Question : Following a security audit, the xFusionCorp Industries security team has opted to enhance application and server security with SELinux. To initiate testing, the following requirements have been established for App server 1 in the Stratos Datacenter:
Install the required SELinux packages.
Permanently disable SELinux for the time being; it will be re-enabled after necessary configuration changes.
No need to reboot the server, as a scheduled maintenance reboot is already planned for tonight.
Disregard the current status of SELinux via the command line; the final status after the reboot should be disabled.
Please Note :- Perform the below commands based on your question server, user name & other details might differ . So please read task carefully before executing. All the Best 👍
Solutions :
1. With the help of sshpass no need to login on remote server.
Install SELinux package on the remote machine
thor@jumphost ~$ sshpass -p Ir0nM@n ssh -o StrictHostKeyChecking=no tony@stapp01 "echo Ir0nM@n | sudo -S yum -y install selinux*" We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for tony: CentOS Stream 9 - BaseOS 20 kB/s | 6.1 kB 00:00 CentOS Stream 9 - BaseOS 6.4 MB/s | 8.7 MB 00:01 CentOS Stream 9 - AppStream 26 kB/s | 6.5 kB 00:00 CentOS Stream 9 - AppStream 20 MB/s | 24 MB 00:01 CentOS Stream 9 - Extras packages 40 kB/s | 7.3 kB 00:00 CentOS Stream 9 - Extras packages 36 kB/s | 19 kB 00:00 Extra Packages for Enterprise Linux 9 - x86_64 113 kB/s | 31 kB 00:00 Extra Packages for Enterprise Linux 9 - x86_64 15 MB/s | 20 MB 00:01 Extra Packages for Enterprise Linux 9 openh264 4.0 kB/s | 993 B 00:00 Extra Packages for Enterprise Linux 9 - Next - 74 kB/s | 24 kB 00:00 Extra Packages for Enterprise Linux 9 - Next - 190 kB/s | 120 kB 00:00 Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: selinux-policy noarch 38.1.62-1.el9 baseos 45 k selinux-policy-automotive noarch 38.1.62-1.el9 appstream 6.9 M selinux-policy-devel noarch 38.1.62-1.el9 appstream 1.5 M selinux-policy-doc noarch 38.1.62-1.el9 baseos 2.6 M selinux-policy-mls noarch 38.1.62-1.el9 baseos 4.5 M selinux-policy-sandbox noarch 38.1.62-1.el9 baseos 42 k selinux-policy-targeted noarch 38.1.62-1.el9 baseos 6.9 M Upgrading: audit-libs x86_64 3.1.5-7.el9 baseos 119 k python3-rpm x86_64 4.16.1.3-37.el9 baseos 65 k rpm x86_64 4.16.1.3-37.el9 baseos 536 k rpm-build-libs x86_64 4.16.1.3-37.el9 baseos 89 k rpm-libs x86_64 4.16.1.3-37.el9 baseos 308 k rpm-sign-libs x86_64 4.16.1.3-37.el9 baseos 21 k Installing dependencies: checkpolicy x86_64 3.6-1.el9 appstream 353 k m4 x86_64 1.4.19-1.el9 appstream 300 k make x86_64 1:4.3-8.el9 baseos 536 k mcstrans x86_64 3.6-1.el9 baseos 152 k policycoreutils-devel x86_64 3.6-2.1.el9 appstream 147 k policycoreutils-newrole x86_64 3.6-2.1.el9 baseos 26 k policycoreutils-python-utils noarch 3.6-2.1.el9 appstream 77 k python3-audit x86_64 3.1.5-7.el9 appstream 79 k python3-distro noarch 1.5.0-7.el9 appstream 37 k python3-libselinux x86_64 3.6-1.el9 appstream 188 k python3-libsemanage x86_64 3.6-1.el9 appstream 80 k python3-policycoreutils noarch 3.6-2.1.el9 appstream 2.1 M python3-setools x86_64 4.4.4-1.el9 baseos 605 k python3-setuptools noarch 53.0.0-15.el9 baseos 936 k rpm-plugin-selinux x86_64 4.16.1.3-37.el9 baseos 17 k Transaction Summary ================================================================================ Install 22 Packages Upgrade 6 Packages Total download size: 29 M Downloading Packages: (1/28): policycoreutils-newrole-3.6-2.1.el9.x86 131 kB/s | 26 kB 00:00 (2/28): mcstrans-3.6-1.el9.x86_64.rpm 465 kB/s | 152 kB 00:00 (3/28): make-4.3-8.el9.x86_64.rpm 1.3 MB/s | 