FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 10-14-2008, 05:41 AM
Balaji
 
Default Regd: SeLinux Configuration

Dear All,

Currently i have using CentOS4.4 and Kernel Version is 2.6.9-42.EL.
I have disabled selinux on kickstart installation and command is
*selinux --disabled

* Can any one help me or guide me to
1. Enable the selinux
2. Selinux Customize my own policy

Regards
-S.Balaji

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-14-2008, 06:23 AM
Ian Blackwell
 
Default Regd: SeLinux Configuration

Balaji wrote:
> * Can any one help me or guide me to
> 1. Enable the selinux
setenforce 1

Use "getenforce" to determine the current status of selinux. Look in
/etc/selinux/config for details of policy being used - e.g. targeted.
> 2. Selinux Customize my own policy
man setsebool
man getsebool

These will help you modify options in the supplied policies. For
example, use "getsebool -a | grep http" to list all selinux options and
filter the list for those pertaining to http. You can of course create
your own policy and local customisations based on audit logs etc, but
I've not ventured down this path myself. Others on the list will be
able to assist if you need to go that way.

Hope that gets you started

Cheers,

Ian
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-14-2008, 06:42 AM
Balaji
 
Default Regd: SeLinux Configuration

Dear All,
I have executed the following command and i have changed the
"/etc/selinux/config" file

and reboot the PC also
setenforce 1
i have getting the following message only
setenforce: SELinux is disabled

Regards
-S.Balaji


Ian Blackwell wrote:


Balaji wrote:



* Can any one help me or guide me to
1. Enable the selinux



setenforce 1

Use "getenforce" to determine the current status of selinux. Look in
/etc/selinux/config for details of policy being used - e.g. targeted.



2. Selinux Customize my own policy



man setsebool
man getsebool

These will help you modify options in the supplied policies. For
example, use "getsebool -a | grep http" to list all selinux options and
filter the list for those pertaining to http. You can of course create
your own policy and local customisations based on audit logs etc, but
I've not ventured down this path myself. Others on the list will be
able to assist if you need to go that way.

Hope that gets you started

Cheers,

Ian
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos





_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-14-2008, 07:43 AM
Ian Blackwell
 
Default Regd: SeLinux Configuration

Balaji wrote:
> Dear All,
> I have executed the following command and i have changed the
> "/etc/selinux/config" file
> and reboot the PC also
> setenforce 1
> i have getting the following message only
> setenforce: SELinux is disabled
>
Please post your /etc/selinux/config file.

Thanks,

Ian

PS: Please bottom post and trim messages - these are the guidelines for
this list.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-14-2008, 09:34 AM
Balaji
 
Default Regd: SeLinux Configuration

Dear All,

Find attached the selinux configuration file "/etc/selinux/config"

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=enforcing
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted

Find attached the system log "/var/log/messages" file for your guidelines

Regards
-S.Balaji

Ian Blackwell wrote:


Balaji wrote:



Dear All,
I have executed the following command and i have changed the
"/etc/selinux/config" file
and reboot the PC also
setenforce 1
i have getting the following message only
setenforce: SELinux is disabled




Please post your /etc/selinux/config file.

Thanks,

Ian







# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=enforcing
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-14-2008, 12:52 PM
Barry Brimer
 
Default Regd: SeLinux Configuration

Dear All,

Find attached the selinux configuration file "/etc/selinux/config"

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=enforcing
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted


Please post /boot/grub/grub.conf as well. There may be an "selinux" or
"enforcing" parameter on the kernel line that is producing unexpected
results.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-15-2008, 06:58 AM
Balaji
 
Default Regd: SeLinux Configuration

Dear All,
Find attached the grub boot loader configuration file
"/boot/grub/grub.conf"


Regards
-S.Balaji

Barry Brimer wrote:
Please post /boot/grub/grub.conf as well. There may be an "selinux" or
"enforcing" parameter on the kernel line that is producing unexpected
results.



# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/vgroot/LogVol02
# initrd /initrd-version.img
#boot=/dev/hda
default=2
timeout=5
password --md5 $1$KzqM8$cLC0UIaUN8QwVAlwDMGWl0
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Red Hat Enterprise Linux ES (2.6.9-34.ELhugemem)
root (hd0,0)
kernel /vmlinuz-2.6.9-34.ELhugemem ro root=/dev/vgroot/LogVol02 rhgb quiet
initrd /initrd-2.6.9-34.ELhugemem.img
title Red Hat Enterprise Linux ES (2.6.9-34.ELsmp)
root (hd0,0)
kernel /vmlinuz-2.6.9-34.ELsmp ro root=/dev/vgroot/LogVol02 rhgb quiet
initrd /initrd-2.6.9-34.ELsmp.img
title Red Hat Enterprise Linux ES (2.6.9-34.EL)
root (hd0,0)
kernel /vmlinuz-2.6.9-34.EL ro root=/dev/vgroot/LogVol02 rhgb quiet
initrd /initrd-2.6.9-34.EL.img
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-15-2008, 08:07 AM
Balaji
 
Default Regd: SeLinux Configuration

Dear All,

I have wrongly attached RHEL grub configuration with previous mail and
now I am attached the CentOS grub boot loader configuration file
"/boot/grub/grub.conf"


Regards
-S.Balaji
Balaji wrote:


Dear All,
Find attached the grub boot loader configuration file
"/boot/grub/grub.conf"


Regards
-S.Balaji

Barry Brimer wrote:
Please post /boot/grub/grub.conf as well. There may be an "selinux"
or "enforcing" parameter on the kernel line that is producing
unexpected results.




# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You do not have a /boot partition. This means that
# all kernel and initrd paths are relative to /, eg.
# root (hd0,0)
# kernel /boot/vmlinuz-version ro root=/dev/hda1
# initrd /boot/initrd-version.img
#boot=/dev/hda
default=0
timeout=5
splashimage=(hd0,0)/boot/grub/splash.xpm.gz
hiddenmenu
title CentOS-4 i386 (2.6.9-42.EL)
root (hd0,0)
kernel /boot/vmlinuz-2.6.9-42.EL ro root=LABEL=/ rhgb quiet
initrd /boot/initrd-2.6.9-42.EL.img
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-15-2008, 12:24 PM
Barry Brimer
 
Default Regd: SeLinux Configuration

On Wed, 15 Oct 2008, Balaji wrote:


Dear All,
Find attached the grub boot loader configuration file "/boot/grub/grub.conf"

Regards
-S.Balaji

Barry Brimer wrote:
Please post /boot/grub/grub.conf as well. There may be an "selinux" or
"enforcing" parameter on the kernel line that is producing unexpected
results.


I don't see anything in your grub.conf that alters how SELinux is handled.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 10-16-2008, 07:34 AM
Ian Blackwell
 
Default Regd: SeLinux Configuration

Balaji wrote:
> Dear All,
> I have executed the following command and i have changed the
> "/etc/selinux/config" file
> and reboot the PC also
> setenforce 1
> i have getting the following message only
> setenforce: SELinux is disabled
>
>
Try using the GUI tools to enable and configure SELinux. Let us know if
anything changes or not.

Ian
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 07:47 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org