1.系统安装
系统安装完成后,系统当前的SELinux配置为:
| # cat /etc/selinux/config SELINUX=enforcing SELINUXTYPE=targeted |
2.SELinux环境准备
| # yum install setools policycoreutils.x86_64 selinux-policy-mls.noarch setroubleshoot.x86_64 setools-console -y |
3.SELinux配置
修改SELINUXTYPE为mls模式。
| # cat /etc/selinux/config SELINUX=enforcing SELINUXTYPE=mls |
修改完成,执行命令
| # fixfiles -B onboot # reboot |
4.Linux用户创建
| # useradd -G wheel sysadm # useradd -G wheel secadm # useradd -G wheel auditadm |
用户密码登录设置
| passwd sysadm passwd secadm passwd auditadm |
5.创建SELinux用户
创建命令
| # semanage user -a -L s0 -r s0-s0:c0.c1023 -R secadm_r secadm_u # semanage user -a -L s0 -r s0-s0:c0.c1023 -R sysadm_r sysadm_u # semanage user -a -L s0 -r s0-s0:c0.c1023 -R auditadm_r auditadm_u |
如果需要用户可以登录ssh,需要添加sysadm_r角色,设置ssh_sysadm_login布尔变量为on。
| # semanage user -m -L s0 -r s0-s15:c0.c1023 secadm_u -R "secadm_r sysadm_r" # setsebool -P ssh_sysadm_login on |
# semanage user -l
SELinux中默认创建的默认用户以及角色:
| User | Default role | Additional roles |
| unconfined_u | unconfined_r | system_r |
| guest_u | guest_r | |
| xguest_u | xguest_r | |
| user_u | user_r | |