536 kB 00:00 (4/28): rpm-plugin-selinux-4.16.1.3-37.el9.x86_ 309 kB/s | 17 kB 00:00 (5/28): python3-setools-4.4.4-1.el9.x86_64.rpm 2.0 MB/s | 605 kB 00:00 (6/28): selinux-policy-38.1.62-1.el9.noarch.rpm 949 kB/s | 45 kB 00:00 (7/28): python3-setuptools-53.0.0-15.el9.noarch 3.8 MB/s | 936 kB 00:00 (8/28): selinux-policy-sandbox-38.1.62-1.el9.no 718 kB/s | 42 kB 00:00 (9/28): selinux-policy-doc-38.1.62-1.el9.noarch 12 MB/s | 2.6 MB 00:00 (10/28): checkpolicy-3.6-1.el9.x86_64.rpm 1.3 MB/s | 353 kB 00:00 (11/28): m4-1.4.19-1.el9.x86_64.rpm 5.5 MB/s | 300 kB 00:00 (12/28): policycoreutils-devel-3.6-2.1.el9.x86_ 3.5 MB/s | 147 kB 00:00 (13/28): policycoreutils-python-utils-3.6-2.1.e 2.1 MB/s | 77 kB 00:00 (14/28): python3-audit-3.1.5-7.el9.x86_64.rpm 815 kB/s | 79 kB 00:00 (15/28): python3-distro-1.5.0-7.el9.noarch.rpm 1.0 MB/s | 37 kB 00:00 (16/28): python3-libselinux-3.6-1.el9.x86_64.rp 4.2 MB/s | 188 kB 00:00 (17/28): python3-libsemanage-3.6-1.el9.x86_64.r 2.1 MB/s | 80 kB 00:00 (18/28): python3-policycoreutils-3.6-2.1.el9.no 17 MB/s | 2.1 MB 00:00 (19/28): selinux-policy-automotive-38.1.62-1.el 52 MB/s | 6.9 MB 00:00 (20/28): selinux-policy-mls-38.1.62-1.el9.noarc 4.1 MB/s | 4.5 MB 00:01 (21/28): selinux-policy-devel-38.1.62-1.el9.noa 31 MB/s | 1.5 MB 00:00 (22/28): audit-libs-3.1.5-7.el9.x86_64.rpm 1.2 MB/s | 119 kB 00:00 (23/28): python3-rpm-4.16.1.3-37.el9.x86_64.rpm 859 kB/s | 65 kB 00:00 (24/28): rpm-build-libs-4.16.1.3-37.el9.x86_64. 1.7 MB/s | 89 kB 00:00 (25/28): rpm-4.16.1.3-37.el9.x86_64.rpm 8.8 MB/s | 536 kB 00:00 (26/28): rpm-sign-libs-4.16.1.3-37.el9.x86_64.r 411 kB/s | 21 kB 00:00 (27/28): rpm-libs-4.16.1.3-37.el9.x86_64.rpm 4.0 MB/s | 308 kB 00:00 (28/28): selinux-policy-targeted-38.1.62-1.el9. 2.2 MB/s | 6.9 MB 00:03 -------------------------------------------------------------------------------- Total 6.9 MB/s | 29 MB 00:04 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Running scriptlet: selinux-policy-targeted-38.1.62-1.el9.noarch 1/1 Running scriptlet: selinux-policy-mls-38.1.62-1.el9.noarch 1/1 Running scriptlet: selinux-policy-automotive-38.1.62-1.el9.noarch 1/1 Preparing : Installed: checkpolicy-3.6-1.el9.x86_64 m4-1.4.19-1.el9.x86_64 make-1:4.3-8.el9.x86_64 mcstrans-3.6-1.el9.x86_64 policycoreutils-devel-3.6-2.1.el9.x86_64 policycoreutils-newrole-3.6-2.1.el9.x86_64 policycoreutils-python-utils-3.6-2.1.el9.noarch python3-audit-3.1.5-7.el9.x86_64 python3-distro-1.5.0-7.el9.noarch python3-libselinux-3.6-1.el9.x86_64 python3-libsemanage-3.6-1.el9.x86_64 python3-policycoreutils-3.6-2.1.el9.noarch python3-setools-4.4.4-1.el9.x86_64 python3-setuptools-53.0.0-15.el9.noarch rpm-plugin-selinux-4.16.1.3-37.el9.x86_64 selinux-policy-38.1.62-1.el9.noarch selinux-policy-automotive-38.1.62-1.el9.noarch selinux-policy-devel-38.1.62-1.el9.noarch selinux-policy-doc-38.1.62-1.el9.noarch selinux-policy-mls-38.1.62-1.el9.noarch selinux-policy-sandbox-38.1.62-1.el9.noarch selinux-policy-targeted-38.1.62-1.el9.noarch Complete! thor@jumphost ~$ |
2. Run sed command to change SELinux config to disable enforcing
thor@jumphost ~$ sshpass -p Ir0nM@n ssh -o StrictHostKeyChecking=no tony@stapp01 "echo Ir0nM@n |sudo -S sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config" [sudo] password for tony: thor@jumphost ~$ thor@jumphost ~$ |
3. Verify the config file status.
thor@jumphost ~$ sshpass -p Ir0nM@n ssh -o StrictHostKeyChecking=no tony@stapp01 "echo Ir0nM@n | sudo -S grep -i ^SELINUX /etc/selinux/config" [sudo] password for tony: SELINUX=disabled SELINUXTYPE=targeted thor@jumphost ~$ |
4. Click on Finish & Confirm to complete the task successful
Happy Learning!!!!
0 Comments