SELinux System Administration
上QQ阅读APP看书,第一时间看更新

Chapter 2. Understanding SELinux Decisions and Logging

Once SELinux is enabled on a system, it starts its access control functionality as described in the previous chapter. This however might have some unwanted side effects, so in this chapter, we will:

  • Switch between SELinux in full enforcement mode (host-based intrusion prevention) versus its permissive, logging-only mode (host-based intrusion detection)
  • Use various methods to toggle the SELinux state (enabled or disabled, permissive or enforcing)
  • Disable SELinux protections for a single domain rather than the entire system
  • Learn to interpret the SELinux log events that describe to us what activities that SELinux has prevented

We finish with an overview of common methods for analyzing these logging events in day-to-day operations.