SELinux – Commonly used commands.

By | 14/08/2019
0 Comment

In the last tutorial I wrote about two commands: chcon and restorecon.
Today I will show you one list with some of the more commonly used command-line utilities for managing and operating SELinux provided by utilities:

by policycoreutils package:

  • fixfiles: Fixes the security context on file systems
  • load_policy: Loads a new SELinux policy into the kernel
  • restorecon: Resets the security context on one or more files
  • setfiles: Initializes the security context on one or more files
  • secon: Displays the SELinux context from a file, program, or user input
  • semodule_package: Creates an SELinux policy module package
  • restorecond: Is a daemon that watches for file creation and sets the default file context
  • semodule: Manages SELinux policy modules
  • sestatus: Displays SELinux status
  • setsebool: Sets SELinux Boolean value

by libselinux-utils package:

  • avcstat: Displays SELinux AVC statistics
  • getenforce: Reports the current SELinux mode
  • getsebool: Reports SELinux Boolean values
  • matchpathcon: Queries the system policy and displays the default security context associated with the file path
  • selinuxconlist: Displays all of the SELinux context reachable for a user
  • selinuxdefcon: Displays the default SELinux context for a user
  • selinuxenabled: Indicates whether SELinux is enabled
  • setenforce: Modifies the SELinux mode

by setools-console package

  • findcon: An SELinux file context search tool
  • sechecker: An SELinux policy checking tool
  • sediff: An SELinux policy difference tool
  • seinfo: An SELinux policy query tool
  • sesearch: An SELinux policy query tool

by policycoreutils-python package:

  • semanage: Is an SELinux policy management tool
  • audit2allow, audit2why: Generates SELinux policy allow/don’t_audit rules from logs of denied operations
  • chcat: Changes or removes the security category for each file or user
  • sandbox: Runs a command in an SELinux sandbox
  • semodule_package: Creates an SELinux policy module package

by policycoreutils-gui package:

  • system-config-selinux: SELinux Administration GUI
  • selinux-polgengui: SELinux policy generation tool

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.