On Thu, 2004-05-06 at 15:51, Bob Gustafson wrote: > [root@hoho2 user1]# /usr/sbin/sestatus -v > SELinux status: enabled > SELinuxfs mount: /selinux > Current mode: enforcing > Policy version: 17 Ok, just wanted to verify enabled and enforcing status. > Policy booleans: > user_ping inactive > > Process contexts: > Current context: root:sysadm_r:sysadm_t > Init context: system_u:system_r:init_t > /sbin/mingetty system_u:system_r:getty_t > /usr/sbin/sshd system_u:system_r:sshd_t > > File contexts: > Controlling term: root:object_r:sysadm_devpts_t > /etc/passwd system_u:object_r:etc_t > /etc/shadow system_u:object_r:shadow_t > /bin/bash system_u:object_r:shell_exec_t > /bin/login system_u:object_r:login_exec_t > /bin/sh system_u:object_r:bin_t -> > system_u:object_r:shell_exec_t > /sbin/agetty system_u:object_r:getty_exec_t > /sbin/init system_u:object_r:init_exec_t > /sbin/mingetty system_u:object_r:getty_exec_t > /usr/sbin/sshd system_u:object_r:sshd_exec_t > /lib/libc.so.6 system_u:object_r:lib_t -> system_u:object_r:shlib_t > /lib/ld-linux.so.2 system_u:object_r:lib_t -> system_u:object_r:ld_so_t Looks fine. > So, is it bullet-proof? Of course not. But operating correctly. > What doc would help to interpret the output of sestatus? There is a brief man page, sestatus(8). The program was just contributed recently by Chris PeBenito of the Hardened Gentoo project. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
