secure-programming
Need to be Root
To check what SELinux packages are installed
#rpm -qa | grep selinux libselinux-utils-2.0.94-5.8.el6.i686 libselinux-2.0.94-5.8.el6.i686 selinux-policy-targeted-3.7.19-260.el6.noarch libselinux-python-2.0.94-5.8.el6.i686 selinux-policy-3.7.19-260.el6.noarch
Checking SELinux Modes and Status #getenforce Enforcing
#sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 24 Policy from config file: targeted
cat /etc/sysconfig/selinux
This file controls the state of SELinux on the system.
SELINUX= can take one of these three values:
enforcing - SELinux security policy is enforced.
permissive - SELinux prints warnings instead of enforcing.
disabled - SELinux is fully disabled.
SELINUX=enforcing
SELINUXTYPE= type of policy in use. Possible values are:
targeted - Only targeted network daemons are protected.
strict - Full SELinux protection.
SELINUXTYPE=targeted
The SELINUXTYPE directive determines the policy that will be used. The default value is targeted. With a targeted policy, SELinux allows you to customize and fine tune access control permissions.
check Policys in memory semodule -l | less
Loading the Policy Package semodule -i Policy.pp
The SELinux kernel boot events are logged in the /var/log/dmesg log. The system log /var/log/messages contains messages generated by SELinux before the audit daemon has been loaded. The audit log /var/log/audit/audit.log The AVC audit messages of interest are described in the AVC Audit Events section with others described in the General SELinux Audit Events section.