|
H
|
ow do I disable or
enable SELinux policy modules under Red Hat Enterprise Linux running on Dell
hardware?
You need to use the semodule command. This command is used to manage SELinux policy modules, including installing, upgrading, listing, disabling and removing modules.
You need to use the semodule command. This command is used to manage SELinux policy modules, including installing, upgrading, listing, disabling and removing modules.
Task:
See currently installed modules
Type the following command as the root user:
semodule –l
semodule -l | more
semodule | less
Sample outputs:
abrt 1.2.0
accountsd 1.0.0
ada 1.4.0
afs 1.5.3
aiccu 1.0.0
aide 1.5.0
aisexec 1.0.0
amanda 1.12.0
amavis 1.10.3
amtu 1.2.0
apache 2.1.2
apcupsd 1.6.1
arpwatch 1.8.1
asterisk 1.7.1
audioentropy 1.6.0
automount 1.12.1
avahi 1.11.2
awstats 1.2.0
bind 1.10.2
bitlbee 1.2.1
bluetooth 3.2.2
....
..
..
Output truncated
....
..
uuidd 1.0.0
varnishd 1.1.0
vdagent 1.0.0
vhostmd 1.0.0
virt 1.4.0
vmware 2.2.0
vpn 1.12.0
w3c 1.0.0
wdmd 1.0.0
webadm 1.1.0
webalizer 1.10.0
wine 1.6.1
xen 1.9.2
xfs 1.6.0
xguest 1.0.1
zabbix 1.2.0
zarafa 1.0.0
zebra 1.10.1
zosremote 1.1.0
Task:
SELinux disable module
To
disable existing module, type:
semodule -d MODULE_NAME_HERE
OR
semodule --disable=MODULE_NAME_HERE
To disable module
called webalizer, enter:
# semodule -v -d webalizer
To verify new
settings, enter:
# semodule -l | grep webalizer
Sample
outputs:
[root@rhel6 ~]# semodule -v -d webalizer
Attempting to disable module 'webalizer':
Ok: return value of 0.
Committing changes:
Ok: transaction number 0.
[root@rhel6 ~]# semodule -l | grep webalizer
webalizer 1.10.0 Disabled
Task: SELinux enable module
To
enable existing module, type:
semodule -e MODULE_NAME_HERE
OR
# semodule --enable=MODULE_NAME_HERE
To enable module
called webalizer, enter:
# semodule -v -e webalizer
Sample outputs:
Attempting to enable module 'webalizer':
Ok: return value of 0.
Committing changes:
Ok: transaction number 0.
0 comments:
Post a Comment