Otu esi eme ma ọ bụ gbanyụọ SELinux Boolean Values

Linux-Ekwadoro Nchekwa (SELinux) bụ usoro nchekwa maka njikwa nnweta amanyere amanye (MAC) etinyere na kernel Linux. Ọ bụ ọrụ na-agbanwe agbanwe emebere iji kwalite nchekwa sistemụ n'ozuzu: ọ na-enyere njikwa ohere etinyere site na iji amụma kwajuru na sistemu nke ndị ọrụ nkịtị na-agaghị agbanwe ma ọ bụ mmemme emejọ.

Isiokwu na-esonụ na-akọwa nke ọma gbasara SELinux na otu esi eme ya na sistemụ Linux gị.

  1. Iji SELinux ma ọ bụ AppArmor na-eme njikwa nnweta amanyere na Linux

N'isiokwu a, anyị ga-egosi gị otu esi agbanyụ ma ọ bụ gbanyụọ SELinux ụkpụrụ boolean na nkesa CentOS, RHEL na Fedora Linux.

Ka ilele SELinux booleans niile, jiri iwu getsebool yana obere iwu.

Mara: SELinux ga-enwerịrị ike ịdepụta booleans niile.

# getsebool -a | less

Ka ilele ụkpụrụ boolean niile maka otu mmemme (ma ọ bụ daemon), jiri grep utility, iwu a na-egosi gị httpd booleans niile.

# getsebool -a | grep httpd

Ka ịgbanwuo (1) ma ọ bụ gbanyụọ (0) SELinux booleans, ị nwere ike iji mmemme setsebool dị ka akọwara n'okpuru.

Kwado ma ọ bụ gbanyụọ SELinux Boolean Values

Ọ bụrụ na ị nwere sava weebụ arụnyere na sistemụ gị, ị nwere ike ịhapụ script HTTPD ka o dee faịlụ n'ime akwụkwọ ndekọ aha akpọrọ public_content_rw_t site n'ịkwalite allow_httpd_sys_script_anon_write boolean.

# getsebool allow_httpd_sys_script_anon_write 
# setsebool allow_httpd_sys_script_anon_write on
OR
# setsebool allow_httpd_sys_script_anon_write 1

N'otu aka ahụ, iji gbanyụọ ma ọ bụ gbanyụọ n'elu uru SELinux boolean, mee iwu na-esonụ.

# setsebool allow_httpd_sys_script_anon_write off
# setsebool allow_mount_anyfile off
OR
# setsebool allow_httpd_sys_script_anon_write  0
# setsebool allow_mount_anyfile  0

Ị nwere ike ịchọta ihe niile SELinux booleans na https://wiki.centos.org/TipsAndTricks/SelinuxBooleans

Echefula ịgụ akụkọ ndị a metụtara nchekwa.

  1. Etu esi agbanyụọ SELinux nwa oge ma ọ bụ na-adịgide adịgide na RHEL/CentOS
  2. Ihe dị mkpa iji nweta njikwa dị mkpa na SELinux
  3. Nduzi Mega maka Hardening na Nchekwa CentOS 7

N'isiokwu a, anyị akọwala otu esi eme ma ọ bụ gbanyụọ SELinux ụkpụrụ boolean na nkesa CentOS, RHEL na Fedora. Ọ bụrụ na ị nwere ajụjụ ọ bụla, jụọ site na nkwupụta si n'okpuru.