FlatKey.selinux

Panoramica Versioni Approfondimenti

ansible-selinux-role

=========

This role helps you set up and manage SELinux.

Configuration Options:

  • policy: Specify the SELinux policy mode.
  • state: Define the state of SELinux (enforcing, permissive, or disabled).
  • booleans: Control various SELinux options.
  • ports: Set the ports SELinux uses.
  • fcontexts: Manage file contexts for SELinux.

Requirements

  • This role has been tested only on RHEL 7 and CentOS 7.
  • Ansible version 2.0 or higher is needed.

Role Variables

You don't need to use all the variables. Pick only what you need.

Configure SELinux Policy and State:

selinux_config: (optional, default: /etc/selinux/config)
selinux_policy: (optional, default: targeted)
selinux_state:  (optional, values: enforcing | permissive | disabled, default: enforcing)

Toggle SELinux Booleans:

selinux_boolean: 
  name_of_selinux_boolean:
    state: (optional, values: yes | no, default: yes)
    persistent: (optional, values: yes | no, default: yes)

Configure SELinux Ports:

selinux_ports: 
  name_of_selinux_type:
    ports: (required, specify a port or range)
    protocol: (optional, values: tcp | udp, default: tcp)
    state: (optional, values: present | absent, default: present)

Configure SELinux File Contexts:

selinux_fcontext: 
  name_of_selinux_fcontext: (your choice for clarity in your playbook)
    file_spec: (required, regex to define affected files)
    setype: (required, existing SELinux type for labeling files)
    ftype: (optional, values: a | b | c | d | f | l | p | s; for file type, default: a - all files)
    state: (optional, values: present | absent, default: present)

Example Playbook

- hosts: server
  become: yes
  become_user: root
  become_method: su
  roles:
    - { role: ansible-selinux-role }
  vars:
    selinux_policy: "targeted"
    selinux_state: "enforcing"
    selinux_boolean:
      antivirus_can_scan_system:
        state: yes
        persistent: yes
      httpd_can_sendmail:
        state: yes
        persistent: yes
    selinux_ports:
      ssh_port_t:
        ports: 2222
        protocol: tcp
        state: present
      http_port_t:
        ports: 9000-9004
        protocol: tcp
        state: present
    selinux_fcontext:
      vcloud_documentroot:
        file_spec: "/srv/www(.*)"
        setype: httpd_sys_rw_content_t
        ftype: a
        state: present

License

MIT

Informazioni sul progetto

SELinux configuration through variables

role centos centos6 centos7 rhel rhel6 rhel7 security selinux system
Installa
ansible-galaxy install FlatKey.selinux
GitHub repository
1 stelle
2 fork
1 problemi aperti
Licenza
mit
Download
201
Proprietario