Red Hat Enterprise Linux Server Cookbook

By : Jakub Gaj, William Leemans
By: Jakub Gaj, William Leemans

Overview of this book

Dominating the server market, the Red Hat Enterprise Linux operating system gives you the support you need to modernize your infrastructure and boost your organization’s efficiency. Combining both stability and flexibility, RHEL helps you meet the challenges of today and adapt to the demands of tomorrow. This practical Cookbook guide will help you get to grips with RHEL 7 Server and automating its installation. Designed to provide targeted assistance through hands-on recipe guidance, it will introduce you to everything you need to know about KVM guests and deploying multiple standardized RHEL systems effortlessly. Get practical reference advice that will make complex networks setups look like child’s play, and dive into in-depth coverage of configuring a RHEL system. Also including full recipe coverage of how to set up, configuring, and troubleshoot SELinux, you’ll also discover how secure your operating system, as well as how to monitor it.
Table of Contents (17 chapters)
Configuring SELinux booleans

SELinux booleans allow you to change the SELinux policy at runtime without the need to write additional policies. This allows you to change the policy without the need for recompilation, such as allowing services to access NFS volumes.

How to do it…

This is the way to temporarily or permanently change SELinux booleans.

Listing SELinux booleans

For a list of all booleans and an explanation of what they do, execute the following:

~# semanage boolean -l

Now, let's try to get the value of a particular SELinux boolean. It is possible to get the value of a single SELinux boolean without the use of additional utilities, such as grep and/or awk. Simply execute the following:

~# getsebool <SELinux boolean>

This shows you whether or not the boolean is set. Here's an example:

~# getsebool virt_use_nfs
virt_use_nfs --> off

Changing SELinux booleans

To set a boolean value to a particular one, use the following command:

~# setsebool <SELinux boolean> <on|off...