
 
PDF
L.A.M.P Installation Note --- CentOS 6.5
William Lee
 
PPTX
Docker for PHP Developers - ZendCon 2016
Chris Tankersley
 
11 - SELinux in Red Hat
Shafaan Khaliq Bhatti
 
Zend Core on IBM i - Security Considerations
ZendCon
 
4 effective methods to disable se linux temporarily or permanently
chinkshady
 
How to live with SELinux
Bert Desmet
 
Linux Security with SElinux
Manolis Kartsonakis
 
کارگاه امنیت با عنوان Stop Disabling SElinux
جشنوارهٔ روز آزادی نرم‌افزار تهران
 
3 technical-dns-workshop-day2
DNS Entrepreneurship Center
 
Running open source PHP applications on you IBM i
Proximity Group
 
Your Inner Sysadmin - LonestarPHP 2015
Chris Tankersley
 
Conquering the Command Line
Adrian Cardenas
 
PHP Security on i5/OS
ZendCon
 
Zend Framework 1.8 workshop
Nick Belhomme
 
selinuxbasicusage.pptx
Pandiya Rajan
 
Make your cheap VM fly
Code Enigma
 
Apache Street Smarts Presentation (SANS 99)
Michael Dobe, Ph.D.
 
PowerPoint Presentation
webhostingguy
 
Apache Wizardry - Ohio Linux 2011
Rich Bowen
 
Getting started with PHP on IBM i
Zend by Rogue Wave Software
 
L.A.M.P Installation Note --- CentOS 6.5
William Lee
 
Docker for PHP Developers - ZendCon 2016
Chris Tankersley
 
Ad

More from Chuck Reeves (9)

PDF
Stop multiplying by 4 Laracon
Chuck Reeves
 
PDF
Stop multiplying by 4 Lone Star PHP
Chuck Reeves
 
PDF
Single page Apps with Angular and Apigility
Chuck Reeves
 
PDF
Zend Framework Foundations
Chuck Reeves
 
PPTX
Stop multiplying by 4 nyphp
Chuck Reeves
 
PPTX
Stop multiplying by 4 PHP Tour 2014
Chuck Reeves
 
PPTX
Stop multiplying by 4: Practical Software Estimation
Chuck Reeves
 
PPTX
Software requirements and estimates
Chuck Reeves
 
PPTX
How x debug restored partial sanity to the insane
Chuck Reeves
 
Stop multiplying by 4 Laracon
Chuck Reeves
 
Stop multiplying by 4 Lone Star PHP
Chuck Reeves
 
Single page Apps with Angular and Apigility
Chuck Reeves
 
Zend Framework Foundations
Chuck Reeves
 
Stop multiplying by 4 nyphp
Chuck Reeves
 
Stop multiplying by 4 PHP Tour 2014
Chuck Reeves
 
Stop multiplying by 4: Practical Software Estimation
Chuck Reeves
 
Software requirements and estimates
Chuck Reeves
 
How x debug restored partial sanity to the insane
Chuck Reeves
 
Ad

Recently uploaded (20)

PDF
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
 
PDF
Presentation about Hardware and Software in Computer
snehamodhawadiya
 
PPTX
AI in Daily Life: How Artificial Intelligence Helps Us Every Day
vanshrpatil7
 
PPTX
Farrell_Programming Logic and Design slides_10e_ch02_PowerPoint.pptx
bashnahara11
 
PDF
CIFDAQ's Market Wrap : Bears Back in Control?
CIFDAQ
 
PDF
Market Insight : ETH Dominance Returns
CIFDAQ
 
PPTX
AI and Robotics for Human Well-being.pptx
JAYMIN SUTHAR
 
PPTX
Applied-Statistics-Mastering-Data-Driven-Decisions.pptx
parmaryashparmaryash
 
PPTX
Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...
AndreeaTom
 
PPTX
Agentic AI in Healthcare Driving the Next Wave of Digital Transformation
danielle hunter
 
PDF
Tea4chat - another LLM Project by Kerem Atam
a0m0rajab1
 
PPTX
AVL ( audio, visuals or led ), technology.
Rajeshwri Panchal
 
PPTX
Agile Chennai 18-19 July 2025 | Workshop - Enhancing Agile Collaboration with...
AgileNetwork
 
PDF
Build with AI and GDG Cloud Bydgoszcz- ADK .pdf
jaroslawgajewski1
 
PPTX
What-is-the-World-Wide-Web -- Introduction
tonifi9488
 
PPTX
Simple and concise overview about Quantum computing..pptx
mughal641
 
PDF
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
PDF
Trying to figure out MCP by actually building an app from scratch with open s...
Julien SIMON
 
PDF
GDG Cloud Munich - Intro - Luiz Carneiro - #BuildWithAI - July - Abdel.pdf
Luiz Carneiro
 
PDF
TrustArc Webinar - Navigating Data Privacy in LATAM: Laws, Trends, and Compli...
TrustArc
 
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
 
Presentation about Hardware and Software in Computer
snehamodhawadiya
 
AI in Daily Life: How Artificial Intelligence Helps Us Every Day
vanshrpatil7
 
Farrell_Programming Logic and Design slides_10e_ch02_PowerPoint.pptx
bashnahara11
 
CIFDAQ's Market Wrap : Bears Back in Control?
CIFDAQ
 
Market Insight : ETH Dominance Returns
CIFDAQ
 
AI and Robotics for Human Well-being.pptx
JAYMIN SUTHAR
 
Applied-Statistics-Mastering-Data-Driven-Decisions.pptx
parmaryashparmaryash
 
Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...
AndreeaTom
 
Agentic AI in Healthcare Driving the Next Wave of Digital Transformation
danielle hunter
 
Tea4chat - another LLM Project by Kerem Atam
a0m0rajab1
 
AVL ( audio, visuals or led ), technology.
Rajeshwri Panchal
 
Agile Chennai 18-19 July 2025 | Workshop - Enhancing Agile Collaboration with...
AgileNetwork
 
Build with AI and GDG Cloud Bydgoszcz- ADK .pdf
jaroslawgajewski1
 
What-is-the-World-Wide-Web -- Introduction
tonifi9488
 
Simple and concise overview about Quantum computing..pptx
mughal641
 
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
Trying to figure out MCP by actually building an app from scratch with open s...
Julien SIMON
 
GDG Cloud Munich - Intro - Luiz Carneiro - #BuildWithAI - July - Abdel.pdf
Luiz Carneiro
 
TrustArc Webinar - Navigating Data Privacy in LATAM: Laws, Trends, and Compli...
TrustArc
 

How to use SELINUX (No I don't mean turn it off)

  • 2. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF ABOUT ▸ Built using Kernel Modules ▸ More permissions than CRUD and Access ▸ Allows Multi-Level Security using BLP and Biba Models ▸ Permissions set on the inode instead of the file ▸ Mandatory Access Control (MAC)
  • 3. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF
  • 4. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF WHAT YOU NEED TO KNOW ▸ Each iNode is given a single context ▸ Each context identifies a user, role, type and level ▸ SELINUX then allows (or denies) access using the context with a policy ▸ Decision is cached in the Access Vector Cache (AVC) ▸ Decisions is made after the DAC access is checked
  • 5. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF WHAT YOU NEED TO KNOW ▸ SELINUX manages: ▸ Users ▸ Sockets ▸ Memory ▸ Directories ▸ TCP/UDP connections
  • 6. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF PROCESS TYPES ▸ Confined ▸ Runs in own domain (role) ▸ Resources are limited to the roles and policy ▸ Un-Confined ▸ fallback to the DAC policies
  • 7. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF CONTEXTS ▸ Policy checks context of inode for access ▸ "If a process is running with <context_foo> then anything with <context_foo_type> is allowed access" ▸ Four parts: user, role, type and level (optional)
  • 8. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF CONTEXTS ▸ Set automatically based on the parent context (mostly) ▸ RPM ▸ Management tools (ansible, chef, puppet) ▸ When a File transitions (moving an uploaded file) ▸ By the sysadmin with chcon, restorecon
  • 9. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF FINDING CONTEXT ls -alZ /home
  • 10. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF FINDING CONTEXT ps -Z
  • 11. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF BOOLEANS ▸ On off settings for policies ▸ Allow HTTPD to make network connections ▸ Allow FTP to access home directories ▸ Overcomes issues with over labeling contexts
  • 12. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF TURNING IT BACK ON ▸ TARGETED ▸ PERMISSIVE ▸ DISABLED (You already know this one)
  • 13. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF TURNING IT BACK ON <edit> /etc/selinux/config
  • 14. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF TURNING IT BACK ON sudo yum install setroubleshoot setroubleshoot-server sudo service auditd restart
  • 15. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF TURNING IT BACK ON ls -alZ sudo touch /.autorelabel
  • 16. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF TURNING IT BACK ON ls -alZ
  • 17. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF
  • 18. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF
  • 19. ZendCon 2016 TEXT TROUBLESHOOTING EXAMPLE: DATABASE tail -f /var/log/audit/audit.log
  • 20. ZendCon 2016 TEXT TROUBLESHOOTING EXAMPLE: DATABASE tail -f /var/log/messages
  • 21. ZendCon 2016 TEXT TROUBLESHOOTING EXAMPLE: DATABASE sealert -l <message id>
  • 22. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF BOOLEANS setsebool -P httpd_can_network_connect 1
  • 23. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF BOOLEANS semanage boolean -l | grep httpd_enable_ftp_server
  • 24. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF BOOLEANS getsebool -a getsebool <boolean>
  • 25. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF BOOLEANS semanage boolean -l | grep httpd_enable_ftp_server
  • 27. ZendCon 2016 TEXT TROUBLESHOOTING EXAMPLE: FILE UPLOAD sealert -l <message id>
  • 28. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF SETTING CONTEXT chcon -R -t httpd_sys_content_t web/ ls -Z web
  • 29. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF SETTING CONTEXT mkdir web/ touch web/file{1,2,3} ls -Z web
  • 30. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF
  • 31. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF
  • 32. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF
  • 33. ZendCon 2016 HOW TO USE SELINUX - NO I DON'T MEAN TURN IT OFF RESOURCES ▸ RedHat Documentation for SELINUX: https://access.redhat.com/ documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security- Enhanced_Linux/index.html ▸ Servers for Hackers, Batteling SELINUX: https://serversforhackers.com/video/ battling-selinux-cast ▸ SELinux For Mere Mortals: https://www.youtube.com/watch?v=MxjenQ31b70