search for: secure_mode_insmod

Displaying 3 results from an estimated 3 matches for "secure_mode_insmod".

2015 Jan 23
2
How to prevent root from managing/disabling SELinux
At work I'm used to tools like eTrust Access Control (aka SEOS). eTrust takes away the ability to manage the eTrust config from root and puts it in the hands of "security admin". So there's a good separation of duties; security admin control the security ruleset, but are limited by the OS permissions (so even if they granted themselves permission to modify /etc/shadow, the
2011 Nov 01
1
SELinux and SETroubleshootd woes in CR
...9;, 'allow_ftpd_full_access', 'default', 'allow_ftpd_use_nfs', 'samba_enable_home_dirs', 'restorecon', 'selinuxpolicy', 'pppd_can_insmod', 'allow_daemons_dump_core', 'httpd_write_content', 'allow_httpd_anon_write', 'secure_mode_insmod', 'kernel_modules', 'samba_export_all_ro', 'httpd_enable_ftp_server', 'allow_postfix_local_write_mail_spool', 'execute', 'privoxy_connect_any', 'use_nfs_home_dirs', 'allow_smbd_anon_write', 'sys_resource', 'allow_ftpd_u...
2015 Jan 26
0
How to prevent root from managing/disabling SELinux
...as anyone actually attempted this? > You would need to disable the unconfined.pp module and the unconfineduser.pp module and run all of your users as confined user including the admin user as sysadm_t. You could also set the secure_ booleans getsebool -a | grep secure_* secure_mode --> off secure_mode_insmod --> off secure_mode_policyload --> off