# SELinux Cheat Sheet -------------------------------------- Utilizing SELinux *(**Security-E

SELinux Cheat Sheet

--------------------------------------

Utilizing SELinux (Security-Enhanced Linux) effectively can significantly enhance the security posture of your operating system.

SELinux operates by enforcing mandatory access control (MAC) policies that restric users and processes to only the resources they're explicitly allowed to access.
#
-------------------------------------
Here's a cheat sheet with basic commands, code snippets, and comments to help you manage SELinux on your system.
#
-------------------------------------

Checking SELinux Status

Check if SELinux is enabled:
sestatus
```
sestatus
```
sestatus
```
sestatus
```
This command shows the current SELinux status and the enforced mode.

### 2. Managing SELinux Modes

Set SELinux to enforcing mode (actively enforcing policies):

sudo setenforce 1

sudo setenforce 1

sudo setenforce 1

sudo setenforce 1

Set SELinux to permissive mode (logs actions that would have been blocked):
sudo setenforce 0
```
sudo setenforce 0
```
sudo setenforce 0
```
sudo setenforce 0
```
Disable SELinux (not recommended for secure environments):
- You need to edit
```
/etc/selinux/config
```
  /etc/selinux/config
```
/etc/selinux/config
```
  /etc/selinux/config
  and set
```
SELINUX=disabled
```
  SELINUX=disabled
```
SELINUX=disabled
```
  SELINUX=disabled
  , then reboot.

### 3. Managing Policies

List all SELinux boolean settings:

getsebool -a

getsebool -a

getsebool -a

getsebool -a

**Change a SELinux boolean setting (temporarily):**```bashsudo setsebool httpd_can_network_connect 1```Replace `httpd_can_network_connect` with the boolean you wish to change.
**Change a SELinux boolean setting (persistently across reboots):**```bashsudo setsebool -P httpd_can_network_connect 1```

VValerie # SELinux Cheat Sheet -------------------------------------- Utilizing **SELi...

ValerieOP•5/9/24, 7:37 AM

Managing File Contexts

View the SELinux context of a file:
```
ls -Z /path/to/file
```
```
ls -Z /path/to/file
```
**Change the SELinux context of a file:**```bashsudo chcon -t httpd_sys_content_t /path/to/file```This is temporary and will revert if the file system is relabeled or if the file is modified.
**Permanently change the context of a file using semanage:**```bashsudo semanage fcontext -a -t httpd_sys_content_t "/path/to/file"sudo restorecon -v /path/to/file```This makes the change persistent across file modifications and system relabels.

### 5. Troubleshooting and Logs

**Search for SELinux-related logs:**```bashausearch -m avc -ts recent```This command searches for AVC (Access Vector Cache) denials that have occurred recently.
**Generate and apply a module to allow previously denied actions:**```bashausearch -m avc -ts recent | audit2allow -M mymodulesudo semodule -i mymodule.pp```This creates and installs a custom module named `mymodule` to allow actions that were previously denied, based on recent AVC denials.

### Notes

Changing SELinux policies and contexts should be done with caution, as incorrect settings can result in services not functioning correctly.
Always back up SELinux policies and important configurations before making significant changes.
Use restoreconrestorecon to revert files to their default context if you encounter issues after changing contexts.
The audit2allowaudit2allow tool is powerful but use it judiciously. Automatically allowing all denied actions can weaken your security stance.
#
-----------------------------------------
This cheat sheet provides a starting point for managing SELinux on your system. SELinux is a complex tool, and its effective use requires a good understanding of your system's security needs and how SELinux policies work.

Marko aka KDE Wayland 69 Enjoyer•5/9/24, 7:37 AM

Now this has taken up so much of the screen

MRGFY•5/9/24, 7:37 AM

see, bleeeeh

MRGFY•5/9/24, 7:38 AM

mhm

ValerieOP•5/9/24, 7:38 AM

It's close enough

MMarko aka KDE Wayland 69 Enjoyer Now this has taken up so much of the screen

ValerieOP•5/9/24, 7:38 AM

Rendered Markdown is bigger, yes.

