Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Mastering Linux Security and Hardening

You're reading from   Mastering Linux Security and Hardening Secure your Linux server and protect it from intruders, malware attacks, and other external threats

Arrow left icon
Product type Paperback
Published in Jan 2018
Publisher
ISBN-13 9781788620307
Length 376 pages
Edition 1st Edition
Tools
Arrow right icon
Author (1):
Arrow left icon
Donald A. Tevault Donald A. Tevault
Author Profile Icon Donald A. Tevault
Donald A. Tevault
Arrow right icon
View More author details
Toc

Table of Contents (12) Chapters Close

Preface 1. Running Linux in a Virtual Environment FREE CHAPTER 2. Securing User Accounts 3. Securing Your Server with a Firewall 4. Encrypting and SSH Hardening 5. Mastering Discretionary Access Control 6. Access Control Lists and Shared Directory Management 7. Implementing Mandatory Access Control with SELinux and AppArmor 8. Scanning, Auditing, and Hardening 9. Vulnerability Scanning and Intrusion Detection 10. Security Tips and Tricks for the Busy Bee 11. Other Books You May Enjoy

Working with SELinux policies


So far, all we've looked at is what happens when we have an incorrect SELinux type set on a file and what to do to set the correct type. Another problem we may have would come about if we need to allow an action that is prohibited by the active SELinux policy.

Viewing the Booleans

Booleans are part of what makes up an SELinux policy, and each Boolean represents a binary choice. In SELinux policies, a Boolean either allows something or it prohibits something. To see all of the Booleans on your system, run the getsebool -a command. (It's a long list, so I'll only show partial output here.):

[donnie@localhost ~]$ getsebool -a
abrt_anon_write --> off
abrt_handle_event --> off
abrt_upload_watch_anon_write --> on
antivirus_can_scan_system --> off
antivirus_use_jit --> off
auditadm_exec_content --> on
. . .
. . .
xserver_object_manager --> off
zabbix_can_network --> off
zarafa_setrlimit --> off
zebra_write_config --> off
zoneminder_anon_write...
lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at €18.99/month. Cancel anytime