EDR Server: How to modify SELinux security contexts
Article ID: 290227
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
How to use the cbcheck utility to apply correct SELinux security contexts to resolve cb-enterprise service start issues.
Environment
- EDR (Formerly CB Response) Server: All Versions
- CentOS: 7.x and Higher
- Red Hat: 7.x and Higher
- SELinux enabled
Resolution
1. On each EDR server, find out if there are any SELinux security context mismatches:
2. If there are no mismatches, do not proceed with these steps.
3. If mismatches are present, first ensure services are stopped by following the stop section in https://community.carbonblack.com/t5/Knowledge-Base/CB-Response-How-to-restart-server-services/ta-p/41294. Do not start services.
4. Apply the correct SELinux security contexts:
/usr/share/cb/cbcheck selinux --mismatch
2. If there are no mismatches, do not proceed with these steps.
3. If mismatches are present, first ensure services are stopped by following the stop section in https://community.carbonblack.com/t5/Knowledge-Base/CB-Response-How-to-restart-server-services/ta-p/41294. Do not start services.
4. Apply the correct SELinux security contexts:
/usr/share/cb/cbcheck selinux --apply5. Confirm there are no mismatches:
/usr/share/cb/cbcheck selinux --mismatch6. Start services: https://community.carbonblack.com/t5/Knowledge-Base/CB-Response-How-to-restart-server-services/ta-p/41294
Additional Information
To check if SELinux is enabled, use the following command:
$ sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 24 Policy from config file: targeted
Feedback
Yes
No
Powered by