MRGFY•5/9/24, 7:38 AM

that's why i posted it as a drop down file

Marko aka KDE Wayland 69 Enjoyer•5/9/24, 7:38 AM

yes prefer the file tbh lol

ValerieOP•5/9/24, 7:38 AM

Which you then need to open in another app lol

MRGFY•5/9/24, 7:38 AM

you don't "need" too

MRGFY•5/9/24, 7:38 AM

that's a choice

Marko aka KDE Wayland 69 Enjoyer•5/9/24, 7:39 AM

I did not need to as far as I can see

Marko aka KDE Wayland 69 Enjoyer•5/9/24, 7:39 AM

could just expand it

MRGFY•5/9/24, 7:39 AM

mhm, the markdown is perfectly readable as is

MRGFY•5/9/24, 7:40 AM

it just looks better when rendered

ValerieOP•5/9/24, 7:40 AM

Why format it as MD at all then lmfao

Marko aka KDE Wayland 69 Enjoyer•5/9/24, 7:40 AM

I think we going to have to agree to disagree about the file not being much nicer than the Discord default

MRGFY•5/9/24, 7:40 AM

open it in vscode

MRGFY•5/9/24, 7:40 AM

ctrl+shift+v

MRGFY•5/9/24, 7:40 AM

render md

MMRGFY it just looks better when rendered

ValerieOP•5/9/24, 7:40 AM

...Which is what discord is doing, granted it doesn't have everything (Like the ability to just make a line, as far as I can tell) but it's still rendering it more than fine.

MRGFY•5/9/24, 7:41 AM

discord try's

MRGFY•5/9/24, 7:41 AM

discord md is a bit off

Marko aka KDE Wayland 69 Enjoyer•5/9/24, 7:41 AM

tbh it took up so much space in the chat and u had to post 2 messages

Marko aka KDE Wayland 69 Enjoyer•5/9/24, 7:41 AM

at this point it is preference

Marko aka KDE Wayland 69 Enjoyer•5/9/24, 7:41 AM

but to me that looked awful in middle of a place people chat

MRGFY•5/9/24, 7:41 AM

ValerieOP•5/9/24, 7:41 AM

Ok watch this

MRGFY•5/9/24, 7:42 AM

ValerieOP•5/9/24, 7:42 AM

https://canary.discord.com/channels/1072614816579063828/1087140957096517672/1238032133402923038

ValerieOP•5/9/24, 7:42 AM

You don't need to reference the full thing to show people it

Marko aka KDE Wayland 69 Enjoyer•5/9/24, 7:42 AM

I am aware

Marko aka KDE Wayland 69 Enjoyer•5/9/24, 7:42 AM

still it fked the chat

MRGFY•5/9/24, 7:42 AM

also depends if you use custom css, or betterdiscord for example

Marko aka KDE Wayland 69 Enjoyer•5/9/24, 7:42 AM

watch this 🎮bazzite

MRGFY•5/9/24, 7:42 AM

that can affect how stuff is viewed

MMRGFY also depends if you use custom css, or betterdiscord for example

ValerieOP•5/9/24, 7:43 AM

If you use a client mod, then messed up rendering is entirely on the user and they should expect that lol

MRGFY•5/9/24, 7:43 AM

i didn't, i made that on my phone

Marko aka KDE Wayland 69 Enjoyer•5/9/24, 7:43 AM

I thought I was going to see something genuinely clever making it easier to view on a discord render lol

MRGFY•5/9/24, 7:43 AM

in termux

MRGFY•5/9/24, 7:43 AM

with nano

MRGFY•5/9/24, 7:43 AM

lol

MRGFY•5/9/24, 7:44 AM

i was really board ¯\_(ツ)_/¯

MMarko aka KDE Wayland 69 Enjoyer I thought I was going to see something genuinely clever making it easier to view...

ValerieOP•5/9/24, 7:44 AM

The only thing you've had issue with was the size, on a one off message, which you can't even see past the messages sent after it (Unless you have a HUGE monitor, I guess)

MRGFY•5/9/24, 7:45 AM

besides looks, how do you like its contents?

MRGFY•5/9/24, 7:45 AM

selinux_cheatsheet.md3.37KB

MRGFY•5/9/24, 7:45 AM

pretty nice huh

VValerie The only thing you've had issue with was the size, on a one off message, which y...

Marko aka KDE Wayland 69 Enjoyer•5/9/24, 7:45 AM

I do not understand the issue with the file. It is pure perfection

MMRGFY Click to see attachment

ValerieOP•5/9/24, 7:45 AM

Looks fine, the contents are good