Redhat Linux 9: Tóm tắt chương 22: Managing SELinux
Link playlist
Red Hat Enterprise Linux Administration
2023 09 07 05 13 25
Which of the following allows you to set SELinux in disabled
mode in RHEL 9?
1. From a root shell, use setenforce 0
2. Use the GRUB kernel boot argument selinux=0
3. Set selinux=disabled in /etc/sysconfig/selinux
4. Remove the SELinux packages using dnf remove selinux
. Which of the following commands enable you to see the current
SELinux mode? (Choose two.)
1. sestatus
2. lsmode
3. semode
4. getenforce
. Which of the following items in the context label is the most
significant for SELinux system administration tasks?
1. Type
2. User
3. Role
4. Mission
. Which command-line switch is used with many commands to
display SELinux-related information?
1. -S
2. -X
3. -Z
4. -D
. Which of the following commands should be used to set the
context type of the directory /web to httpd_sys_content_t?
1. chcon -t httpd_sys_content_t /web
2. semanage -t httpd_sys_content_t “/web(/.*)?”
3. semanage fcontext -t httpd_sys_content_t “/web(/.*)?”
4. semanage fcontext -a -t httpd_sys_content_t “/web(/.*)?”
. Which command must you run to ensure that a file has the
appropriate SELinux context after moving the file to another
location?
1. reboot
2. restorecon /new/filename
3. chcon
4. restorecon -R /etc/selinux -v
. While setting a port context using semanage port -a -t
ssh_port_t -p tcp 443, you get an error message telling you that
the port is already defined. Which of the following statements is
true?
1. You cannot change a default port setting like 443, as it is used
already for https.
2. You have already issued the command earlier.
3. You need to use -m to modify the port context, not -a to add
it.
4. The syntax you use is incorrect.
. Which command enables you to change a Boolean in a way that
it survives a reboot?
1. chcon boolean -P
2. setsebool -P
3. setsebool
4. semanage boolean
. Which file contains all the information you need to
troubleshoot SELinux messages?
1. /var/log/audit/audit.log
2. /var/log/selinux/selinux.log
3. /var/log/messages
4. /var/log/selinux.log
. You want to grep the audit log for SELinux log messages. Which
of the following strings should you use grep on?
1. selinux
2. deny
3. violation
4. AVC
Chapter 22
. B. In older versions of Red Hat, the file /etc/sysconfig/selinux
could be modified to contain the setting selinux=disabled. In
RHEL 9 you can start a system in disabled mode only by using
the GRUB boot argument selinux=0.
. A and D. The getenforce command is used to request the
current SELinux mode. The sestatus command can be used
also. It shows the current mode, and some additional securityrelated information as well.
. A. For basic SELinux configuration, you need to make sure that
the appropriate context type is set. User and role are for
advanced use only.
. C. The -Z option displays SELinux-related information and can
be used with many commands.
. D. This is the only command that provides correct usage
information about semanage. Remember that chcon should be
avoided at all times.
. B. When you’re moving a file, the original file context is moved
with the file. To ensure that the file has the context that is
appropriate for the new file location, you should use
restorecon on it.
. C. If a port has already been labeled, use semanage port -m to
modify it.
. B. To change Booleans, use setsebool; to make the change
persistent, use -P.
. A. SELinux messages are logged by auditd, which writes the log
messages to /var/log/audit/audit.log. Only if sealert is installed
are messages written to /var/log/messages as well, but that does
not happen by default.
. D. SELinux log messages in audit log always contain the text
avc, which stands for access vector cache.
[ad_2]
source