Re: SELinux should be off by default in FC3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2004-10-07 at 10:01, Kenneth Porter wrote:
> Also, does find have facilities to match security contexts? It's a common 
> tool for finding violations of other policies, like rogue suid binaries.

find /etc -context system_u:object_r:shadow_t -print
find /etc -printf "%p %Z\n"

But a better tool for this purpose is likely setfiles, e.g.:
/usr/sbin/setfiles -qnv /etc/selinux/targeted/contexts/files/file_contexts /etc

/sbin/fixfiles check is similar, but seems to only log to a file
(fixfiles is a script written by RedHat that calls setfiles internally).

-- 
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux