| Tutorial details | |
|---|---|
| Difficulty | Intermediate (rss) |
| Root privileges | Yes |
| Requirements | seinfo |
You need to use seinfo command. This command allows the user to query the components of a SELinux policy. You can analyze a binary or a source policy using this tool.
Installation
Type the following command:
# yum install setools-console
Sample outputs:
Loaded plugins: auto-update-debuginfo, protectbase, rhnplugin 0 packages excluded due to repository protections Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package setools-console.x86_64 0:3.3.7-4.el6 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: setools-console x86_64 3.3.7-4.el6 rhel-x86_64-server-6 328 k Transaction Summary ================================================================================ Install 1 Package(s) Total download size: 328 k Installed size: 0 Is this ok [y/N]: y Downloading Packages: setools-console-3.3.7-4.el6.x86_64.rpm | 328 kB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : setools-console-3.3.7-4.el6.x86_64 1/1 Verifying : setools-console-3.3.7-4.el6.x86_64 1/1 Installed: setools-console.x86_64 0:3.3.7-4.el6 Complete!
How do I use seinfo Command?
The syntax is:
seinfo /path/to/policy seinfo [options] /path/to/policy
For example, get information about /etc/selinux/targeted/policy/policy.24 policy, enter:
# seinfo /etc/selinux/targeted/policy/policy.24
Sample outputs:
Statistics for policy file: /etc/selinux/targeted/policy/policy.24 Policy Version & Type: v.24 (binary, mls) Classes: 81 Permissions: 235 Sensitivities: 1 Categories: 1024 Types: 3508 Attributes: 277 Users: 9 Roles: 12 Booleans: 190 Cond. Expr.: 225 Allow: 275791 Neverallow: 0 Auditallow: 97 Dontaudit: 202153 Type_trans: 24052 Type_change: 38 Type_member: 48 Role allow: 20 Role_trans: 292 Range_trans: 3995 Constraints: 87 Validatetrans: 0 Initial SIDs: 27 Fs_use: 22 Genfscon: 81 Portcon: 426 Netifcon: 0 Nodecon: 0 Permissives: 59 Polcap: 2
To list the number of types with the domain attribute, enter:
# seinfo -adomain -x | less
To print a list of user, enter:
# seinfo -adomain -u
Sample outputs:
domain Users: 9 sysadm_u system_u xguest_u root guest_u staff_u user_u unconfined_u git_shell_u
To print a list of roles, enter:
# seinfo -adomain -r
Sample outputs:
domain Roles: 12 guest_r staff_r user_r git_shell_r logadm_r object_r sysadm_r system_r webadm_r xguest_r nx_server_r
To print a list of conditional booleans:
# seinfo -adomain -b
# seinfo -adomain -b | less
# seinfo -adomain -bssh_sysadm_login -x
For more information read seinfo man page:
# man seinfo
You should follow me on twitter here or grab rss feed to keep track of new changes.
Featured Articles:
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
{ 0 comments… add one now }