4

I have a CentOS 6.6 server that was setup by someone else. I'll be recreating this server from scratch on a new box and I'm wondering if there is any way I can find out what selinux booleans have been modified on the existing server? Bash history is unavailable. It might be possible to get this information from audit.log, but I'm not sure what to look for.

030
  • 5,901
  • 13
  • 68
  • 110
Pawilon
  • 71
  • 5

2 Answers2

2

You can get the list of locally-modified booleans with the following commmand:

semanage boolean --list -C

From the semanage man page:

   -l, --list
          List the OBJECTS

   -C, --locallist
          List only locally defined settings, not base policy settings.
Philippe Aubertin
  • 131
  • 4
1

if you compare the default value of the boolean, you can see if that was changed.

semanage boolean -l | grep http
SELinux boolean                State  Default Description

httpd_can_network_relay        (off  ,  off)  Allow httpd to act as a relay
httpd_can_network_connect_db   (off  ,  off)  Allow HTTPD scripts and modules to connect to databases over the network.
httpd_use_gpg                  (off  ,  off)  Allow httpd to run gpg in gpg-web domain
httpd_dbus_sssd                (off  ,  off)  Allow Apache to communicate with sssd service via dbus
c4f4t0r
  • 5,301
  • 3
  • 31
  • 42
  • 1
    Thanks! I've found all changed booleans by issuing: `semanage boolean -l | grep -E 'off\s+,\s+on|on\s+,\s+off'` – Pawilon Jul 01 '15 at 16:26