Ubuntu如何实现SELinux ...?在Ubuntu上实现SELinux涉及哪些pacakges(模块)
Ubuntu如何实现SELinux ...?在Ubuntu上实现SELinux涉及哪些pacakges(模块)
Answers:
Ubuntu如何实现SELinux ...?
selinux默认情况下未安装或启用。我们使用的AppArmor的默认。SELinux的Ubuntu Wiki页面甚至声称...
警告
自Karmic以来,此处记录的Ubuntu特定的“ selinux”和“ selinux-policy-ubuntu”软件包并未受到太多关注,并且在Precise中似乎已被有效破坏。
如果您希望在Ubuntu中使用SELinux,则仍将积极维护Debian的“ selinux-basics”和“ selinux-policy-default”软件包。与这些软件包相关的文档可以在以下位置找到 http://wiki.debian.org/SELinux中。
而且还包含有关如何安装它的说明:
可以通过安装“ selinux”元软件包在Ubuntu中启用SELinux,该软件包将对系统进行必要的更改,并为Ubuntu安装Tresys策略:
sudo apt-get install selinux安装后,系统将提示您重新引导系统以标记并激活SELinux。
但是手动安装debian软件包可能更聪明...
涉及哪些包(模块)?
我相信您必须在安装SELinux之前删除apparmor:
sudo apt-get remove apparmor
从Hardy Heron开始,SELinux已集成到Ubuntu中,可以通过apt安装。
安装selinux软件包:
sudo apt-get install selinux在/ etc / selinux / config中更改SELinux模式(可选):
强制执行
sudo sed -i 's/SELINUX=.*/SELINUX=enforcing/' /etc/selinux/config允许的
sudo sed -i 's/SELINUX=.*/SELINUX=permissive/' /etc/selinux/config重启
在关闭过程中,系统上的所有文件都将被标记。这可能需要一些时间,具体取决于您拥有多少文件和磁盘速度。
使用搜索apt-cache search会出现以下软件包:
postgresql-contrib-9.4 - additional facilities for PostgreSQL
ruby-selinux - Ruby bindings to SELinux shared libraries
checkpolicy - SELinux policy compiler
debian-handbook - reference book for Debian users and system administrators
joe-jupp - reimplement the joe Debian package using jupp
jupp - user friendly full screen text editor
libseaudit-dev - Security Enhanced Linux audit message parser development
libseaudit4 - Security Enhanced Linux audit message parsing library
libsefs-dev - Security Enhanced Linux file context management development
libsefs4 - Security Enhanced Linux file context management
libsetools-java - SETools Java bindings (architecture-independent)
libsetools-tcl - SETools Tcl bindings
libtomoyotools3 - lightweight Linux Mandatory Access Control system - library
policycoreutils - SELinux core policy utilities
python-selinux - Python bindings to SELinux shared libraries
python-semanage - Python bindings for SELinux policy management
python-sepolgen - Python module used in SELinux policy generation
python-sepolicy - Python binding for SELinux Policy Analyses
python-setools - SETools Python bindings
ruby-semanage - Ruby bindings to for SELinux policy management
selinux - Security-Enhanced Linux runtime support
selinux-basics - SELinux basic support
selinux-policy-default - Strict and Targeted variants of the SELinux policy
selinux-policy-dev - Headers from the SELinux reference policy for building modules
selinux-policy-doc - Documentation for the SELinux reference policy
selinux-policy-dummy - Empty Security-Enhanced Linux policy (dummy package)
selinux-policy-mls - MLS (Multi Level Security) variant of the SELinux policy
selinux-policy-src - Source of the SELinux reference policy for customization
selinux-policy-ubuntu - Security-Enhanced Linux Reference Policy
selinux-policy-ubuntu-dev - Security-Enhanced Linux Reference Policy Development Headers
selinux-policy-ubuntu-doc - Security-Enhanced Linux Reference Policy Documentation
selinux-utils - SELinux utility programs
setools - tools for Security Enhanced Linux policy analysis
setools-gui - GUI tools for Security Enhanced Linux policy analysis