SELINUX Commands Cheat Sheet
Here is a cli commands cheat sheet for SELINUX command, you can use this as a quick reminder for basic commands with a brief description for each of the commands.
What is SELINUX command?
Add some data here
---
tags: [ security ]
---
## selinux standard
# To get the status of selinux
getenforce
# or
sestatus
# or from the file
cat /etc/selinux/config
# To set the status to permissive
setenforce 0
# To get the context of files/processes/ports/users
ls -Z
ps -Z
ss -Z
id -Z
## Booleans
# To get all booleans
getsebool -a
# To set a boolean permanently
setsebool foo_bar 1 -P
# To get all changed booleans
sudo cat /var/lib/selinux/targeted/active/booleans.local
## selinux file context management
# To set a context the complicated way
sudo chcon -t foo_bar_t /foo/bar/baz.txt
# the lazy way, this sets all files to the right context in the directory
sudo restorecon -vR /foo/bar/
# To create a rule with semanage for /foo and for the httpd server
sudo semanage fcontext -a -t httpd_sys_content_t "/foo(/.*)?"
# or use
sudo semanage -a -e /var/www/html /foo
# and run restorecon
sudo restorecon -vR /foo
## selinux Troubleshoot
# First install setroubleshoot and setroubleshoot-server
sudo dnf install setroubleshoot
# Next, check the journalctl
sudo journalctl -t setroubleshoot
## selinux modules
# To create a module, you need to set selinux in permissive mode and test the application with all its features
sudo setenforce 0
# then check the journalctl log
sudo journalctl
# and search for sealert, then run sealert
sudo sealert -l
# and run the following commands from the output
grep foobar /var/log/audit/audit.log | audit2allow -M mypol
sudo semodule -i mypol.pp
## Graphical tools
sudo dnf install policycoreutils-gui
Check out the SELINUX command documentation .
You can also check our MegaSh cheatsheet tool, that has 150+ searchable linux cheat sheets in one page, so you never forget a command as you work again
Check Also
