1
00:00:00,000 --> 00:00:11,080
In this video, I'll tell you about the configuration of the SL Linux mode.

2
00:00:11,080 --> 00:00:13,680
So SL Linux can be in different states.

3
00:00:13,680 --> 00:00:16,719
It can be either disabled or enabled.

4
00:00:16,719 --> 00:00:20,860
The state is defined in the Linux kernel and you can only set it while booting.

5
00:00:20,860 --> 00:00:25,959
By using the grub bootloader argument, SL Linux is 0 or SL Linux is 1.

6
00:00:25,959 --> 00:00:31,080
If SL Linux is enabled, you can toggle between permissive and enforcing mode.

7
00:00:31,080 --> 00:00:36,720
In permissive mode, nothing is blocked, but all SL Linux events are logged.

8
00:00:36,720 --> 00:00:40,919
Permissive mode is excellent for troubleshooting because you get a clear idea of everything

9
00:00:40,919 --> 00:00:42,520
that is going on.

10
00:00:42,520 --> 00:00:46,959
In enforcing mode, SL Linux is fully operational.

11
00:00:46,959 --> 00:00:52,080
You can use get-enforce to get the current mode and you can use set-enforce to set the

12
00:00:52,080 --> 00:00:53,080
current mode.

13
00:00:53,080 --> 00:00:54,080
Let me show you.

14
00:00:54,200 --> 00:00:56,439
All right, let's check out what we've got.

15
00:00:56,439 --> 00:01:00,919
When I use get-enforce on this system, we can see that I'm in enforcing mode.

16
00:01:00,919 --> 00:01:09,919
And if I use set-enforce permissive, then get-enforce will reveal that we are in permissive mode.

17
00:01:09,919 --> 00:01:11,199
Now why is that relevant?

18
00:01:11,199 --> 00:01:21,000
Well, it is relevant because if I would configure my web server, let's go to etc.httpd.conf.

19
00:01:21,040 --> 00:01:28,879
Let's tweak the document route, for instance, which by default is set to var www.html.

20
00:01:28,879 --> 00:01:32,080
I want to set that to the slash web directory.

21
00:01:32,080 --> 00:01:37,839
I need to modify web server permissions by modifying this directory slash web as well.

22
00:01:37,839 --> 00:01:40,720
And then I'm going to create a directory slash web.

23
00:01:40,720 --> 00:01:47,320
I'm using vim on slash web index.html.

24
00:01:47,320 --> 00:01:51,879
Hello world, or whatever.

25
00:01:51,879 --> 00:01:54,879
And a systemctl restart.httpd.

26
00:01:54,879 --> 00:01:56,760
Okay, let's do a test.

27
00:01:56,760 --> 00:01:59,480
I'm using curl to localhost.

28
00:01:59,480 --> 00:02:00,480
And what do we see?

29
00:02:00,480 --> 00:02:02,239
We see hello world.

30
00:02:02,239 --> 00:02:11,000
And if I use set-enforce enforcing, and I do curl localhost, then we see a lot of error

31
00:02:11,000 --> 00:02:12,000
messages.

32
00:02:12,000 --> 00:02:14,600
And that is how permissive mode allows you to do your stuff.

33
00:02:14,600 --> 00:02:16,000
Now why is it useful?

34
00:02:16,000 --> 00:02:22,880
That is useful by the time you use grep avc on var log audit audit.log to figure out what

35
00:02:22,880 --> 00:02:24,919
was going on.

36
00:02:24,919 --> 00:02:29,679
Here we can see what has been logged in permissive mode.

37
00:02:29,679 --> 00:02:33,479
And in a permissive mode, we can see the entire flow of the events.

38
00:02:33,479 --> 00:02:39,199
And that is useful for troubleshooting, whereas in enforcing mode, you can only see the first

39
00:02:39,199 --> 00:02:43,880
action that has immediately been blocked, because that is what sLinux is supposed to

40
00:02:43,880 --> 00:02:44,960
do at that moment.