SELinux Overview and Functionality

Questions and Answers

What is the default SELinux policy that protects specific services?

• Custom Policy
• Strict Policy
• Targeted Policy (correct)
• MLS Policy

Which command would you use to check the current SELinux mode?

• ls -Z
• semanage
• setenforce
• getenforce (correct)

Which command can you use to modify SELinux file contexts?

• semanage (correct)
• ausearch
• restorecon
• getenforce

If a web server cannot access a custom directory, what is the first step to troubleshoot the issue?

Check the logs (D)

Which of the following statements about SELinux is accurate?

SELinux functions like guards in a castle. (B)

What should you do after adjusting a SELinux policy to allow access to a directory?

Retry and confirm access (D)

What output can you expect when you run the command getenforce?

Permissive (A)

In a high-security environment, which SELinux policy would be most appropriate?

MLS Policy (C)

What is the primary function of SELinux in a Linux system?

Restrict processes based on explicit permissions (B)

Which mode of SELinux actively blocks actions that are not explicitly allowed?

Enforcing (C)

What does the security context in SELinux indicate?

The user, role, and type associated with a file or process (D)

How does the Permissive mode of SELinux operate?

It allows all actions and logs violations (A)

Which statement best describes the Disabled mode of SELinux?

Severely compromises system security (C)

What potential risk does SELinux help mitigate on a Linux server?

File access by applications without permission (B)

What role does SELinux play in the context of a compromised application?

It prevents unauthorized access to critical files (D)

SELinux policies primarily control which of the following aspects?

Access levels for processes and users (C)

Flashcards

SELinux

A system that enforces security policies on Linux systems.

SELinux Policies

The rules SELinux uses to enforce security.

Targeted Policy

This policy protects specific services, like web servers and databases.

MLS Policy

This policy is for highly secure environments, like government systems.

Enforcing Mode

The mode where SELinux strictly enforces all security policies.

Permissive Mode

The mode where SELinux allows actions that would normally be blocked.

getenforce

A command that checks the current security status of SELinux.

setenforce

A command that allows temporary changes to the security status.

What is SELinux?

A security system for Linux that controls what processes can access and do on your system. It acts as a strict bouncer, only allowing actions explicitly permitted.

Why do we need SELinux?

It helps prevent malicious applications from accessing sensitive information or escalating privileges, protecting your system from internal threats.

How does SELinux work?

SELinux uses policies to define access rules, specifying who (user/process), what (read, write, execute), and where (files/directories) actions are allowed.

Enforcing mode in SELinux

This is the default and most secure mode, where SELinux enforces the policies strictly, blocking unpermitted actions. It's like a strict bouncer who enforces the guest list.

Permissive mode in SELinux

This mode allows you to debug and identify issues by letting SELinux log violations without blocking them. Think of it as a bouncer documenting who should not be in the club.

Disabled mode in SELinux

This disables SELinux completely, leaving your system vulnerable to attacks. It's like firing the bouncer and hoping for the best, which is a recipe for disaster.

What are SELinux contexts?

Each file, process, and user in SELinux has a security context, which is like a name tag identifying what it is and what it's allowed to do.

How to view SELinux contexts?

You can view the security contexts assigned to files using the ls -Z command. The output shows the user, role, type, and other information related to the file's context.

Study Notes

SELinux Overview

• SELinux (Security-Enhanced Linux) is a Linux kernel security module
• It's a bouncer at the Linux system, controlling access. Only allowing actions that are explicitly permitted.

SELinux Purpose

• Acts as an internal security system for Linux servers, preventing unauthorized access to files & resources.
• Prevents unauthorized use of system resources by processes.
• Protects against malicious processes & escalated privileges.
• Prevents web servers from accessing sensitive system directories.

SELinux Functionality

• Uses policies to control what processes can do.
• Defines who (user/process) can access, what (read, write, execute), and where (files/directories).

SELinux Modes

• Enforcing: Active, blocks unauthorized actions.
• Permissive: Watches but doesn’t block, logs violations for later analysis.
• Disabled: Insecure, no protection.

SELinux Contexts

• Every file, process, and user has a security context (name tag).
• This context specifies a user, role, type, and security level. Example: httpd_sys_content_t type context for web server content.

SELinux Policies

• Targeted Policy: Protects specific services.
• MLS Policy (Multi-Level Security): High-security environments.

SELinux Commands

• getenforce: Checks current SELinux mode.
• setenforce 0: Sets SELinux to permissive mode.
• setenforce 1: Sets SELinux to enforcing mode.
• ls -Z /path/to/file: Lists file contexts.
• restorecon -v /path/to/file: Restores default file contexts.
• semanage: Used to manage SELinux policies (e.g., semanage fcontext, restorecon).
• ausearch -m avc -ts recent or journalctl | grep SELinux: Examining log for SELinux events.

SELinux Troubleshooting

• Logs: Examine audit logs (ausearch) or system logs (journalctl).
• Policies: Adjust or create policies using semanage to allow required access.
• Restoring Contexts: Using restorecon for default configurations.

Real-World Analogy

• SELinux functions like guards inside a castle (Linux system).
• The firewall is the castle itself, keeping bad guys out (external security).
• SELinux is the castle workforce, preventing wrong access.

Important Note

• Disabling SELinux weakens security, leading to potentially significant risks.

Description

This quiz covers the principles of SELinux, an essential security feature of Linux systems. Learn about its purpose, functionality, different modes, and how security contexts are implemented to control access to resources effectively. Test your knowledge on how SELinux enhances security for Linux servers.