Tuesday, April 19, 2011

Installing the SELinux Administration Tool on CentOS Step-by-Step

Introduction

This procedure walks you through the process of setting up the Security Enhanced Linux (SELinux) Administration tool GUI on CentOS step-by-step.  SELinux is a security system for Linux  [1-3].  It is integrated into version 2.6.X kernel versions of Red Hat Enterprise Linux [1, 3].   CentOS is a rebuild of Red Hat Enterprise Linux without branding [4]. SELinux administration is generally accomplished via commands and editing configuration files [1-3].  The GUI facilitates SELinux administration.  The SELinux Administration tool GUI is installed by default to RHEL installations.  It is not setup by default to CentOS installations [5].   On CentOS instances, the GUI is part of the policycoreutils-gui package [4].  This walkthrough involves four steps: 1) checking SELinux Administration tool installation status, 2) locating the installation package, 3) installing the package, and 4) verifying installation.  All references used in this walkthrough are listed in the References section, below.  Good luck!

Procedure

Step 1: Checking SELinux Administration Tool Installation Status

On the CentOS desktop, go to the System menu, and then point to Administration.  The Administration submenu appears.  It this tool were installed, the SELinux Management menu item would appear just below the Security Level and Firewall menu item.


On Red Hat Enterprise Linux Server 5, this is installed by default.


You can also check GUI installation by performing a find [5] operation on the administration tool, system-config-selinux [1-3].  If it's not there, the GUI tool has not been installed.


To check where your CentOS version includes the SELinux system, use the uname command [6].  This command reveals the kernel version of your Linux distribution.


If your CentOS is based on kernel version 2.6.X or greater, SELinux should be installed as well [1, 3].  In the next step, you'll first check to see if the installation package is already available to your CentOS instance, and only needs to be installed; and then if its not installed, we'll then perform an installation of the package.

Step 2a: Check if the SELinux Administration Tool Package is Available

First, let's check to see if the package is already available.  On the CentOS desktop, from the Applications menu, select Add/Remove Software.  The Package Manager tool appears.  Select the Search tab, and then enter "SELinux."


Click Search.  A vareity of SELinux tools and features will be listed.


Scroll down to find the "SELinux configuration GUI" item.  If you see it there, that's good and you only need to check it in order to install it: skip past step 2a and go right to step 3.  If not, you'll need to first locate the installation package in order to download it, and this is covered next.

Step 2b: Locate the Installation Package for Downloading

You first need to identify in which package the system-config-selinux command file is located.  Use the YUM provides command to find this out [8].  At the command prompt, enter the following:
yum provides "*system-config-selinux"
This performs a search on the CentOS update server of all packages in order to find out which package includes the search target.


Once the search completes, make a note of the package name that was returned.

Step 2c: Download the Package

To download the package, use another YUM command, yum install.  The installation takes only a few seconds.

NOTE: though the yum install command downloads and performs an installation of the package, the SELinux Administration tool package still may not be installed.  Final installation is covered in the next step.
Step 3: Install the Package

To install the SELinux Administration tool GUI, bring up the Package Manager again.  Perform a search on "SELinux" as you did before, and then scroll down to the SELinux configuration GUI item.  Check this item.


Click Apply.  A variety of prompts will appear.  Click Continue past all of them.


At the end, you'll see a final prompt.


Click OK, and then exit Package Manager.  The final step is to verify installation.

Step 4: Verify Installation

On the CentOS desktop, from the System menu, point to Administration.  The Administration submenu appears.  Listed on this submenu, just below the Security Level and Firewall menu item, should be a new menu item, SELinux Management.


Select this menu item.  The SELinux Administration tool GUI appears.


This completes this step-by-step walkthrough on installing the SELinux Administration tool GUI on CentOS.  Happy computing!

References
  1. 46.2. Introduction to SELinux - Red Hat Enterprise Linux 5 Server documentation
  2. SELinux - CentOS How Tos
  3. 43.2. Introduction to SELinux - Linuxtopia - CentOS 4
  4. CentOS - Wikipedia
  5. SELinux denials with "spamc" and "webalizer" - CentOS Forums - Security Support
  6. Linux / Unix find command - Computer Hope
  7. Linux / Unix uname command - Computer Hope
  8. YUM Commands - CentOS Help Resources
  9. The Community Enterprise Operating System (CentOS)
  10. VMware Workstation
Notes
  • This walkthrough was performed on CentOS version 5.5 [9] as guest OS on VMware Workstation 7.1 [10].
  • Follow the above procedure to install the SELinux Troubleshooter as well.  You'll see it listed in Package Manager.

1 comment:

Anonymous said...

Thanks dude great work! worked for me