[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SELinux should be off by default in FC3



On Thu, 2004-10-07 at 10:01, Kenneth Porter wrote:
> Also, does find have facilities to match security contexts? It's a common 
> tool for finding violations of other policies, like rogue suid binaries.

find /etc -context system_u:object_r:shadow_t -print
find /etc -printf "%p %Z\n"

But a better tool for this purpose is likely setfiles, e.g.:
/usr/sbin/setfiles -qnv /etc/selinux/targeted/contexts/files/file_contexts /etc

/sbin/fixfiles check is similar, but seems to only log to a file
(fixfiles is a script written by RedHat that calls setfiles internally).

-- 
Stephen Smalley <sds epoch ncsc mil>
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]