≡ Menu

Security-Enhanced Linux (SELinux)

Tutorials and howtos about SELinux that provides the mechanism for supporting access control security policies, mandatory access controls, through the use of Linux Security Modules (LSM) in the Linux kernel ( rss feed ).

How do I disable or enable SELinux policy modules under Red Hat Enterprise Linux running on Dell hardware?
[click to continue…]

I've created a file as follows:

ls -l -Z /etc/cron.d/vnstat
-rw-r--r--. root root system_u:object_r:system_cron_spool_t:s0 /etc/cron.d/vnstat

I've created a new file /etc/cron.d/vnstat.custom.interface:

ls -l -Z /etc/cron.d/vnstat.custom.interface
-rw-r--r--. root root unconfined_u:object_r:system_cron_spool_t:s0 /etc/cron.d/vnstat.custom.interface

The /etc/cron.d/vnstat is part of default vnstat package. I've installed my own version of the same. But, due to SELinux security cron job is not running. How do I change file SELinux security contex under RHEL / CentOS 6 Linux server to system_u:object_r:system_cron_spool_t:s0 from unconfined_u:object_r:system_cron_spool_t:s0 for /etc/cron.d/vnstat.custom.interface file?
[click to continue…]

I've edited /etc/ssh/sshd_config to change the port number:

Port 1255

However, I'm getting an error as follows:

sshd[26792]: error: Bind to port 1255 on 192.168.1.100 failed: Permission denied

How do I change default OpenSSH port number from 22 to 1255 under RedHat Enterprise Linux server version 6 and SELinux?
[click to continue…]

I've configured my Apache in chrooted jail at /jail/apache directory. However, my syslogd is not working and nothing gets logged using /dev/log and /jail/apache/dev/log. How do I fix this problem under CentOS 5.x AMD64 with SELinux?
[click to continue…]

I've setup Squid Proxy server as described here, but I'm getting errors which read as follows:

Jul 14 15:09:02 server1 squid[5315]: Squid Parent: child process 5317 started
Jul 14 15:09:02 server1 squid[5317]: Cannot open HTTP Port
Jul 14 15:09:02 server1 squid[5315]: Squid Parent: child process 5317 exited due to signal 6
Jul 14 15:09:02 server1 setroubleshoot: SELinux is preventing the squid (squid_t) from binding to port 5000. For complete SELinux messages. run sealert -l 1cf3c788-35f7-4752-8439-92a1d0719466

How do I fix this problem?
[click to continue…]

I see the following error in my SELinux enabled CentOS or RHEL server:

Jun 21 13:58:43 server3 restorecond: Will not restore a file with more than one hard link (/etc/resolv.conf) No such file or directory
Jun 21 16:14:51 server3 restorecond: Will not restore a file with more than one hard link (/etc/resolv.conf) No such file or directory
Jun 22 13:32:23 server3 restorecond: Will not restore a file with more than one hard link (/etc/resolv.conf) No such file or directory

How do I fix this problem?
[click to continue…]

My hosting company disabled SELinux protection. How do I turn on SELinux over remote ssh session without distributing existing networking services?
[click to continue…]