- SELinux System Administration
- Sven Vermeulen
- 119字
- 2021-08-06 16:41:33
Chapter 2. Understanding SELinux Decisions and Logging
Once SELinux is enabled on a system, it starts its access control functionality as described in the previous chapter. This however might have some unwanted side effects, so in this chapter, we will:
- Switch between SELinux in full enforcement mode (host-based intrusion prevention) versus its permissive, logging-only mode (host-based intrusion detection)
- Use various methods to toggle the SELinux state (enabled or disabled, permissive or enforcing)
- Disable SELinux protections for a single domain rather than the entire system
- Learn to interpret the SELinux log events that describe to us what activities that SELinux has prevented
We finish with an overview of common methods for analyzing these logging events in day-to-day operations.