/ rhcsa-new

RHCSA : Manage security – List and identify SELinux file and process context.

rhcsa-new redhat-new SELinux SELinux File Context SELinux Process Context
https://4am.kr/rhcsa-manage-security-list-and-identify-selinux-file-and-process-context/

RHCSA : 보안 관리 – SELinux 파일 및 프로세스 컨텍스트 목록화 및 파악

RHCSA 주제입니다. 아래 참조된 사이트를 번역 및 내용 추가하였습니다.

실습

1. SELinux 파일 컨텍스트를 확인하려면 다음과 같이 입력한다.
[root@server2 ~]# ls -Z
drwxr-xr-x. root root unconfined_u:object_r:admin_home_t:s0 Desktop
drwxr-xr-x. root root unconfined_u:object_r:admin_home_t:s0 Documents
drwxr-xr-x. root root unconfined_u:object_r:admin_home_t:s0 Downloads
drwxr-xr-x. root root unconfined_u:object_r:admin_home_t:s0 Music
drwxr-xr-x. root root unconfined_u:object_r:admin_home_t:s0 Pictures
drwxr-xr-x. root root unconfined_u:object_r:admin_home_t:s0 Public
drwxr-xr-x. root root unconfined_u:object_r:admin_home_t:s0 Templates
drwxr-xr-x. root root unconfined_u:object_r:admin_home_t:s0 Videos
-rw-------. root root system_u:object_r:admin_home_t:s0 anaconda-ks.cfg
-rw-r--r--. root root system_u:object_r:admin_home_t:s0 initial-setup-ks.cfg
-rw-r--r--. root root unconfined_u:object_r:admin_home_t:s0 task
[root@server2 ~]# 
1. SELinux 프로세스 컨텍스트를 확인하려면 다음과 같이 입력한다.
[root@server2 ~]# ps -eZ
LABEL                              PID TTY          TIME CMD
system_u:system_r:init_t:s0          1 ?        00:00:01 systemd
system_u:system_r:kernel_t:s0        2 ?        00:00:00 kthreadd
system_u:system_r:kernel_t:s0        3 ?        00:00:00 ksoftirqd/0
system_u:system_r:kernel_t:s0        5 ?        00:00:00 kworker/0:0H
system_u:system_r:kernel_t:s0        7 ?        00:00:00 migration/0
system_u:system_r:kernel_t:s0        8 ?        00:00:00 rcu_bh
system_u:system_r:kernel_t:s0        9 ?        00:00:00 rcuob/0
system_u:system_r:kernel_t:s0       10 ?        00:00:00 rcuob/1
system_u:system_r:kernel_t:s0       11 ?        00:00:00 rcuob/2
system_u:system_r:kernel_t:s0       12 ?        00:00:00 rcuob/3
system_u:system_r:kernel_t:s0       13 ?        00:00:00 rcuob/4
system_u:system_r:kernel_t:s0       14 ?        00:00:00 rcuob/5
system_u:system_r:kernel_t:s0       15 ?        00:00:00 rcuob/6
system_u:system_r:kernel_t:s0       16 ?        00:00:00 rcuob/7
system_u:system_r:kernel_t:s0       17 ?        00:00:00 rcuob/8
system_u:system_r:kernel_t:s0       18 ?        00:00:00 rcuob/9
...
[root@server2 ~]#