Re: Pretty unbelievable !!
On Thu, 2004-05-06 at 15:51, Bob Gustafson wrote:
[root@hoho2 user1]# /usr/sbin/sestatus -v
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Policy version: 17
Ok, just wanted to verify enabled and enforcing status.
Policy booleans:
user_ping inactive
Process contexts:
Current context: root:sysadm_r:sysadm_t
Init context: system_u:system_r:init_t
/sbin/mingetty system_u:system_r:getty_t
/usr/sbin/sshd system_u:system_r:sshd_t
File contexts:
Controlling term: root:object_r:sysadm_devpts_t
/etc/passwd system_u:object_r:etc_t
/etc/shadow system_u:object_r:shadow_t
/bin/bash system_u:object_r:shell_exec_t
/bin/login system_u:object_r:login_exec_t
/bin/sh system_u:object_r:bin_t ->
system_u:object_r:shell_exec_t
/sbin/agetty system_u:object_r:getty_exec_t
/sbin/init system_u:object_r:init_exec_t
/sbin/mingetty system_u:object_r:getty_exec_t
/usr/sbin/sshd system_u:object_r:sshd_exec_t
/lib/libc.so.6 system_u:object_r:lib_t -> system_u:object_r:shlib_t
/lib/ld-linux.so.2 system_u:object_r:lib_t -> system_u:object_r:ld_so_t
Looks fine.
So, is it bullet-proof?
Of course not. But operating correctly.
What doc would help to interpret the output of sestatus?
There is a brief man page, sestatus(8). The program was just contributed
recently by Chris PeBenito of the Hardened Gentoo project.
--
Stephen Smalley <sds(a)epoch.ncsc.mil>
National Security Agency