I'm trying to use semanage command to configure certain elements of SELinux policy without requiring modification to or recompilation from policy sources under RHEL 6 server. But, I'm not able to find out this command and/or package name. How do I install semanage command under RedHat Enterprise Linux?
You need to use the yum command to find out which package provides file called /usr/sbin/semanage. Type the following command:
# yum provides /usr/sbin/semanage
OR
# yum whatprovides /usr/sbin/semanage
Sample outputs:
Loaded plugins: rhnplugin policycoreutils-python-2.0.83-19.8.el6_0.x86_64 : SELinux policy core python utilities Repo : rhel-x86_64-server-6 Matched from: Filename : /usr/sbin/semanage policycoreutils-python-2.0.83-19.1.el6.x86_64 : SELinux policy core python utilities Repo : rhel-x86_64-server-6 Matched from: Filename : /usr/sbin/semanage
Type the following command to install the same, enter:
# yum -y install policycoreutils-python
Sample outputs:
============================================================================================================================================================================================================================================= Installing: policycoreutils-python x86_64 2.0.83-19.8.el6_0 rhel-x86_64-server-6 334 k Installing for dependencies: audit-libs-python x86_64 2.0.4-1.el6 rhel-x86_64-server-6 56 k libselinux-python x86_64 2.0.94-2.el6 rhel-x86_64-server-6 201 k libsemanage-python x86_64 2.0.43-4.el6 rhel-x86_64-server-6 81 k setools-libs x86_64 3.3.7-4.el6 rhel-x86_64-server-6 400 k setools-libs-python x86_64 3.3.7-4.el6 rhel-x86_64-server-6 222 k Transaction Summary ============================================================================================================================================================================================================================================= Install 6 Package(s) Upgrade 0 Package(s) Total download size: 1.3 M Installed size: 0 Is this ok [y/N]: y Downloading Packages: (1/6): audit-libs-python-2.0.4-1.el6.x86_64.rpm | 56 kB 00:00 (2/6): libselinux-python-2.0.94-2.el6.x86_64.rpm | 201 kB 00:00 (3/6): libsemanage-python-2.0.43-4.el6.x86_64.rpm | 81 kB 00:00 (4/6): policycoreutils-python-2.0.83-19.8.el6_0.x86_64.rpm | 334 kB 00:00 (5/6): setools-libs-3.3.7-4.el6.x86_64.rpm | 400 kB 00:00 (6/6): setools-libs-python-3.3.7-4.el6.x86_64.rpm | 222 kB 00:00 --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Total 1.7 MB/s | 1.3 MB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : setools-libs-3.3.7-4.el6.x86_64 1/6 Installing : setools-libs-python-3.3.7-4.el6.x86_64 2/6 Installing : libsemanage-python-2.0.43-4.el6.x86_64 3/6 Installing : audit-libs-python-2.0.4-1.el6.x86_64 4/6 Installing : libselinux-python-2.0.94-2.el6.x86_64 5/6 Installing : policycoreutils-python-2.0.83-19.8.el6_0.x86_64 6/6 Installed: policycoreutils-python.x86_64 0:2.0.83-19.8.el6_0 Dependency Installed: audit-libs-python.x86_64 0:2.0.4-1.el6 libselinux-python.x86_64 0:2.0.94-2.el6 libsemanage-python.x86_64 0:2.0.43-4.el6 setools-libs.x86_64 0:3.3.7-4.el6 setools-libs-python.x86_64 0:3.3.7-4.el6 Complete!
Now you can use semanage command:
# semanage
Sample outputs:
/usr/sbin/semanage:
semanage [ -S store ] -i [ input_file | - ]
semanage [ -S store ] -o [ output_file | - ]
semanage {boolean|login|user|port|interface|module|node|fcontext} -{l|D|E} [-n]
semanage login -{a|d|m} [-sr] login_name | %groupname
semanage user -{a|d|m} [-LrRP] selinux_name
semanage port -{a|d|m} [-tr] [ -p proto ] port | port_range
semanage interface -{a|d|m} [-tr] interface_spec
semanage module -{a|d|m} [--enable|--disable] module
semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] addr
semanage fcontext -{a|d|m} [-efrst] file_spec
semanage boolean -{d|m} [--on|--off|-1|-0] -F boolean | boolean_file
semanage permissive -{d|a|l} type
semanage dontaudit [ on | off ]
Primary Options:
-a, --add Add a OBJECT record NAME
-d, --delete Delete a OBJECT record NAME
-m, --modify Modify a OBJECT record NAME
-i, --input Input multiple semange commands in a transaction
-o, --output Output current customizations as semange commands
-l, --list List the OBJECTS
-E, --extract extract customizable commands
-C, --locallist List OBJECTS local customizations
-D, --deleteall Remove all OBJECTS local customizations
-h, --help Display this message
-n, --noheading Do not print heading when listing OBJECTS
-S, --store Select and alternate SELinux store to manage
Object-specific Options (see above):
-f, --ftype File Type of OBJECT
"" (all files)
-- (regular file)
-d (directory)
-c (character device)
-b (block device)
-s (socket)
-l (symbolic link)
-p (named pipe)
-F, --file Treat target as an input file for command, change multiple settings
-p, --proto Port protocol (tcp or udp) or internet protocol version of node (ipv4 or ipv6)
-M, --mask Netmask
-e, --equal Substitue source path for dest path when labeling
-P, --prefix Prefix for home directory labeling
-L, --level Default SELinux Level (MLS/MCS Systems only)
-R, --roles SELinux Roles (ex: "sysadm_r staff_r")
-s, --seuser SELinux User Name
-t, --type SELinux Type for the object
-r, --range MLS/MCS Security Range (MLS/MCS Systems only)
--enable Enable a module
--disable Disable a module
Requires 2 or more arguments
See also:
You can also view the manual page on semanage using the following command:
$ man semanage
You should follow me on twitter here or grab rss feed to keep track of new changes.
Featured Articles:
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
![RHEL / CentOS Yum Command: Blacklist Packages [ Disable Certain Packages ]](http://s13.cyberciti.org/images/shared/rp/3/3.jpg)
{ 12 comments… read them below or add one }
Thanks a lot !
Thanks! This helped!
Thanks buddy….Great help…..
GOD BLESS YOU..
Helpful! Very thanks! Should be included in CentOs wiki…
It helps! I am so new to CentOS. Thanks a lot. It saves my a lot of time.
Ha! Ha! Thanks Vivek, as always! ^_^ more power.
Thanks a lot ! It’s helpful !
Thanks a lot !! It’s helpful !
Thanks a lot! Very handy!
Thanks a lot!!!; very helpful and a saver time.
Cheers for this, it helped.
I found that doing a “
” would fetch selinux-policy-targeted and somewhat fix my broken install (said “Could not open kernel policy /etc/selinux/targeted/modules/active/policy.kern for reading” whenever I ran semanage)
After that,
and log tcp forwarding would work like a charm (well, setenforce 0 would also “solve” the issue).
Thanks for the great advice, it came in handy as always!