Complete SELinux Administration & Troubleshooting Guide
Learn SELinux modes, contexts, booleans, and access-denial troubleshooting for secure Linux environments.
3) Advanced Linux Administration – Complete Tutorials
3.1) SELinux (Enforcing, Permissive, Troubleshooting)
SELinux Modes
Check mode:
getenforce
Set enforcing:
setenforce 1
Set permissive:
setenforce 0
Check Status
sestatus
File Contexts
View context:
ls -Z /var/www/html
Add custom context:
semanage fcontext -a -t httpd_sys_content_t "/project(/.*)?"
restorecon -Rv /project
Policy Troubleshooting
Check AVC denials:
ausearch -m avc -ts recent
Auto suggestions:
sealert -a /var/log/audit/audit.log
3.2) Kernel Upgrades & Tuning
Check Current Kernel
uname -r
List Available Kernels
dnf list kernel
Install Latest Kernel
dnf install kernel
Tuning Using sysctl
View:
sysctl -a
Set temporarily:
sysctl -w net.ipv4.tcp_syncookies=1
Make permanent:
echo "net.ipv4.tcp_syncookies=1" >> /etc/sysctl.conf
sysctl -p
3.3) GRUB Recovery & Boot Troubleshooting
GRUB Rescue Mode Fix
In:
grub rescue>
Run:
ls
set prefix=(hd0,msdos1)/boot/grub2
set root=(hd0,msdos1)
insmod normal
normal
Rebuild GRUB
grub2-install /dev/sda
grub2-mkconfig -o /boot/grub2/grub.cfg
3.4) yum/dnf Package Management (Advanced)
Check History
dnf history
Rollback:
dnf history undo 20
Clean Repos
dnf clean all
dnf makecache
Version Lock
Install:
dnf install python3-dnf-plugin-versionlock
Lock:
dnf versionlock add kernel
3.5) Monitoring Tools: top, ps, sar, vmstat, iostat
top
Start:
top
Sort by memory (Shift+M).
ps
Top CPU processes:
ps aux --sort=-%cpu | head
sar
Enable:
systemctl enable --now sysstat
CPU report:
sar -u 1 5
vmstat
vmstat 2 5
iostat
iostat -xz 2
3.6) Multipathing
Install Multipath Tools
dnf install device-mapper-multipath
mpathconf --enable --with_multipathd y
Check Multipath Devices
multipath -ll
Sample output:
mpatha (36000d3100435a3bd12c...) dm-2
3.7) iSCSI Target & Initiator
On Target Server
Start tool:
targetcli
Create disk:
/backstores/fileio create disk1 /storage/d1.img 10G
Create target:
/iscsi create iqn.2025-01.com.example:share
Map LUN:
/iscsi/.../tpg1/luns create /backstores/fileio/disk1
Set ACL:
/iscsi/.../tpg1/acls create iqn.client.node
On Initiator
Install:
dnf install iscsi-initiator-utils
Discover targets:
iscsiadm -m discovery -t st -p <server-ip>
Login:
iscsiadm -m node --login
Check disk:
lsblk
3.8) NTP Configuration
Install:
dnf install chrony
systemctl enable --now chronyd
Add NTP server:
server 0.pool.ntp.org iburst
Check sync:
chronyc sources
chronyc tracking
3.9) High Availability (HA) Concepts
Key HA Components
| ComponentDescription | |
| Pacemaker | Manages cluster resources |
| Corosync | Messaging between nodes |
| Fencing/STONITH | Isolates failed nodes |
| Quorum | Minimum votes to keep cluster active |
Example Pacemaker Resource
pcs resource create Web apache
