Yadda ake Kunna ko Kashe ƙimar Boolean SELinux

Linux Ingantaccen Tsaro (SELinux) shine tsarin tsaro don kulawar samun dama ta tilas (MAC) wanda aka aiwatar a cikin kernel na Linux. Aiki ne mai sassauƙa da aka ƙera don haɓaka tsaro na tsarin gabaɗaya: yana ba da damar sarrafa ikon da aka sanya ta amfani da manufar da aka ɗora akan tsarin wanda masu amfani da al'ada ko shirye-shiryen rashin ɗabi'a bazai canza su ba.

Labarin da ke gaba ya bayyana a sarari game da SELinux da yadda ake aiwatar da shi a cikin tsarin Linux ɗin ku.

  1. Aiwatar da Ikon Samun Dama tare da SELinux ko AppArmor a cikin Linux

A cikin wannan labarin, za mu nuna muku yadda ake kunna ko kashe ƙimar Boolean SELinux a cikin rarrabawar CentOS, RHEL da Fedora Linux.

Don duba duk SELinux booleans, yi amfani da umarnin getsebool tare da ƙarancin umarni.

Lura: SELinux dole ne ya kasance a cikin yanayin kunnawa don lissafin duk booleans.

# getsebool -a | less

Don duba duk ƙimar boolean don takamaiman shirin (ko daemon), yi amfani da grep utility, umarni mai zuwa yana nuna muku duka httpd booleans.

# getsebool -a | grep httpd

Don kunna (1) ko kashe (0) SELinux booleans, zaku iya amfani da shirin setsebool kamar yadda aka bayyana a ƙasa.

Kunna ko Kashe ƙimar Boolean SELinux

Idan kana da sabar yanar gizo a kan tsarin ku, za ku iya ba da izinin rubutun HTTPD don rubuta fayiloli a cikin kundin adireshi mai suna public_content_rw_t ta hanyar kunna allow_httpd_sys_script_anon_write boolean.

# getsebool allow_httpd_sys_script_anon_write 
# setsebool allow_httpd_sys_script_anon_write on
OR
# setsebool allow_httpd_sys_script_anon_write 1

Hakanan, don kashe ko kashe sama da ƙimar Boolean SELinux, gudanar da umarni mai zuwa.

# setsebool allow_httpd_sys_script_anon_write off
# setsebool allow_mount_anyfile off
OR
# setsebool allow_httpd_sys_script_anon_write  0
# setsebool allow_mount_anyfile  0

Kuna iya samun ma'anar duk SELinux booleans a https://wiki.centos.org/TipsAndTricks/SelinuxBooleans

Kar a manta karanta waɗannan labarai masu alaƙa da tsaro.

  1. Yadda ake kashe SELinux na ɗan lokaci ko na dindindin a cikin RHEL/CentOS
  2. Muhimman Abubuwan Kula da Samun Dama tare da SELinux
  3. Jagorar Mega don Hardening da Securing CentOS 7

A cikin wannan labarin, mun bayyana yadda ake kunna ko kashe ƙimar Boolean SELinux a cikin rarrabawar CentOS, RHEL da Fedora. Idan kuna da wasu tambayoyi, yi tambaya ta hanyar sharhi daga ƙasa.