SELINUX CHEATSHEET

This cheatsheet has been written, go figure, with RHEL and Fedora in mind. Not that other distributions won't apply exactly, I just haven't tested it on anything else as of yet. Aside from the packages required, everything else should be identical.

SETUP

REQUIRED PACKAGES

Run yum info PACKAGENAME for more details, as not all packages may be useful to you

    sudo yum install setroubleshoot \
            setroubleshoot-plugins \
            setroubleshoot-server \
            policycoreutils \
            setools setools-gui\
            setools-console \
            mcstrans

USING SELINUX

CHECKING & SETTING SELINUX STATUS

• Get SELinux status

  sudo sestatus
  

• Get enforcing status

  sudo getenforce
  

• Set SELinux to enforcing

  sudo setenforce 1
  

• Set SELinux to permissive

  sudo setenforce 0
  

LABELLING

• Check file's label to the original default label

  sudo matchpathcon -V /path/to/file(s)
  

• Reset context / Reset context Recursively

  sudo restorecon -v /path/to/file(s)
  sudo restorecon -R -v /path/to/file(s)
  

AUDIT TOOLS

• Launch SETroubleshoot Browser

  sudo sealert -b
  

• View AVC denials from log via sealert

  sudo sealert -a /var/log/audit/audit.log
  

• View AVC denails from log via ausearch

  sudo ausearch -m AVC,USER_AVC,SELINUX_ERR,USER_SELINUX_ERR -i
  

FURTHER READING & REFERENCES

• Red Hat Access
• CentOS SElinux Wiki
• Fedora Magazine article (27 SEP 2017)
• Fedora 25 SELinux User's & Administrator's Guide