• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

sesearch: command not found

by admin

The seinfo and sesearch utilities can assist users in performing single-step analysis: they either provide immediate information about a SELinux object (which is mainly what seinfo is about) or are capable of querying direct SELinux rules (which is the scope of sesearch). These utilities are provided through the setools package.

Where the seinfo application displays information about SELinux objects, the sesearch application is used to query SELinux rules and behavior information between a source and a target resource.

For example to print out every httpd policy rule available, you can use the below command:

# sesearch --allow | grep httpd_t

If you encounter the below error:

sesearch: command not found

you may try installing the below package as per your choice of distribution.

Distribution Command
Debian apt-get install setools
Ubuntu apt-get install setools
Kali Linux apt-get install setools
CentOS yum install setools-console
Fedora dnf install setools-console
Raspbian apt-get install setools

Summary

We have been using the sesearch application to query standard allow rules (type enforcement related access controls) as well as the impact of SELinux booleans on these allow rules. The sesearch application allows us to not just query rules based on the rule type, but also filter out those rules that match a given source expression using –source (-s) and/or target expression using –target (-t).

The sesearch application can deal with indirect source or target information. For instance, when querying information related to the java_domain attribute, it will also display rules of all types that have this attribute. In the previous setools versions, this behavior can be disabled with the -d option. In the recent setools versions, this can be selectively used on either source (using -ds) or target (using -dt).

Filed Under: Linux

Some more articles you might also be interested in …

  1. Passwordless SSH not working for local users on LDAP servers – CentOS/RHEL 7
  2. How to Replace a Failed Btrfs Device
  3. Troubleshooting kdump Issues in CentOS/RHEL
  4. Red Hat / CentOS : How to create interface / NIC bonding
  5. Basic NFS Security – NFS, no_root_squash and SUID
  6. How to Mount Guest Qcow2 Virtual disk Image containing LVM on KVM Host Machine
  7. How to recover from deleted root entry in /etc/shadow and/or /etc/passwd files in CentOS / RHEL 6
  8. Dependency failed for NFS server and services
  9. How To Use distro-sync Option With dnf To Upgrade OS (CentOS/RHEL 8)
  10. How to enable SFTP Logging without chroot in CentOS/RHEL

You May Also Like

Primary Sidebar

Recent Posts

  • vgextend Command Examples in Linux
  • setpci command – configure PCI device
  • db_load command – generate db database
  • bsdtar command – Read and write tape archive files

© 2022 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright