How to modify permissions(booleans) of SELinux for deamons(programs)

SELinux offers more enhanced security for linux. It is always recommended not to disable SELinux for servers which are more delicate, instead you can control the permissions for the deamons, programms or users using SELinux.

SELinux maintains the status of permissions for all deamons with attributes called booleans.

Get SELinux booleans

The above command will give you lot of variables with status either on or off. If you want to fetch for particular process or context use grep 

To get all booleans regarding httpd(apache web server)

 

Set SELinux Booleans

To set selinux booleans we use the command setsebool

Here is how you can change

For suppose if you want to allow httpd to allow sending mail

If you want to enable ftp server on httpd,

To enable apache to connect with external database

Like wise you can change the required booleans status. To query the modified status ues getsebool with grep.

 

How to enable or disable SELinux and check status on centOS

The SELinux stands for Security-Enhanced Linux where it is a linux kernel security module. It is enabled by default on most of the linux distribution that we use for servers like centOS. It provides  enhanced security measurements. It gives you fine control over all programs and daemons  on their activities like communicating with out side programs  or controlling whether to establish a outside connections for a particular program.

It is always recommended to have SELinux enabled on a server to avoid common security glitches.

To query the current status of SELinux  use the following commands

The above command will report the current status  of SELinux. Whether SELinux is enforcing, permissive, or disabled. If it is already disabled.

Disabling SELinux

Open the file  /etc/selinux/config  and change the option SELINUX to disabled

if you open file you would see something like

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted – Targeted processes are protected,
# mls – Multi Level Security protection.
SELINUXTYPE=targeted

If SELinux is enabled you would see enforcing replace it with disabled.

You should restart the machine to take effect If you change SELINUX status from Enabled to Disabled or vice versa.

Enabling SELInux

To enable SELinux follow the below instructions,

  1. Open the file /etc/selinux/config  
  2. Change option SELINUX from disabled to enforcing
  3. Restart the machine

Change mode

To change the mode of SELinux which is running

Check Status

SELinux is the linux  kernel module for enhanced security. SELinux stands for Security-Enhanced Linux. If SELinux is installed on your machine or server you can check the current status  by using following commands

The above command will give you one of the following as an output

You use the below command which will give simple overview

If enabled you will output something like

 

You can also check the configuration which is located at /etc/selinux/config.

In above config file  the option SELINUX  describes the status of SELinux. But it’s not precise to determine the status from the configuration file, it’s better to determine the status by using commands mentioned above.

 

 

Note: You need administrator privileges to either enable or disable SELinux

How to check certificate information of web server using openssl

In this article we will see how to check certificate information of webserver using command line tool openssl

The below command will get you the valid period of the ssl certificate.

To check the certificate information of web server, use the following command. Here I’m using google.com in this example

Export certificate into a file

If you want to extract the public key from the certificate, here is how you can do

 

References:
[1] Certificates and Encodings