SELinux Policy (Demo)

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
21 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
21
Video Transcription
00:00
>> Hey, Cybrarians.
00:00
>> Welcome back to
00:00
>> the Linux plus course here at Cybrary.
00:00
I'm your instructor Rob Goelz.
00:00
In today's lesson, we're going to
00:00
be covering SELinux policy.
00:00
Upon completion of today's lesson,
00:00
you are going to be able to understand
00:00
the concept of SELinux policies.
00:00
We're going to use the command SC status to
00:00
view extended SELinux properties
00:00
and we're going to locate
00:00
the SELinux root and
00:00
targeted directories during our demo.
00:00
SELinux sets three policy types.
00:00
These are sometimes labeled as SELinux type
00:00
in the configuration files
00:00
that we'll look at here in a little bit.
00:00
The targeted is the default policy type.
00:00
It allows administrators to find
00:00
what are called fine-grained contexts.
00:00
It allows for something called type security,
00:00
which restricts access based
00:00
on specific types of contexts.
00:00
For example, if you have an Apache file,
00:00
it might have HTTPD_config_t,
00:00
and that's this configuration context.
00:00
It's specific to HTTPD.
00:00
This is the only policy that's on the Linux plus exam.
00:00
Make sure that you understand
00:00
this one and understand it well.
00:00
But for the purposes of just
00:00
going through a few more of these,
00:00
there are two other policy types.
00:00
There is minimum, which supports
00:00
a minimal or selected set of process objects.
00:00
We're just going to look at
00:00
certain objects that we're going to secure.
00:00
This is not in the exam again,
00:00
it's just included here as a reference.
00:00
Then there's another thing called
00:00
MLS or multilayer security.
00:00
This is used by the DOD,
00:00
the US Department of Defense.
00:00
It uses the Bell-LaPadula model.
00:00
It defines levels that are applied to objects
00:00
with c0 being minimal,
00:00
and c3 being top-secret.
00:00
This is top-secret classified stuff.
00:00
This is not a miss exam,
00:00
but it will be on the CompTIA Security Plus.
00:00
If you go into that direction,
00:00
make sure you remember MLS.
00:00
To view the SELinux policies that's configured,
00:00
we can run the SE status command.
00:00
The SE status also displays
00:00
the mode and location of
00:00
some important files like the SELinux root.
00:00
Let's take a closer look at this command and
00:00
the SELinux root directory with
00:00
some demo time [NOISE].
00:00
Here we are back in
00:00
our CentOS environment and
00:00
we're looking at CentOS because
00:00
SELinux is installed here by default
00:00
since CentOS 7 and RHEL 7.
00:00
In order to see those extended properties,
00:00
we can run SE status.
00:00
What we're actually going to see here is
00:00
that we're running and enforcing mode,
00:00
current mode is enforcing and
00:00
the loaded policy name here is targeted.
00:00
But we can also see
00:00
our SELinux root directory, which is SELinux.
00:00
Let's go ahead and go there. We're going to go
00:00
cd at c SELinux.
00:00
Then if we do an ls_l, what do we see?
00:00
We see a config file in here.
00:00
Those are always good to look at.
00:00
Let's do ls on config and here we go.
00:00
We see SELinux equals enforcing.
00:00
This is where the mode is set and then we see
00:00
SELinux type equals targeted like I said earlier.
00:00
When we look at the policy type,
00:00
we're going to also sometimes see it abbreviated or
00:00
annotated as being SELinux type
00:00
and in this case, it's targeted.
00:00
This file is where
00:00
those settings are set to be persistent.
00:00
There's one more directory we might want to look at
00:00
here just so that we understand where this is stored.
00:00
We can go to SELinux
00:00
and then look at the targeted sub-directory here.
00:00
If we do an ls_l in here,
00:00
in here we can see the context and policy directories.
00:00
This is where SELinux stores and
00:00
records these things for its use.
00:00
With that, we've reached the end of this lesson.
00:00
In this lesson, we covered
00:00
the concept of SELinux policies.
00:00
We talked about using the SE status command
00:00
to view those extended SELinux properties.
00:00
Then we found where we can locate and
00:00
examine the SELinux root directory.
00:00
Thanks so much for being here.
00:00
I look forward to seeing you in the next lesson.
Up Next