radzewi
Mission Specialist
Mission Specialist
  • 490 Views

review LAB - Restricting USB Device Access and Mitigating Risk with SELinux - selinux user

Hello team,

I think this might be some issue with Lab: Restricting Access to USB Devices and Mitigating Risks in SELinux.

According to the lab instructions, you need to configure a devops user who cannot use the su command, but can use sudo and log in using ssh.

This LAB's solution guide shows that we should use sysadm_u, but that doesn't limit the use of su... Why isn't it staff_u?

2 Replies
Chetan_Tiwary_
Moderator
Moderator
  • 440 Views

Hello @radzewi !
I see that what you stated is correct :

Chetan_Tiwary__0-1704215764258.png

as step 9 in ch12s04 ( RH415v7.5 )  is asking to restrict su but  not sudo :

Chetan_Tiwary__1-1704215926612.png

I will report this issue to the curriculum team for rectification / explanation. Thanks for your time and reporting this here.

For the new v9 RH415 course ( in progress as of now ) - I dont see this comp review lab yet but this feedback will definitely help in such lab scenarios.

Ravi_Shanker
Flight Engineer
Flight Engineer
  • 374 Views

Additional learning I got is the new user confine selinux context settings would come in effect for fresh login to user. Logging in to user using su after changes and trying to test the new settings does not work. This is  mentioned in the security guide but could not find in training. Thought this might be useful to share. Silly issue but I was trying to make settings work in my home lab for quite some time with no success as I had not taken a fresh login session.

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/selinux_users_a...

Chapter 6

Ravi_Shanker_0-1704642104808.png

 

Certification ID: 111-010-393
Tags (1)
0 Kudos
Join the discussion
You must log in to join this conversation.