selinux + security updates fedora

2024-12-21 16:26:31 +01:00 · 2024-12-21 16:26:31 +01:00 · d46016d4a2
commit d46016d4a2
parent 9f8bb9b893
2 changed files with 80 additions and 0 deletions
--- a/automatic-updates.md
+++ b/automatic-updates.md
@ -0,0 +1,51 @@
+# fedora automatic security updates
+
+
+```
+sudo dnf install dnf-automatic
+```
+
+in /etc/dnf/automatic.conf
+
+```
+[commands]
+upgrade_type = security
+download_updates = yes
+apply_updates = yes
+reboot = never
+
+```
+```
+sudo systemctl enable --now dnf-automatic.timer
+```
+<br>
+
+##  change auto-update schedule
+
+in /usr/lib/systemd/system/dnf-automatic-install.timer
+
+```
+[Unit]
+Description=dnf-automatic-install timer
+# See comment in dnf-makecache.service
+ConditionPathExists=!/run/ostree-booted
+Wants=network-online.target
+
+[Timer]
+######################## LINE BELOW IS SCHEDULE
+OnCalendar=*-*-* 1:30  # everyday at 1:30 am
+########################
+RandomizedDelaySec=60m # randomized between 1:30 and 2:30
+Persistent=true
+
+[Install]
+WantedBy=timers.target
+
+```
+
+check timers
+
+```  
+systemctl list-timers	# all timers
+systemctl cat dnf-automatic-install.timer	# only auto-update timer
+```
--- a/selinux.md
+++ b/selinux.md
@ -0,0 +1,29 @@
+## context
+```
+# ls -Z /bin/file
+unconfined_u:object_r:user_home_t:s0 /bin/file
+```
+list selinux context of file or directory  
+user (unconfined_u), role (object_r), type (user_home_t), and level (s0)
+
+### change type context
+```
+# semanage fcontext -a -t bin_t /bin/file
+```
+apply change
+```
+# restorecon -vR /bin
+Relabeled /bin/file from unconfined_u:object_r:user_home_t:s0 to unconfined_u:object_r:bin_t:s0
+
+```
+
+### change user context
+```
+# semanage fcontext -m -t bin_t -s system_u /bin/file
+```
+apply change
+```
+# restorecon -vF /bin/file
+Relabeled /usr/bin/file from unconfined_u:object_r:bin_t:s0 to system_u:object_r:bin_t:s0
+# restorecon -R for recursive
+```