Re: Pretty unbelievable !!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2004-05-06 at 15:51, Bob Gustafson wrote:
>   [root@hoho2 user1]# /usr/sbin/sestatus -v
>   SELinux status:         enabled
>   SELinuxfs mount:        /selinux
>   Current mode:           enforcing
>   Policy version:         17

Ok, just wanted to verify enabled and enforcing status.

>   Policy booleans:
>   user_ping               inactive
> 
>   Process contexts:
>   Current context:        root:sysadm_r:sysadm_t
>   Init context:           system_u:system_r:init_t
>   /sbin/mingetty          system_u:system_r:getty_t
>   /usr/sbin/sshd          system_u:system_r:sshd_t
> 
>   File contexts:
>   Controlling term:       root:object_r:sysadm_devpts_t
>   /etc/passwd             system_u:object_r:etc_t
>   /etc/shadow             system_u:object_r:shadow_t
>   /bin/bash               system_u:object_r:shell_exec_t
>   /bin/login              system_u:object_r:login_exec_t
>   /bin/sh                 system_u:object_r:bin_t ->
>               system_u:object_r:shell_exec_t
>   /sbin/agetty            system_u:object_r:getty_exec_t
>   /sbin/init              system_u:object_r:init_exec_t
>   /sbin/mingetty          system_u:object_r:getty_exec_t
>   /usr/sbin/sshd          system_u:object_r:sshd_exec_t
>   /lib/libc.so.6          system_u:object_r:lib_t -> system_u:object_r:shlib_t
>   /lib/ld-linux.so.2      system_u:object_r:lib_t -> system_u:object_r:ld_so_t

Looks fine.

> So, is it bullet-proof?

Of course not.  But operating correctly.

> What doc would help to interpret the output of sestatus?

There is a brief man page, sestatus(8). The program was just contributed
recently by Chris PeBenito of the Hardened Gentoo project.

-- 
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux