Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: anyone running SELinux on amazon EC2?
Special Forums UNIX and Linux Applications Virtualization and Cloud Computing anyone running SELinux on amazon EC2? Post 302346217 by fpmurphy on Friday 21st of August 2009 09:06:43 AM
Old 08-21-2009
Back to basics then ....

Have a look at /var/log/dmesg. Do you see the following lines
Code:
Security Framework initialized
SELinux: Initializing

Have a look at /etc/sysconfig/selinux/config. Is SELINUX set to enforcing or permissive and SELINUXTYPE set to targeted?

In /var/log/boot.log, do you see a line which shows that auditd started OK?
 

4 More Discussions You Might Find Interesting

1. Virtualization and Cloud Computing

Running MySQL on Amazon EC2 with Elastic Block Store

Here is an excellent article on Running MySQL on Amazon EC2 with Elastic Block Store. Amazon Web Services Developer Connection : Running MySQL on Amazon EC2 with Elastic Block Store (0 Replies)
Discussion started by: Neo
0 Replies

2. Virtualization and Cloud Computing

CEP as a Service (CEPaaS) with MapReduce on Amazon EC2 and Amazon S3

Tim Bass 11-25-2008 01:02 PM Just as I was starting to worry that complex event processing community has been captured by RDBMS pirates off the coast of Somalia, I rediscovered a new core blackboard architecture component, Hadoop. Hadoop is a framework for building applications on large... (0 Replies)
Discussion started by: Linux Bot
0 Replies

3. Virtualization and Cloud Computing

Securing code in Amazon EC2

Hi All, I am facing a problem, regarding code security on EC2. We have created an AMI which contains our code in it, and need to bind the code to the AMI so that no one can take the code out of the AMI. Are there some ways to achieve this ??? (2 Replies)
Discussion started by: akshay61286
2 Replies

4. UNIX and Linux Applications

A little help with seLinux

Situation: installed on Centos6.4 this samba4 package samba4-4.0.1-4.centos6.1.x86_64(wich had the path /usr/share/samba4 /var/lock/samba4,etc) I use selinux so i put in context /var/lock/samba4 -d system_u:object_r:samba_var_t:s0 /var/lock/samba4/.* -- ... (3 Replies)
Discussion started by: Linusolaradm1
3 Replies

LEARN ABOUT CENTOS

selinux_config

selinux_config(5)					    SELinux configuration file						 selinux_config(5)

NAME

       config - The SELinux sub-system configuration file.

DESCRIPTION

       The SELinux config file controls the state of SELinux regarding:

	      1.  The policy enforcement status - enforcing, permissive or disabled.

	      2.  The policy name or type that forms a path to the policy to be loaded and its supporting configuration files.

	      3.  How  local  users  and booleans will be managed when the policy is loaded (note that this function was used by older releases of
		  SELinux and is now deprecated).

	      4.  How SELinux-aware login applications should behave if no valid SELinux users are configured.

	      5.  Whether the system is to be relabeled or not.

       The entries controlling these functions are described in the FILE FORMAT section.

       The fully qualified path name of the SELinux configuration file is /etc/selinux/config.

       If the config file is missing or corrupt, then no SELinux policy is loaded (i.e. SELinux is disabled).

       The sestatus (8) command and the libselinux function selinux_path (3) will return the location of the config file.

FILE FORMAT

       The config file supports the following parameters:

	      SELINUX = enforcing | permissive | disabled
	      SELINUXTYPE = policy_name
	      SETLOCALDEFS = 0 | 1
	      REQUIREUSERS = 0 | 1
	      AUTORELABEL = 0 | 1

       Where:
       SELINUX
	      This entry can contain one of three values:

		     enforcing
			 SELinux security policy is enforced.

		     permissive
			 SELinux security policy is not enforced but logs the warnings (i.e. the action is allowed to proceed).

		     disabled
			 SELinux is disabled and no policy is loaded.

	      The entry can be determined using the sestatus(8) command or selinux_getenforcemode(3).

       SELINUXTYPE
	      The policy_name entry is used to identify the policy type, and becomes the directory name of where the policy and its  configuration
	      files are located.

	      The entry can be determined using the sestatus(8) command or selinux_getpolicytype(3).

	      The  policy_name	is relative to a path that is defined within the SELinux subsystem that can be retrieved by using selinux_path(3).
	      An example entry retrieved by selinux_path(3) is:
		     /etc/selinux/

	      The policy_name is then  appended  to  this  and	becomes  the  'policy  root'  location	that  can  be  retrieved  by  selinux_pol-
	      icy_root_path(3). An example entry retrieved is:
		     /etc/selinux/targeted

	      The  actual  binary  policy  is located relative to this directory and also has a policy name pre-allocated. This information can be
	      retrieved using selinux_binary_policy_path(3). An example entry retrieved by selinux_binary_policy_path(3) is:
		     /etc/selinux/targeted/policy/policy

	      The binary policy name has by convention the SELinux policy version that it supports appended to it. The maximum policy version sup-
	      ported  by  the kernel can be determined using the sestatus(8) command or security_policyvers(3). An example binary policy file with
	      the version is:
		     /etc/selinux/targeted/policy/policy.24

       SETLOCALDEFS
	      This entry is deprecated and should be removed or set to 0.

	      If set to 1, then selinux_mkload_policy(3) will read  the  local	customization  for  booleans  (see  booleans(5))  and  users  (see
	      local.users(5)).

       REQUIRESEUSERS
	      This  optional  entry  can be used to fail a login if there is no matching or default entry in the seusers(5) file or if the seusers
	      file is missing.

	      It is checked by getseuserbyname(3) that is called by SELinux-aware login applications such as PAM(8).

	      If set to 0 or the entry missing:
		     getseuserbyname(3) will return the GNU / Linux user name as the SELinux user.

	      If set to 1:
		     getseuserbyname(3) will fail.

	      The getseuserbyname(3) man page should be consulted for its use. The format of the seusers file is shown in seusers(5).

       AUTORELABEL
	      This is an optional entry that allows the file system to be relabeled.

	      If set to 0 and there is a file called .autorelabel in the root directory, then on a reboot, the loader will drop to a shell where a
	      root login is required. An administrator can then manually relabel the file system.

	      If  set  to 1 or no entry present (the default) and there is a .autorelabel file in the root directory, then the file system will be
	      automatically relabeled using fixfiles -F restore

	      In both cases the /.autorelabel file will be removed so that relabeling is not done again.

EXAMPLE

       This example config file shows the minimum contents for a system to run SELinux in enforcing mode, with a policy_name of 'targeted':

	      SELINUX = enforcing
	      SELINUXTYPE = targeted

SEE ALSO

       selinux(8), sestatus(8), selinux_path(3),  selinux_policy_root_path(3),	selinux_binary_policy_path(3),	getseuserbyname(3),  PAM(8),  fix-
       files(8),  selinux_mkload_policy(3),  selinux_getpolicytype(3), security_policyvers(3), selinux_getenforcemode(3), seusers(5), booleans(5),
       local.users(5)

Security Enhanced Linux 					    18 Nov 2011 						 selinux_config(5)
All times are GMT -4. The time now is 06:41 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy