====== SELinux ======
===== 1 =====
Afficher l'état de SELinux :
sestatus
Exemple :
[root@cadb01 .ssh]# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted
[root@cadb01 .ssh]#
Restaurer les droits pour pouvoir se connecter avec les clés SSH :
restorecon -R -v /root/.ssh
Exemple :
[root@cadb01 .ssh]# restorecon -R -v /root/.ssh
restorecon reset /root/.ssh context unconfined_u:object_r:admin_home_t:s0->unconfined_u:object_r:ssh_home_t:s0
restorecon reset /root/.ssh/authorized_keys context unconfined_u:object_r:admin_home_t:s0->unconfined_u:object_r:ssh_home_t:s0
[root@cadb01 .ssh]#
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security-enhanced_linux/sect-security-enhanced_linux-enabling_and_disabling_selinux-disabling_selinux
Procedure 5.4. Disabling SELinux
Configure SELINUX=disabled in the /etc/selinux/config file:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
Reboot your system. After reboot, confirm that the getenforce command returns Disabled:
~]~ getenforce
Disabled
===== 2 =====
Ci-dessous ce que j'ai fait pour contourner le problème suivant sur AWX : "Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!"
[kickstart-repo]
name = Repository du kicksart de recette
baseurl = ftp://1.0.0.2/RHEL/RHEL72x64/
enabled = 1
gpgcheck = 0
yum install libselinux-python.x86_64
{{tag>GNU_Linux firewalld iptables SELinux security}}