LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-12-2006, 10:11 PM   #1
dansawyer
Member
 
Registered: Mar 2005
Posts: 124

Rep: Reputation: 15
getsebool: SELinux is disabled ??


All,

The system is FC5. The kernel is a 'custom' build. The message is:

getsebool: SELinux is disabled

This is /etc/selinux/config:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=permissive
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted

Why (where) is selinux disabled? How can it be enabled?

Also only one policy appears in the security selinux screen. Where are the parameters kept?

Thanks - Dan
 
Old 09-12-2006, 10:22 PM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
What does the 'sestatus' return?

Also take a closer look at the comments in the /etc/selinux/config file, you are runnning in permissive mode and as such it simply provides informational warning messages. Change the setting in that file to "enforcing" to have it actually running. I'd recommend sticking with the 'targeted' policy rather than using 'strict' mode.
 
Old 09-13-2006, 12:40 AM   #3
dansawyer
Member
 
Registered: Mar 2005
Posts: 124

Original Poster
Rep: Reputation: 15
Thanks.

sestatus shows:

SELinux status: disabled

I have several systems. The others have the same policy except for the line:

SETLOCALDEFS=0

- Dan
 
Old 09-13-2006, 01:01 AM   #4
dansawyer
Member
 
Registered: Mar 2005
Posts: 124

Original Poster
Rep: Reputation: 15
The other difference is the number of entries in:

/etc/selinux/targeted/modules/active/booleans.local

One system has 1 entry while one has several dozen. How or what makes these entries?

- Dan
 
Old 09-14-2006, 04:31 PM   #5
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
To get SElinux enabled, try using 'setenforce 1' to enable selinux while the system is running. If you don't have any issues or AVC warnings, then modify the /etc/selinux/config file and set "SELINUX=enforcing" then reboot.

Quote:
SETLOCALDEFS=0
See http://danwalsh.livejournal.com/3144.html
I believe the "new management infrastructure" he is refering to is the new "semanage" tool that was added as of FC5. Take a look at the SELinux section of the FedoraWiki. There is alot of detail that you'll likely find informative:
http://fedoraproject.org/wiki/SELinux/FC5Features
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SELinux Vagrant Arch 3 02-24-2006 10:06 PM
what is selinux? mesh2005 Linux - General 2 01-04-2006 12:33 PM
selinux.h ? DJ Shaji Red Hat 1 03-26-2005 01:57 PM
Selinux fedorafreak Fedora 2 08-15-2004 10:41 AM
Selinux tessx Linux - General 3 05-22-2004 01:46 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:05 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration