はじめに
2023年3月15日、Announcing Amazon Linux 2023の通りにAmazon Linux 2023が発表されました。
従来のAmazon Linux 2との違いについては、Comparing Amazon Linux 2 and Amazon Linux 2023から確認できます。
本記事では上記What's Newの情報を踏まえて、主なポイントについて記載しています。
Amazon Linux 2023
What's NewよりAmazon Linux 2023 (AL2023)の記載があるので、本記事ではAL2023と記載しています。
End Of Life
AL2023のEnd Of Life(EOL)について、メジャーバージョンは2年ごとにリリースされます。
また、5年間のサポートが提供されます。
EOLの詳細については、Release cadenceから確認できます。
EOLを把握することで、アップグレードの計画立案が容易になります。
Security updates
AL2023の主な特徴は、Security updatesだと思います。
Security updatesの概要は以下の通りです。
- SELinux
- デフォルトはenabledかつpermissiveに設定されています。従ってSELinux ポリシーは強制されないのでオペレーションは拒否せず、AVC(Access Vector Cache)メッセージがログに記録されます。
- OpenSSL 3
- OpenSSLのバージョンは3です。OpenSSL3の詳細はOpenSSLの公式ドキュメントmigration_guideを参照。
- IMDSv2
- デフォルトはIMDSv2です。従って実行中のインスタンスからメタデータにアクセスするためのセキュリティが向上しています。IMDSv2の詳細はAWSの公式ドキュメントUse IMDSv2を参照。
検証
OS情報やインストールされている各パッケージのバージョン情報を確認します。
検証を行うためにCDKを用いてEC2インスタンスをデプロイします。
CDKでEC2インスタンスをデプロイする方法は、以前書いた以下の記事をご参考ください。
AMIの確認
AL2023のEC2インスタンスを起動するためには、AL2023のAMIに関する情報が必要です。
EC2のコンソール画面から起動する場合は、amazon linuxで検索することで確認できます。
AL2023のAMIについては、GitHubのamazon-linux-2023から以下の種類が確認できます。
- al2023-ami-kernel-6.1-arm64 for arm64 architecture
- al2023-ami-minimal-kernel-6.1-arm64 for arm64 architecture (minimal AMI)
- al2023-ami-kernel-6.1-x86_64 for x86_64 architecture
- al2023-ami-minimal-kernel-6.1-x86_64 for x86_64 architecture (minimal AMI)
AWS CLIを用いることでも確認できます。
bash-3.2$ aws ssm get-parameter --name "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64"
{
"Parameter": {
"Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64",
"Type": "String",
"Value": "ami-067871d950411e643",
"Version": 3,
"LastModifiedDate": "2023-03-16T02:46:57.468000+09:00",
"ARN": "arn:aws:ssm:ap-northeast-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64",
"DataType": "text"
}
}
例として、上述したAWS CDKでEC2をデプロイするよりAMIにal2023-ami-kernel-6.1-x86_64を指定する場合は、lib/ec2-cdk-stack.tsでAMIを以下のように指定します。
const machineImage = ec2.MachineImage.fromSsmParameter(
'/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64',
)
AMI IDは、各AWS リージョンで固有です。
上記ami-067871d950411e643は、本記事執筆時点で確認できた東京リージョンのAMI IDを指します。
検証結果
以下はami-067871d950411e643のAMIを基に起動したEC2インスタンスから確認できた情報です。
OS情報
OS情報を表示するには、以下のコマンドを実行します。
$ cat /etc/os-release
NAME="Amazon Linux"
VERSION="2023"
ID="amzn"
ID_LIKE="fedora"
VERSION_ID="2023"
PLATFORM_ID="platform:al2023"
PRETTY_NAME="Amazon Linux 2023"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2023"
HOME_URL="https://aws.amazon.com/linux/"
BUG_REPORT_URL="https://github.com/amazonlinux/amazon-linux-2023"
SUPPORT_END="2028-03-01"
カーネルバージョン
カーネルバージョンを表示するには、以下のコマンドを実行します。
$ uname -r
6.1.15-28.43.amzn2023.x86_64
インストールされているパッケージ
AL2023のパッケージ管理はDandified Yum(DNF)です。
DNFはYUMと同じように操作することができます。
DNFの使用例はPackage management toolを参照。
以下のコマンドを実行すると、現在インストールされているすべてのパッケージに関する期限を含めた情報を取得できます。
$ sudo dnf supportinfo --show installed
出力例
Last metadata expiration check: 0:57:46 ago on Thu Mar 23 11:36:32 2023.
libstoragemgmt 1.9.4-5.amzn2023.0.2 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
nfs-utils 2.5.4-2.rc3.amzn2023.0.3 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python-chevron 0.13.1-1.amzn2023.0.3 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3 3.9.16-1.amzn2023.0.3 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-audit 3.0.6-1.amzn2023.0.2 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-awscrt 0.16.7-1.amzn2023.0.1 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-cffi 1.14.5-1.amzn2023.0.2 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-cryptography 36.0.1-1.amzn2023.0.3 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-dbus 1.2.18-1.amzn2023.0.2 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-gpg 1.15.1-6.amzn2023.0.3 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-hawkey 0.67.0-1.amzn2023.0.5 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-libcomps 0.1.18-1.amzn2023.0.2 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-libdnf 0.67.0-1.amzn2023.0.5 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-libselinux 3.4-5.amzn2023.0.2 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-libsemanage 3.4-5.amzn2023.0.2 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-libstoragemgmt 1.9.4-5.amzn2023.0.2 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-markupsafe 1.1.1-10.amzn2023.0.2 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-netifaces 0.10.6-13.amzn2023.0.2 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-pyrsistent 0.17.3-6.amzn2023.0.2 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-pyyaml 5.4.1-2.amzn2023.0.2 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-rpm 4.16.1.3-12.amzn2023.0.5 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-ruamel-yaml 0.16.6-5.amzn2023.0.2 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-ruamel-yaml-clib 0.1.2-6.amzn2023.0.2 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-setools 4.4.0-9.amzn2023.0.2 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
acl 2.3.1-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
acpid 2.0.32-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
alternatives 1.15-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
amazon-ec2-net-utils 2.3.0-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
amazon-linux-repo-s3 2023.0.20230315-1.amzn2023 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
amazon-rpm-config 228-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
amazon-ssm-agent 3.1.1927.0-1.amzn2023 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
at 3.1.23-6.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
attr 2.5.1-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
audit 3.0.6-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
audit-libs 3.0.6-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
aws-cfn-bootstrap 2.0-23.amzn2023 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
awscli-2 2.9.19-1.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
basesystem 11-11.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
bash 5.2.15-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
bash-completion 2.11-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
bc 1.07.1-14.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
bind-libs 9.16.27-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
bind-license 9.16.27-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
bind-utils 9.16.27-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
binutils 2.39-6.amzn2023.0.5 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
boost-filesystem 1.75.0-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
boost-system 1.75.0-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
boost-thread 1.75.0-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
bzip2 1.0.8-6.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
bzip2-libs 1.0.8-6.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
c-ares 1.17.2-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
ca-certificates 2023.2.60-1.0.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
checkpolicy 3.4-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
chkconfig 1.15-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
chrony 4.3-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
cloud-init 22.2.2-1.amzn2023.1.7 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
cloud-utils-growpart 0.31-8.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
coreutils 8.32-30.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
coreutils-common 8.32-30.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
cpio 2.13-13.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
cracklib 2.9.6-27.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
cracklib-dicts 2.9.6-27.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
crontabs 1.11-24.20190603git.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
crypto-policies 20220428-1.gitdfb10ea.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
crypto-policies-scripts 20220428-1.gitdfb10ea.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
cryptsetup 2.6.1-1.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
cryptsetup-libs 2.6.1-1.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
curl-minimal 7.88.1-1.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
cyrus-sasl-lib 2.1.27-18.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
cyrus-sasl-plain 2.1.27-18.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
dbus 1.12.24-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
dbus-broker 32-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
dbus-common 1.12.24-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
dbus-libs 1.12.24-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
device-mapper 1.02.185-1.amzn2023.0.4 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
device-mapper-libs 1.02.185-1.amzn2023.0.4 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
diffutils 3.8-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
dnf 4.12.0-2.amzn2023.0.4 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
dnf-data 4.12.0-2.amzn2023.0.4 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
dnf-plugin-release-notification 1.2-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
dnf-plugin-support-info 1.0-2.amzn2023.0.5 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
dnf-plugins-core 4.1.0-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
dosfstools 4.2-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
dracut 055-6.amzn2023.0.6 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
dracut-config-ec2 3.0-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
dracut-config-generic 055-6.amzn2023.0.6 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
dwz 0.14-6.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
dyninst 10.2.1-6.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
e2fsprogs 1.46.5-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
e2fsprogs-libs 1.46.5-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
ec2-hibinit-agent 1.0.4-0.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
ec2-instance-connect 1.1-19.amzn2023 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
ec2-instance-connect-selinux 1.1-19.amzn2023 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
ec2-utils 2.0.1-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
ed 1.14.2-10.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
efi-filesystem 5-4.amzn2023.0.5 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
efi-srpm-macros 5-4.amzn2023.0.5 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
elfutils-debuginfod-client 0.188-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
elfutils-default-yama-scope 0.188-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
elfutils-libelf 0.188-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
elfutils-libs 0.188-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
ethtool 5.15-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
expat 2.5.0-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
file 5.39-7.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
file-libs 5.39-7.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
filesystem 3.14-5.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
findutils 4.8.0-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
fonts-srpm-macros 2.0.5-5.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
fstrm 0.6.1-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
fuse-libs 2.9.9-13.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
gawk 5.1.0-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
gdbm-libs 1.19-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
gdisk 1.0.8-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
gettext 0.21-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
gettext-libs 0.21-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
ghc-srpm-macros 1.5.0-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
glib2 2.73.2-680.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
glibc 2.34-52.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
glibc-all-langpacks 2.34-52.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
glibc-common 2.34-52.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
glibc-gconv-extra 2.34-52.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
glibc-locale-source 2.34-52.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
gmp 6.2.1-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
gnupg2-minimal 2.3.7-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
gnutls 3.7.8-359.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
go-srpm-macros 3.1.0-32.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
gpgme 1.15.1-6.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
gpm-libs 1.20.7-26.amzn2023.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
grep 3.8-1.amzn2023.0.4 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
groff-base 1.22.4-7.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
grub2-common 2.06-61.amzn2023.0.4 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
grub2-efi-x64-ec2 2.06-61.amzn2023.0.4 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
grub2-pc-modules 2.06-61.amzn2023.0.4 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
grub2-tools 2.06-61.amzn2023.0.4 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
grub2-tools-minimal 2.06-61.amzn2023.0.4 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
grubby 8.40-51.amzn2023.0.4 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
gssproxy 0.8.4-2.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
gzip 1.12-1.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
hostname 3.23-4.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
hunspell 1.7.0-9.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
hunspell-en 0.20140811.1-18.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
hunspell-en-GB 0.20140811.1-18.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
hunspell-en-US 0.20140811.1-18.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
hunspell-filesystem 1.7.0-9.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
hwdata 0.353-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
info 6.7-10.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
inih 49-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
initscripts 10.09-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
iproute 5.10.0-2.amzn2023.0.5 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
iputils 20210202-2.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
irqbalance 1.9.0-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
jansson 2.14-0.amzn2023 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
jitterentropy 3.4.1-4.amzn2023 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
json-c 0.14-8.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
kbd 2.4.0-2.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
kbd-misc 2.4.0-2.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
kernel 6.1.15-28.43.amzn2023 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
kernel-livepatch-repo-s3 2023.0.20230315-1.amzn2023 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
kernel-srpm-macros 1.0-14.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
kernel-tools 6.1.15-28.43.amzn2023 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
keyutils 1.6.1-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
keyutils-libs 1.6.1-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
kmod 29-2.amzn2023.0.5 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
kmod-libs 29-2.amzn2023.0.5 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
kpatch-runtime 0.9.7-8.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
krb5-libs 1.20.1-8.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
less 608-2.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libacl 2.3.1-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libaio 0.3.111-11.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libarchive 3.5.3-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libargon2 20171227-9.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libassuan 2.5.5-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libattr 2.5.1-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libbasicobjects 0.1.1-47.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libblkid 2.37.4-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libcap 2.48-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libcap-ng 0.8.2-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libcbor 0.7.0-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libcollection 0.7.0-47.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libcom_err 1.46.5-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libcomps 0.1.18-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libconfig 1.7.2-7.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libcurl-minimal 7.88.1-1.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libdb 5.3.28-49.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libdhash 0.5.0-47.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libdnf 0.67.0-1.amzn2023.0.5 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libeconf 0.4.0-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libedit 3.1-38.20210714cvs.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libev 4.33-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libevent 2.1.12-3.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libfdisk 2.37.4-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libffi 3.1-28.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libfido2 1.10.0-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libgcc 11.3.1-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libgcrypt 1.10.1-7.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libgomp 11.3.1-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libgpg-error 1.42-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libibverbs 37.0-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libidn2 2.3.2-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libini_config 1.3.1-47.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libkcapi 1.4.0-105.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libkcapi-hmaccalc 1.4.0-105.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libldb 2.6.1-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libmaxminddb 1.5.2-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libmetalink 0.1.3-14.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libmnl 1.0.4-13.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libmodulemd 2.13.0-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libmount 2.37.4-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libnfsidmap 2.5.4-2.rc3.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libnghttp2 1.51.0-1.amzn2023 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libnl3 3.5.0-6.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libpath_utils 0.2.1-47.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libpcap 1.10.1-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libpipeline 1.5.3-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libpkgconf 1.8.0-4.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libpsl 0.21.1-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libpwquality 1.4.4-6.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libref_array 0.1.5-47.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
librepo 1.14.2-1.amzn2023.0.4 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libreport-filesystem 2.15.2-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libseccomp 2.5.3-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libselinux 3.4-5.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libselinux-utils 3.4-5.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libsemanage 3.4-5.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libsepol 3.4-3.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libsigsegv 2.13-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libsmartcols 2.37.4-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libsolv 0.7.22-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libss 1.46.5-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libsss_certmap 2.5.0-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libsss_idmap 2.5.0-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libsss_nss_idmap 2.5.0-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libstdc++ 11.3.1-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libtalloc 2.3.4-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libtasn1 4.19.0-1.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libtdb 1.4.7-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libtevent 0.13.0-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libtextstyle 0.21-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libtirpc 1.3.3-0.amzn2023 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libunistring 0.9.10-10.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libuser 0.63-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libutempter 1.2.1-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libuuid 2.37.4-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libuv 1.44.1-156.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libverto 0.3.2-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libverto-libev 0.3.2-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libxcrypt 4.4.33-7.amzn2023 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libxml2 2.10.3-2.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libyaml 0.2.5-5.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libzstd 1.5.2-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
lm_sensors-libs 3.6.0-8.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
lmdb-libs 0.9.29-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
logrotate 3.20.1-2.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
lsof 4.94.0-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
lua-libs 5.4.4-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
lua-srpm-macros 1-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
lz4-libs 1.9.4-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
man-db 2.9.3-3.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
man-pages 5.10-2.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
microcode_ctl 2.1-53.amzn2023 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
mpfr 4.1.0-7.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
nano 5.8-3.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
ncurses 6.2-4.20200222.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
ncurses-base 6.2-4.20200222.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
ncurses-libs 6.2-4.20200222.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
net-tools 2.0-0.59.20160912git.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
nettle 3.8-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
newt 0.52.21-9.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
npth 1.6-6.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
nspr 4.35.0-4.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
nss 3.88.1-1.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
nss-softokn 3.88.1-1.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
nss-softokn-freebl 3.88.1-1.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
nss-sysinit 3.88.1-1.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
nss-util 3.88.1-1.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
ntsysv 1.15-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
numactl-libs 2.0.14-3.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
ocaml-srpm-macros 6-6.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
openblas-srpm-macros 2-9.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
openldap 2.4.57-6.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
openssh 8.7p1-8.amzn2023.0.4 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
openssh-clients 8.7p1-8.amzn2023.0.4 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
openssh-server 8.7p1-8.amzn2023.0.4 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
openssl 3.0.8-1.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
openssl-libs 3.0.8-1.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
openssl-pkcs11 0.4.12-3.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
os-prober 1.77-7.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
p11-kit 0.24.1-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
p11-kit-trust 0.24.1-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
package-notes-srpm-macros 0.4-18.amzn2023.0.5 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
pam 1.5.1-8.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
parted 3.4-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
passwd 0.80-10.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
pciutils 3.7.0-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
pciutils-libs 3.7.0-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
pcre2 10.40-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
pcre2-syntax 10.40-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Carp 1.50-458.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Class-Struct 0.66-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-DynaLoader 1.47-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Encode 3.15-462.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Errno 1.30-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Exporter 5.74-459.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Fcntl 1.13-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-File-Basename 2.85-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-File-Path 2.18-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-File-Temp 0.231.100-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-File-stat 1.09-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Getopt-Long 2.52-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Getopt-Std 1.12-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-HTTP-Tiny 0.078-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-IO 1.43-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-IPC-Open3 1.21-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-MIME-Base64 3.16-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-POSIX 1.94-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-PathTools 3.78-459.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Pod-Escapes 1.07-458.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Pod-Perldoc 3.28.01-459.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Pod-Simple 3.42-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Pod-Usage 2.01-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Scalar-List-Utils 1.56-459.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-SelectSaver 1.02-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Socket 2.032-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Storable 3.21-458.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Symbol 1.08-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Term-ANSIColor 5.01-459.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Term-Cap 1.17-458.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Text-ParseWords 3.30-458.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Time-Local 1.300-5.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-constant 1.33-459.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-if 0.60.800-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-interpreter 5.32.1-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-libs 5.32.1-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-mro 1.23-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-overload 1.31-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-overloading 0.02-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-parent 0.238-458.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-podlators 4.14-458.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-srpm-macros 1-39.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-subs 1.03-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-vars 1.05-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
pkgconf 1.8.0-4.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
pkgconf-m4 1.8.0-4.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
pkgconf-pkg-config 1.8.0-4.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
policycoreutils 3.4-6.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
policycoreutils-python-utils 3.4-6.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
popt 1.18-6.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
procps-ng 3.3.17-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
protobuf-c 1.4.1-2.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
psacct 6.6.4-9.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
psmisc 23.4-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
publicsuffix-list-dafsa 20221208-60.amzn2023 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python-srpm-macros 3.9-41.amzn2023.0.5 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-attrs 20.3.0-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-babel 2.9.1-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-chardet 4.0.0-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-colorama 0.4.4-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-configobj 5.0.6-23.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-daemon 2.3.0-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-dateutil 2.8.1-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-distro 1.5.0-5.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-dnf 4.12.0-2.amzn2023.0.4 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-dnf-plugins-core 4.1.0-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-docutils 0.16-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-idna 2.10-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-jinja2 2.11.3-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-jmespath 0.10.0-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-jsonpatch 1.21-14.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-jsonpointer 2.0-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-jsonschema 3.2.0-9.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-libs 3.9.16-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-lockfile 0.12.2-5.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-oauthlib 3.0.2-9.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-pip-wheel 21.3.1-2.amzn2023.0.5 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-ply 3.11-11.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-policycoreutils 3.4-6.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-prettytable 0.7.2-25.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-prompt-toolkit 3.0.24-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-pycparser 2.20-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-pyserial 3.4-10.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-pysocks 1.7.1-8.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-pytz 2022.7.1-1.amzn2023 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-requests 2.25.1-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-setuptools 59.6.0-2.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-setuptools-wheel 59.6.0-2.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-six 1.15.0-5.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-urllib3 1.25.10-5.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-wcwidth 0.2.5-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
quota 4.06-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
quota-nls 4.06-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
readline 8.1-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
rng-tools 6.14-1.git.56626083.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
rootfiles 8.1-29.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
rpcbind 1.2.6-0.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
rpm 4.16.1.3-12.amzn2023.0.5 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
rpm-build-libs 4.16.1.3-12.amzn2023.0.5 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
rpm-libs 4.16.1.3-12.amzn2023.0.5 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
rpm-plugin-selinux 4.16.1.3-12.amzn2023.0.5 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
rpm-plugin-systemd-inhibit 4.16.1.3-12.amzn2023.0.5 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
rpm-sign-libs 4.16.1.3-12.amzn2023.0.5 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
rsync 3.2.6-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
rust-srpm-macros 21-42.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
screen 4.8.0-5.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
sed 4.8-7.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
selinux-policy 36.16-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
selinux-policy-targeted 36.16-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
setup 2.13.7-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
shadow-utils 4.9-12.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
slang 2.3.2-9.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
sqlite-libs 3.40.0-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
sssd-client 2.5.0-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
sssd-common 2.5.0-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
sssd-kcm 2.5.0-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
strace 5.16-2.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
sudo 1.9.12-1.p2.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
sysctl-defaults 1.0-3.amzn2023 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
sysstat 12.5.6-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
system-release 2023.0.20230315-1.amzn2023 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
systemd 252.4-1161.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
systemd-libs 252.4-1161.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
systemd-networkd 252.4-1161.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
systemd-pam 252.4-1161.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
systemd-resolved 252.4-1161.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
systemd-udev 252.4-1161.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
systemtap-runtime 4.8-3.amzn2023.0.5 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
tar 1.34-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
tbb 2020.3-7.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
tcpdump 4.99.1-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
tcsh 6.24.07-1.amzn2023 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
time 1.9-16.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
traceroute 2.1.0-13.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
tzdata 2022g-1.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
unzip 6.0-57.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
update-motd 2.0-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
userspace-rcu 0.12.1-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
util-linux 2.37.4-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
util-linux-core 2.37.4-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
vim-common 9.0.1314-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
vim-data 9.0.1314-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
vim-enhanced 9.0.1314-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
vim-filesystem 9.0.1314-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
vim-minimal 9.0.1314-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
wget 1.21.3-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
which 2.21-26.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
words 3.0-37.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
xfsdump 3.1.11-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
xfsprogs 5.18.0-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
xxhash-libs 0.8.0-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
xz 5.2.5-9.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
xz-libs 5.2.5-9.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
yum 4.12.0-2.amzn2023.0.4 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
zip 3.0-28.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
zlib 1.2.11-33.amzn2023.0.4 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
zstd 1.5.2-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
DNFsupportinfoはDNFのプラグインです。
GitHubのdnf-plugin-support-infoで公開されています。
OpenSSL
OpenSSLのバージョン情報を表示するには、以下のコマンドを実行します。
$ openssl version
OpenSSL 3.0.8 7 Feb 2023 (Library: OpenSSL 3.0.8 7 Feb 2023)
systemd
systemdに登録されたユニットファイルから、自動起動が有効になっているサービスを抽出するためには、以下のコマンドを実行します。
$ systemctl list-unit-files --type=service | grep enabled
amazon-ssm-agent.service enabled enabled
atd.service enabled enabledauditd.service enabled enabled
chronyd.service enabled enabledcloud-config.service enabled disabled
cloud-final.service enabled disabledcloud-init-local.service enabled disabled
cloud-init.service enabled disableddbus-broker.service enabled enabled
getty@.service enabled enabledhibinit-agent.service enabled enabled
import-state.service enabled enabledirqbalance.service enabled enabled
libstoragemgmt.service enabled enablednfs-convert.service enabled disabled
rngd.service enabled enabledrpmdb-rebuild.service enabled enabled
selinux-autorelabel-mark.service enabled enabledsshd.service enabled enabled
sssd.service enabled enabledsysstat.service enabled enabled
systemd-fsck-root.service enabled-runtime disabledsystemd-homed.service disabled enabled
systemd-network-generator.service enabled enabledsystemd-networkd-wait-online.service enabled disabled
systemd-networkd.service enabled enabledsystemd-pstore.service disabled enabled
systemd-remount-fs.service enabled-runtime disabledsystemd-resolved.service enabled enabled
update-motd.service enabled enabled
SELinux
SELinuxは強制アクセス制御(MAC:Mandatory Access Control)を実現するための実装です。
Linuxカーネル2.6で正式にサポートされ、セキュリティポリシーに基づき要求された操作(オブジェクト)に対して、許可や禁止のチェックを行います。
従って任意アクセス制御(DAC:Discretionary Access Control)より、細かなアクセス制限が可能です。
SELinuxでは以下に示す3つのセキュリティモデルを実装しています。
- Type Enforcement (TE)
- TEはプロセスがアクセスするリソースを制限するための重要な概念です。プロセスはドメインと呼ばれるラベル(識別子)が付与されます。また、ファイル、ディレクトリ、ソケットやポートなどはタイプと呼ばれるラベルに関連付けされます。
- 基本的にはディストリビュータが標準ポリシーをカスタマイズして配布しています。
- Role Based Access Control(RBAC)とドメイン遷移
- RBACはロールを基にユーザーのアクセス制御を行うことができる機能です。
- ドメイン遷移によって親プロセスと同じ権限を与えるのではなく、子プロセスに対して権限の制限を行い、最小権限での制御が可能です。
- Multi Level Security(MLS)
- MLSはベル・ラパドゥラモデルを強制します。
- RHELやFedoraなどではMLSを簡略化したMulti Category Security(MCS) と呼ばれるポリシーが搭載されています。MLSを使用するためには、別途パッケージをインストールし、MLSがデフォルトのSELinuxポリシーにするための設定が必要です。
SELinuxの現在のモードを確認するためには、以下のコマンドを実行します。
$ getenforce
Permissive
主な設定ファイルは/etc/selinux/configです。
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
# See also:
# https://docs.fedoraproject.org/en-US/quick-docs/getting-started-with-selinux/#getting-started-with-selinux-selinux-states-and-modes
#
# NOTE: In earlier Fedora kernel builds, SELINUX=disabled would also
# fully disable SELinux during boot. If you need a system with SELinux
# fully disabled instead of SELinux running with no policy loaded, you
# need to pass selinux=0 to the kernel command line. You can use grubby
# to persistently set the bootloader to boot with selinux=0:
#
# grubby --update-kernel ALL --args selinux=0
#
# To revert back to SELinux enabled:
#
# grubby --update-kernel ALL --remove-args selinux
#
SELINUX=permissive
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
SELinuxのコマンド
AL2023でも利用可能なSELinuxの状態を確認するためのコマンドについて以下に記載します。
- セキュリティコンテキストの表示
$ ps axZ
出力例
LABEL PID TTY STAT TIME COMMAND
system_u:system_r:init_t:s0 1 ? Ss 0:04 /usr/lib/systemd/systemd --switched-root --system --deserialize 32
system_u:system_r:kernel_t:s0 2 ? S 0:00 [kthreadd]
system_u:system_r:kernel_t:s0 3 ? I< 0:00 [rcu_gp]
system_u:system_r:kernel_t:s0 4 ? I< 0:00 [rcu_par_gp]
system_u:system_r:kernel_t:s0 5 ? I< 0:00 [slub_flushwq]
system_u:system_r:kernel_t:s0 6 ? I< 0:00 [netns]
system_u:system_r:kernel_t:s0 8 ? I< 0:00 [kworker/0:0H-events_highpri]
system_u:system_r:kernel_t:s0 10 ? I< 0:00 [mm_percpu_wq]
system_u:system_r:kernel_t:s0 11 ? I 0:00 [rcu_tasks_kthread]
system_u:system_r:kernel_t:s0 12 ? I 0:00 [rcu_tasks_rude_kthread]
system_u:system_r:kernel_t:s0 13 ? I 0:00 [rcu_tasks_trace_kthread]
system_u:system_r:kernel_t:s0 14 ? S 0:00 [ksoftirqd/0]
system_u:system_r:kernel_t:s0 15 ? I 0:00 [rcu_preempt]
system_u:system_r:kernel_t:s0 16 ? S 0:00 [migration/0]
system_u:system_r:kernel_t:s0 18 ? S 0:00 [cpuhp/0]
system_u:system_r:kernel_t:s0 20 ? S 0:00 [kdevtmpfs]
system_u:system_r:kernel_t:s0 21 ? I< 0:00 [inet_frag_wq]
system_u:system_r:kernel_t:s0 22 ? S 0:00 [kauditd]
system_u:system_r:kernel_t:s0 23 ? S 0:00 [khungtaskd]
system_u:system_r:kernel_t:s0 24 ? S 0:00 [oom_reaper]
system_u:system_r:kernel_t:s0 27 ? I< 0:00 [writeback]
system_u:system_r:kernel_t:s0 28 ? S 0:00 [kcompactd0]
system_u:system_r:kernel_t:s0 29 ? SN 0:00 [khugepaged]
system_u:system_r:kernel_t:s0 30 ? I< 0:00 [kintegrityd]
system_u:system_r:kernel_t:s0 31 ? I< 0:00 [kblockd]
system_u:system_r:kernel_t:s0 32 ? I< 0:00 [blkcg_punt_bio]
system_u:system_r:kernel_t:s0 33 ? S 0:00 [xen-balloon]
system_u:system_r:kernel_t:s0 34 ? I< 0:00 [tpm_dev_wq]
system_u:system_r:kernel_t:s0 35 ? I< 0:00 [md]
system_u:system_r:kernel_t:s0 36 ? I< 0:00 [edac-poller]
system_u:system_r:kernel_t:s0 37 ? S 0:00 [watchdogd]
system_u:system_r:kernel_t:s0 38 ? I< 0:00 [kworker/0:1H-kblockd]
system_u:system_r:kernel_t:s0 69 ? S 0:00 [kswapd0]
system_u:system_r:kernel_t:s0 72 ? I< 0:00 [xfsalloc]
system_u:system_r:kernel_t:s0 73 ? I< 0:00 [xfs_mru_cache]
system_u:system_r:kernel_t:s0 75 ? I< 0:00 [kthrotld]
system_u:system_r:kernel_t:s0 89 ? S 0:00 [xenbus]
system_u:system_r:kernel_t:s0 90 ? S 0:00 [xenwatch]
system_u:system_r:kernel_t:s0 125 ? I< 0:00 [nvme-wq]
system_u:system_r:kernel_t:s0 128 ? I< 0:00 [nvme-reset-wq]
system_u:system_r:kernel_t:s0 131 ? I< 0:00 [nvme-delete-wq]
system_u:system_r:kernel_t:s0 153 ? I< 0:00 [mld]
system_u:system_r:kernel_t:s0 154 ? I< 0:00 [ipv6_addrconf]
system_u:system_r:kernel_t:s0 165 ? I< 0:00 [kstrp]
system_u:system_r:kernel_t:s0 176 ? I< 0:00 [zswap-shrink]
system_u:system_r:kernel_t:s0 251 ? I< 0:00 [kworker/u31:0]
system_u:system_r:kernel_t:s0 962 ? I< 0:00 [xfs-buf/xvda1]
system_u:system_r:kernel_t:s0 963 ? I< 0:00 [xfs-conv/xvda1]
system_u:system_r:kernel_t:s0 964 ? I< 0:00 [xfs-reclaim/xvd]
system_u:system_r:kernel_t:s0 965 ? I< 0:00 [xfs-blockgc/xvd]
system_u:system_r:kernel_t:s0 966 ? I< 0:00 [xfs-inodegc/xvd]
system_u:system_r:kernel_t:s0 967 ? I< 0:00 [xfs-log/xvda1]
system_u:system_r:kernel_t:s0 968 ? I< 0:00 [xfs-cil/xvda1]
system_u:system_r:kernel_t:s0 969 ? S 0:00 [xfsaild/xvda1]
system_u:system_r:syslogd_t:s0 1025 ? Ss 0:00 /usr/lib/systemd/systemd-journald
system_u:system_r:udev_t:s0-s0:c0.c1023 1655 ? Ss 0:00 /usr/lib/systemd/systemd-udevd
system_u:system_r:systemd_resolved_t:s0 1659 ? Ss 0:00 /usr/lib/systemd/systemd-resolved
system_u:system_r:auditd_t:s0 1671 ? S<sl 0:00 /sbin/auditd
system_u:system_r:unconfined_service_t:s0 1718 ? Ss 0:00 /usr/bin/systemd-inhibit --what=handle-suspend-key:handle-hibernate-key --who=noah --why=acpid instead
system_u:system_r:lsmd_t:s0 1725 ? Ss 0:00 /usr/bin/lsmd -d
system_u:system_r:rngd_t:s0 1726 ? Ssl 0:12 /usr/sbin/rngd -f -x pkcs11 -x nist
system_u:system_r:sssd_t:s0 1727 ? Ss 0:00 /usr/sbin/sssd -i --logger=files
system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 1733 ? Ss 0:00 /usr/bin/dbus-broker-launch --scope system --audit
system_u:system_r:systemd_networkd_t:s0 1734 ? Ss 0:00 /usr/lib/systemd/systemd-networkd
system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 1742 ? S 0:00 dbus-broker --log 4 --controller 9 --machine-id a89b8c026e4f4121a3599063ab4a11af --max-bytes 5368709
system_u:system_r:chronyd_t:s0 1748 ? S 0:00 /usr/sbin/chronyd -F 2
system_u:system_r:gssproxy_t:s0 1760 ? Ssl 0:00 /usr/sbin/gssproxy -D
system_u:system_r:kernel_t:s0 1766 ? I< 0:00 [rpciod]
system_u:system_r:kernel_t:s0 1767 ? I< 0:00 [xprtiod]
system_u:system_r:sssd_t:s0 1769 ? S 0:00 /usr/libexec/sssd/sssd_be --domain implicit_files --uid 0 --gid 0 --logger=files
system_u:system_r:sssd_t:s0 1770 ? S 0:00 /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --logger=files
system_u:system_r:kernel_t:s0 1773 ? I< 0:00 [cryptd]
system_u:system_r:kernel_t:s0 1776 ? I< 0:00 [ata_sff]
system_u:system_r:kernel_t:s0 1807 ? S 0:00 [scsi_eh_0]
system_u:system_r:kernel_t:s0 1809 ? I< 0:00 [scsi_tmf_0]
system_u:system_r:kernel_t:s0 1813 ? S 0:00 [scsi_eh_1]
system_u:system_r:kernel_t:s0 1815 ? I< 0:00 [scsi_tmf_1]
system_u:system_r:systemd_logind_t:s0 1886 ? Ss 0:00 /usr/lib/systemd/systemd-logind
system_u:system_r:unconfined_service_t:s0 1917 ? S 0:00 /usr/sbin/acpid -f
system_u:system_r:unconfined_service_t:s0 2035 ? Ssl 0:00 /usr/bin/amazon-ssm-agent
system_u:system_r:crond_t:s0-s0:c0.c1023 2040 ? Ss 0:00 /usr/sbin/atd -f
system_u:system_r:getty_t:s0-s0:c0.c1023 2041 tty1 Ss+ 0:00 /sbin/agetty -o -p -- \u --noclear - linux
system_u:system_r:getty_t:s0-s0:c0.c1023 2042 ttyS0 Ss+ 0:00 /sbin/agetty -o -p -- \u --keep-baud 115200,57600,38400,9600 - vt220
system_u:system_r:sshd_t:s0-s0:c0.c1023 2051 ? Ss 0:00 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
system_u:system_r:unconfined_service_t:s0 2055 ? Sl 0:02 /usr/bin/ssm-agent-worker
system_u:system_r:systemd_userdbd_t:s0 2910 ? Ss 0:00 /usr/lib/systemd/systemd-userdbd
system_u:system_r:kernel_t:s0 4008 ? I 0:00 [kworker/u30:3-events_unbound]
system_u:system_r:unconfined_service_t:s0 4123 ? Sl 0:03 /usr/bin/ssm-session-worker kenichi.kato@supership.jp-0d7fefeac9d535277
system_u:system_r:unconfined_service_t:s0 4135 pts/0 Ss 0:00 sh
system_u:system_r:unconfined_service_t:s0 4136 pts/0 S 0:00 sudo su -
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 4139 ? Ss 0:00 /usr/lib/systemd/systemd --user
system_u:system_r:init_t:s0 4141 ? S 0:00 (sd-pam)
system_u:system_r:unconfined_service_t:s0 4148 pts/0 S 0:00 su -
system_u:system_r:unconfined_service_t:s0 4149 pts/0 S 0:00 -bash
system_u:system_r:kernel_t:s0 4973 ? I 0:00 [kworker/0:0-cgroup_destroy]
system_u:system_r:kernel_t:s0 5423 ? I 0:00 [kworker/u30:1-events_unbound]
system_u:system_r:kernel_t:s0 5543 ? I 0:00 [kworker/0:3-events]
system_u:system_r:systemd_userdbd_t:s0 5720 ? S 0:00 systemd-userwork
system_u:system_r:systemd_userdbd_t:s0 5721 ? S 0:00 systemd-userwork
system_u:system_r:systemd_userdbd_t:s0 5723 ? S 0:00 systemd-userwork
system_u:system_r:kernel_t:s0 5785 ? I 0:00 [kworker/0:1-cgroup_destroy]
system_u:system_r:unconfined_service_t:s0 5860 pts/0 R+ 0:00 ps axZ
- すべてのSELinuxブール値を一覧で表示
$ getsebool -a
出力例
abrt_anon_write --> off
abrt_handle_event --> off
abrt_upload_watch_anon_write --> on
antivirus_can_scan_system --> off
antivirus_use_jit --> off
auditadm_exec_content --> on
authlogin_nsswitch_use_ldap --> off
authlogin_radius --> off
authlogin_yubikey --> off
awstats_purge_apache_log_files --> off
boinc_execmem --> on
cdrecord_read_content --> off
cluster_can_network_connect --> off
cluster_manage_all_files --> off
cluster_use_execmem --> off
cobbler_anon_write --> off
cobbler_can_network_connect --> off
cobbler_use_cifs --> off
cobbler_use_nfs --> off
collectd_tcp_network_connect --> off
colord_use_nfs --> off
condor_tcp_network_connect --> off
conman_can_network --> off
conman_use_nfs --> off
cron_can_relabel --> off
cron_system_cronjob_use_shares --> off
cron_userdomain_transition --> on
cups_execmem --> off
cvs_read_shadow --> off
daemons_dontaudit_scheduling --> on
daemons_dump_core --> off
daemons_enable_cluster_mode --> off
daemons_use_tcp_wrapper --> off
daemons_use_tty --> off
dbadm_exec_content --> on
dbadm_manage_user_files --> off
dbadm_read_user_files --> off
deny_bluetooth --> off
deny_execmem --> off
deny_ptrace --> off
dhcpc_exec_iptables --> off
dhcpd_use_ldap --> off
dnsmasq_use_ipset --> off
domain_can_mmap_files --> off
domain_can_write_kmsg --> off
domain_fd_use --> on
domain_kernel_load_modules --> off
entropyd_use_audio --> on
exim_can_connect_db --> off
exim_manage_user_files --> off
exim_read_user_files --> off
fcron_crond --> off
fenced_can_network_connect --> off
fenced_can_ssh --> off
fips_mode --> on
ftpd_anon_write --> off
ftpd_connect_all_unreserved --> off
ftpd_connect_db --> off
ftpd_full_access --> off
ftpd_use_cifs --> off
ftpd_use_fusefs --> off
ftpd_use_nfs --> off
ftpd_use_passive_mode --> off
git_cgi_enable_homedirs --> off
git_cgi_use_cifs --> off
git_cgi_use_nfs --> off
git_session_bind_all_unreserved_ports --> off
git_session_users --> off
git_system_enable_homedirs --> off
git_system_use_cifs --> off
git_system_use_nfs --> off
gitosis_can_sendmail --> off
glance_api_can_network --> off
glance_use_execmem --> off
glance_use_fusefs --> off
global_ssp --> off
gluster_anon_write --> off
gluster_export_all_ro --> off
gluster_export_all_rw --> on
gluster_use_execmem --> off
gpg_web_anon_write --> off
gssd_read_tmp --> on
guest_exec_content --> on
haproxy_connect_any --> off
httpd_anon_write --> off
httpd_builtin_scripting --> on
httpd_can_check_spam --> off
httpd_can_connect_ftp --> off
httpd_can_connect_ldap --> off
httpd_can_connect_mythtv --> off
httpd_can_connect_zabbix --> off
httpd_can_manage_courier_spool --> off
httpd_can_network_connect --> off
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_relay --> off
httpd_can_sendmail --> off
httpd_dbus_avahi --> off
httpd_dbus_sssd --> off
httpd_dontaudit_search_dirs --> off
httpd_enable_cgi --> on
httpd_enable_ftp_server --> off
httpd_enable_homedirs --> off
httpd_execmem --> off
httpd_graceful_shutdown --> off
httpd_manage_ipa --> off
httpd_mod_auth_ntlm_winbind --> off
httpd_mod_auth_pam --> off
httpd_read_user_content --> off
httpd_run_ipa --> off
httpd_run_preupgrade --> off
httpd_run_stickshift --> off
httpd_serve_cobbler_files --> off
httpd_setrlimit --> off
httpd_ssi_exec --> off
httpd_sys_script_anon_write --> off
httpd_tmp_exec --> off
httpd_tty_comm --> off
httpd_unified --> off
httpd_use_cifs --> off
httpd_use_fusefs --> off
httpd_use_gpg --> off
httpd_use_nfs --> off
httpd_use_opencryptoki --> off
httpd_use_openstack --> off
httpd_use_sasl --> off
httpd_verify_dns --> off
icecast_use_any_tcp_ports --> off
init_audit_control --> off
init_create_dirs --> on
irc_use_any_tcp_ports --> off
irssi_use_full_network --> off
kdumpgui_run_bootloader --> off
keepalived_connect_any --> off
kerberos_enabled --> on
ksmtuned_use_cifs --> off
ksmtuned_use_nfs --> off
logadm_exec_content --> on
logging_syslogd_append_public_content --> off
logging_syslogd_can_sendmail --> off
logging_syslogd_list_non_security_dirs --> off
logging_syslogd_run_nagios_plugins --> off
logging_syslogd_use_tty --> on
login_console_enabled --> on
logrotate_read_inside_containers --> off
logrotate_use_cifs --> off
logrotate_use_fusefs --> off
logrotate_use_nfs --> off
logwatch_can_network_connect_mail --> off
lsmd_plugin_connect_any --> off
mailman_use_fusefs --> off
mcelog_client --> off
mcelog_exec_scripts --> on
mcelog_foreground --> off
mcelog_server --> off
minidlna_read_generic_user_content --> off
mmap_low_allowed --> off
mock_enable_homedirs --> off
mount_anyfile --> on
mozilla_plugin_bind_unreserved_ports --> off
mozilla_plugin_can_network_connect --> on
mozilla_plugin_use_bluejeans --> off
mozilla_plugin_use_gps --> off
mozilla_plugin_use_spice --> off
mozilla_read_content --> off
mpd_enable_homedirs --> off
mpd_use_cifs --> off
mpd_use_nfs --> off
mplayer_execstack --> off
mysql_connect_any --> off
mysql_connect_http --> off
nagios_run_pnp4nagios --> off
nagios_run_sudo --> off
nagios_use_nfs --> off
named_tcp_bind_http_port --> off
named_write_master_zones --> on
neutron_can_network --> off
nfs_export_all_ro --> on
nfs_export_all_rw --> on
nfsd_anon_write --> off
nis_enabled --> off
nscd_use_shm --> on
openfortivpn_can_network_connect --> on
openshift_use_nfs --> off
openvpn_can_network_connect --> on
openvpn_enable_homedirs --> on
openvpn_run_unconfined --> off
pcp_bind_all_unreserved_ports --> off
pcp_read_generic_logs --> off
pdns_can_network_connect_db --> off
piranha_lvs_can_network_connect --> off
polipo_connect_all_unreserved --> off
polipo_session_bind_all_unreserved_ports --> off
polipo_session_users --> off
polipo_use_cifs --> off
polipo_use_nfs --> off
polyinstantiation_enabled --> off
postfix_local_write_mail_spool --> on
postgresql_can_rsync --> off
postgresql_selinux_transmit_client_label --> off
postgresql_selinux_unconfined_dbadm --> on
postgresql_selinux_users_ddl --> on
pppd_can_insmod --> off
pppd_for_user --> off
privoxy_connect_any --> on
prosody_bind_http_port --> off
puppetagent_manage_all_files --> off
puppetmaster_use_db --> off
racoon_read_shadow --> off
radius_use_jit --> off
redis_enable_notify --> off
rngd_execmem --> off
rpcd_use_fusefs --> off
rsync_anon_write --> off
rsync_client --> off
rsync_export_all_ro --> off
rsync_full_access --> off
rsync_sys_admin --> off
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> off
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_load_libgfapi --> off
samba_portmapper --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_enable_home_dirs --> off
sanlock_use_fusefs --> off
sanlock_use_nfs --> off
sanlock_use_samba --> off
saslauthd_read_shadow --> off
screen_allow_session_sharing --> off
secadm_exec_content --> on
secure_mode --> off
secure_mode_insmod --> off
secure_mode_policyload --> off
selinuxuser_direct_dri_enabled --> on
selinuxuser_execheap --> off
selinuxuser_execmod --> on
selinuxuser_execstack --> on
selinuxuser_mysql_connect_enabled --> off
selinuxuser_ping --> on
selinuxuser_postgresql_connect_enabled --> off
selinuxuser_rw_noexattrfile --> on
selinuxuser_share_music --> off
selinuxuser_tcp_server --> off
selinuxuser_udp_server --> off
selinuxuser_use_ssh_chroot --> off
sge_domain_can_network_connect --> off
sge_use_nfs --> off
smartmon_3ware --> off
smbd_anon_write --> off
spamassassin_can_network --> off
spamd_enable_home_dirs --> on
spamd_update_can_network --> off
squid_connect_any --> on
squid_use_tproxy --> off
ssh_chroot_rw_homedirs --> off
ssh_keysign --> off
ssh_sysadm_login --> off
ssh_use_tcpd --> off
sslh_can_bind_any_port --> off
sslh_can_connect_any_port --> off
sssd_access_kernel_keys --> off
sssd_connect_all_unreserved_ports --> off
staff_exec_content --> on
staff_use_svirt --> off
swift_can_network --> off
sysadm_exec_content --> on
systemd_socket_proxyd_bind_any --> off
systemd_socket_proxyd_connect_any --> off
telepathy_connect_all_ports --> off
telepathy_tcp_connect_generic_network_ports --> on
tftp_anon_write --> off
tftp_home_dir --> off
tmpreaper_use_cifs --> off
tmpreaper_use_nfs --> off
tmpreaper_use_samba --> off
tomcat_can_network_connect_db --> off
tomcat_read_rpm_db --> off
tomcat_use_execmem --> off
tor_bind_all_unreserved_ports --> off
tor_can_network_relay --> off
tor_can_onion_services --> off
unconfined_chrome_sandbox_transition --> on
unconfined_dyntrans_all --> off
unconfined_login --> on
unconfined_mozilla_plugin_transition --> on
unprivuser_use_svirt --> off
use_ecryptfs_home_dirs --> off
use_fusefs_home_dirs --> off
use_lpd_server --> off
use_nfs_home_dirs --> off
use_samba_home_dirs --> off
use_virtualbox --> on
user_exec_content --> on
varnishd_connect_any --> off
virt_lockd_blk_devs --> off
virt_qemu_ga_read_nonsecurity_files --> off
virt_read_qemu_ga_data --> off
virt_rw_qemu_ga_data --> off
virt_sandbox_share_apache_content --> off
virt_sandbox_use_all_caps --> on
virt_sandbox_use_audit --> on
virt_sandbox_use_fusefs --> off
virt_sandbox_use_mknod --> off
virt_sandbox_use_netlink --> off
virt_sandbox_use_sys_admin --> off
virt_transition_userdomain --> off
virt_use_comm --> off
virt_use_execmem --> off
virt_use_fusefs --> off
virt_use_glusterd --> off
virt_use_nfs --> off
virt_use_pcscd --> off
virt_use_rawip --> off
virt_use_samba --> off
virt_use_sanlock --> off
virt_use_usb --> on
virt_use_xserver --> off
webadm_manage_user_files --> off
webadm_read_user_files --> off
wine_mmap_zero_ignore --> off
xdm_bind_vnc_tcp_port --> off
xdm_exec_bootloader --> off
xdm_manage_bootloader --> on
xdm_sysadm_login --> off
xdm_write_home --> off
xen_use_nfs --> off
xend_run_blktap --> on
xend_run_qemu --> on
xguest_connect_network --> on
xguest_exec_content --> on
xguest_mount_media --> on
xguest_use_bluetooth --> on
xserver_clients_write_xshm --> off
xserver_execmem --> off
xserver_object_manager --> off
zabbix_can_network --> off
zabbix_run_sudo --> off
zarafa_setrlimit --> off
zebra_write_config --> off
zoneminder_anon_write --> off
zoneminder_run_sudo --> off
- SELinuxポリシーで定義されているブール値を一覧で表示
$ semanage boolean -l
出力例
SELinux boolean State Default Description
abrt_anon_write (off , off) Allow abrt to anon write
abrt_handle_event (off , off) Allow abrt to handle event
abrt_upload_watch_anon_write (on , on) Allow abrt to upload watch anon write
antivirus_can_scan_system (off , off) Allow antivirus to can scan systemantivirus_use_jit (off , off) Allow antivirus to use jit
auditadm_exec_content (on , on) Allow auditadm to exec contentauthlogin_nsswitch_use_ldap (off , off) Allow authlogin to nsswitch use ldap
authlogin_radius (off , off) Allow authlogin to radiusauthlogin_yubikey (off , off) Allow authlogin to yubikey
awstats_purge_apache_log_files (off , off) Allow awstats to purge apache log filesboinc_execmem (on , on) Allow boinc to execmemcdrecord_read_content (off , off) Allow cdrecord to read content
cluster_can_network_connect (off , off) Allow cluster to can network connectcluster_manage_all_files (off , off) Allow cluster to manage all files
cluster_use_execmem (off , off) Allow cluster to use execmemcobbler_anon_write (off , off) Allow cobbler to anon write
cobbler_can_network_connect (off , off) Allow cobbler to can network connectcobbler_use_cifs (off , off) Allow cobbler to use cifs
cobbler_use_nfs (off , off) Allow cobbler to use nfscollectd_tcp_network_connect (off , off) Allow collectd to tcp network connectcolord_use_nfs (off , off) Allow colord to use nfs
condor_tcp_network_connect (off , off) Allow condor to tcp network connect
conman_can_network (off , off) Allow conman to can network
conman_use_nfs (off , off) Allow conman to use nfs
cron_can_relabel (off , off) Allow cron to can relabelcron_system_cronjob_use_shares (off , off) Allow cron to system cronjob use shares
cron_userdomain_transition (on , on) Allow cron to userdomain transition
cups_execmem (off , off) Allow cups to execmem
cvs_read_shadow (off , off) Allow cvs to read shadow
daemons_dontaudit_scheduling (on , on) Allow daemons to dontaudit scheduling
daemons_dump_core (off , off) Allow daemons to dump core
daemons_enable_cluster_mode (off , off) Allow daemons to enable cluster mode
daemons_use_tcp_wrapper (off , off) Allow daemons to use tcp wrapper
daemons_use_tty (off , off) Allow daemons to use tty
dbadm_exec_content (on , on) Allow dbadm to exec content
dbadm_manage_user_files (off , off) Allow dbadm to manage user files
dbadm_read_user_files (off , off) Allow dbadm to read user files
deny_bluetooth (off , off) Allow deny to bluetooth
deny_execmem (off , off) Allow deny to execmem
deny_ptrace (off , off) Allow deny to ptrace
dhcpc_exec_iptables (off , off) Allow dhcpc to exec iptables
dhcpd_use_ldap (off , off) Allow dhcpd to use ldap
dnsmasq_use_ipset (off , off) Allow dnsmasq to use ipset
domain_can_mmap_files (off , off) Allow domain to can mmap files
domain_can_write_kmsg (off , off) Allow domain to can write kmsg
domain_fd_use (on , on) Allow domain to fd use
domain_kernel_load_modules (off , off) Allow domain to kernel load modules
entropyd_use_audio (on , on) Allow entropyd to use audio
exim_can_connect_db (off , off) Allow exim to can connect db
exim_manage_user_files (off , off) Allow exim to manage user files
exim_read_user_files (off , off) Allow exim to read user files
fcron_crond (off , off) Allow fcron to crond
fenced_can_network_connect (off , off) Allow fenced to can network connect
fenced_can_ssh (off , off) Allow fenced to can ssh
fips_mode (on , on) Allow fips to mode
ftpd_anon_write (off , off) Allow ftpd to anon write
ftpd_connect_all_unreserved (off , off) Allow ftpd to connect all unreserved
ftpd_connect_db (off , off) Allow ftpd to connect db
ftpd_full_access (off , off) Allow ftpd to full access
ftpd_use_cifs (off , off) Allow ftpd to use cifs
ftpd_use_fusefs (off , off) Allow ftpd to use fusefs
ftpd_use_nfs (off , off) Allow ftpd to use nfs
ftpd_use_passive_mode (off , off) Allow ftpd to use passive mode
git_cgi_enable_homedirs (off , off) Allow git to cgi enable homedirs
git_cgi_use_cifs (off , off) Allow git to cgi use cifs
git_cgi_use_nfs (off , off) Allow git to cgi use nfs
git_session_bind_all_unreserved_ports (off , off) Allow git to session bind all unreserved ports
git_session_users (off , off) Allow git to session users
git_system_enable_homedirs (off , off) Allow git to system enable homedirs
git_system_use_cifs (off , off) Allow git to system use cifs
git_system_use_nfs (off , off) Allow git to system use nfs
gitosis_can_sendmail (off , off) Allow gitosis to can sendmail
glance_api_can_network (off , off) Allow glance to api can network
glance_use_execmem (off , off) Allow glance to use execmem
glance_use_fusefs (off , off) Allow glance to use fusefs
global_ssp (off , off) Allow global to ssp
gluster_anon_write (off , off) Allow gluster to anon write
gluster_export_all_ro (off , off) Allow gluster to export all ro
gluster_export_all_rw (on , on) Allow gluster to export all rw
gluster_use_execmem (off , off) Allow gluster to use execmem
gpg_web_anon_write (off , off) Allow gpg to web anon write
gssd_read_tmp (on , on) Allow gssd to read tmp
guest_exec_content (on , on) Allow guest to exec content
haproxy_connect_any (off , off) Allow haproxy to connect any
httpd_anon_write (off , off) Allow httpd to anon write
httpd_builtin_scripting (on , on) Allow httpd to builtin scripting
httpd_can_check_spam (off , off) Allow httpd to can check spam
httpd_can_connect_ftp (off , off) Allow httpd to can connect ftp
httpd_can_connect_ldap (off , off) Allow httpd to can connect ldap
httpd_can_connect_mythtv (off , off) Allow httpd to can connect mythtv
httpd_can_connect_zabbix (off , off) Allow httpd to can connect zabbix
httpd_can_manage_courier_spool (off , off) Allow httpd to can manage courier spool
httpd_can_network_connect (off , off) Allow httpd to can network connect
httpd_can_network_connect_cobbler (off , off) Allow httpd to can network connect cobbler
httpd_can_network_connect_db (off , off) Allow httpd to can network connect db
httpd_can_network_memcache (off , off) Allow httpd to can network memcache
httpd_can_network_relay (off , off) Allow httpd to can network relay
httpd_can_sendmail (off , off) Allow httpd to can sendmail
httpd_dbus_avahi (off , off) Allow httpd to dbus avahi
httpd_dbus_sssd (off , off) Allow httpd to dbus sssd
httpd_dontaudit_search_dirs (off , off) Allow httpd to dontaudit search dirs
httpd_enable_cgi (on , on) Allow httpd to enable cgi
httpd_enable_ftp_server (off , off) Allow httpd to enable ftp server
httpd_enable_homedirs (off , off) Allow httpd to enable homedirs
httpd_execmem (off , off) Allow httpd to execmem
httpd_graceful_shutdown (off , off) Allow httpd to graceful shutdown
httpd_manage_ipa (off , off) Allow httpd to manage ipa
httpd_mod_auth_ntlm_winbind (off , off) Allow httpd to mod auth ntlm winbind
httpd_mod_auth_pam (off , off) Allow httpd to mod auth pam
httpd_read_user_content (off , off) Allow httpd to read user content
httpd_run_ipa (off , off) Allow httpd to run ipa
httpd_run_preupgrade (off , off) Allow httpd to run preupgrade
httpd_run_stickshift (off , off) Allow httpd to run stickshift
httpd_serve_cobbler_files (off , off) Allow httpd to serve cobbler files
httpd_setrlimit (off , off) Allow httpd to setrlimit
httpd_ssi_exec (off , off) Allow httpd to ssi exec
httpd_sys_script_anon_write (off , off) Allow httpd to sys script anon write
httpd_tmp_exec (off , off) Allow httpd to tmp exec
httpd_tty_comm (off , off) Allow httpd to tty comm
httpd_unified (off , off) Allow httpd to unified
httpd_use_cifs (off , off) Allow httpd to use cifs
httpd_use_fusefs (off , off) Allow httpd to use fusefs
httpd_use_gpg (off , off) Allow httpd to use gpg
httpd_use_nfs (off , off) Allow httpd to use nfs
httpd_use_opencryptoki (off , off) Allow httpd to use opencryptoki
httpd_use_openstack (off , off) Allow httpd to use openstack
httpd_use_sasl (off , off) Allow httpd to use sasl
httpd_verify_dns (off , off) Allow httpd to verify dns
icecast_use_any_tcp_ports (off , off) Allow icecast to use any tcp ports
init_audit_control (off , off) Allow init to audit control
init_create_dirs (on , on) Allow init to create dirs
irc_use_any_tcp_ports (off , off) Allow irc to use any tcp ports
irssi_use_full_network (off , off) Allow irssi to use full network
kdumpgui_run_bootloader (off , off) Allow kdumpgui to run bootloader
keepalived_connect_any (off , off) Allow keepalived to connect any
kerberos_enabled (on , on) Allow kerberos to enabled
ksmtuned_use_cifs (off , off) Allow ksmtuned to use cifs
ksmtuned_use_nfs (off , off) Allow ksmtuned to use nfs
logadm_exec_content (on , on) Allow logadm to exec content
logging_syslogd_append_public_content (off , off) Allow logging to syslogd append public content
logging_syslogd_can_sendmail (off , off) Allow logging to syslogd can sendmail
logging_syslogd_list_non_security_dirs (off , off) Allow logging to syslogd list non security dirs
logging_syslogd_run_nagios_plugins (off , off) Allow logging to syslogd run nagios plugins
logging_syslogd_use_tty (on , on) Allow logging to syslogd use tty
login_console_enabled (on , on) Allow login to console enabled
logrotate_read_inside_containers (off , off) Allow logrotate to read inside containers
logrotate_use_cifs (off , off) Allow logrotate to use cifs
logrotate_use_fusefs (off , off) Allow logrotate to use fusefs
logrotate_use_nfs (off , off) Allow logrotate to use nfs
logwatch_can_network_connect_mail (off , off) Allow logwatch to can network connect mail
lsmd_plugin_connect_any (off , off) Allow lsmd to plugin connect any
mailman_use_fusefs (off , off) Allow mailman to use fusefs
mcelog_client (off , off) Allow mcelog to client
mcelog_exec_scripts (on , on) Allow mcelog to exec scripts
mcelog_foreground (off , off) Allow mcelog to foreground
mcelog_server (off , off) Allow mcelog to server
minidlna_read_generic_user_content (off , off) Allow minidlna to read generic user content
mmap_low_allowed (off , off) Allow mmap to low allowed
mock_enable_homedirs (off , off) Allow mock to enable homedirs
mount_anyfile (on , on) Allow mount to anyfile
mozilla_plugin_bind_unreserved_ports (off , off) Allow mozilla to plugin bind unreserved ports
mozilla_plugin_can_network_connect (on , on) Allow mozilla to plugin can network connect
mozilla_plugin_use_bluejeans (off , off) Allow mozilla to plugin use bluejeans
mozilla_plugin_use_gps (off , off) Allow mozilla to plugin use gps
mozilla_plugin_use_spice (off , off) Allow mozilla to plugin use spice
mozilla_read_content (off , off) Allow mozilla to read content
mpd_enable_homedirs (off , off) Allow mpd to enable homedirs
mpd_use_cifs (off , off) Allow mpd to use cifs
mpd_use_nfs (off , off) Allow mpd to use nfs
mplayer_execstack (off , off) Allow mplayer to execstack
mysql_connect_any (off , off) Allow mysql to connect any
mysql_connect_http (off , off) Allow mysql to connect http
nagios_run_pnp4nagios (off , off) Allow nagios to run pnp4nagios
nagios_run_sudo (off , off) Allow nagios to run sudo
nagios_use_nfs (off , off) Allow nagios to use nfs
named_tcp_bind_http_port (off , off) Allow named to tcp bind http port
named_write_master_zones (on , on) Allow named to write master zones
neutron_can_network (off , off) Allow neutron to can network
nfs_export_all_ro (on , on) Allow nfs to export all ro
nfs_export_all_rw (on , on) Allow nfs to export all rw
nfsd_anon_write (off , off) Allow nfsd to anon write
nis_enabled (off , off) Allow nis to enabled
nscd_use_shm (on , on) Allow nscd to use shm
openfortivpn_can_network_connect (on , on) Allow openfortivpn to can network connect
openshift_use_nfs (off , off) Allow openshift to use nfs
openvpn_can_network_connect (on , on) Allow openvpn to can network connect
openvpn_enable_homedirs (on , on) Allow openvpn to enable homedirs
openvpn_run_unconfined (off , off) Allow openvpn to run unconfined
pcp_bind_all_unreserved_ports (off , off) Allow pcp to bind all unreserved ports
pcp_read_generic_logs (off , off) Allow pcp to read generic logs
pdns_can_network_connect_db (off , off) Allow pdns to can network connect db
piranha_lvs_can_network_connect (off , off) Allow piranha to lvs can network connect
polipo_connect_all_unreserved (off , off) Allow polipo to connect all unreserved
polipo_session_bind_all_unreserved_ports (off , off) Allow polipo to session bind all unreserved ports
polipo_session_users (off , off) Allow polipo to session users
polipo_use_cifs (off , off) Allow polipo to use cifs
polipo_use_nfs (off , off) Allow polipo to use nfs
polyinstantiation_enabled (off , off) Allow polyinstantiation to enabled
postfix_local_write_mail_spool (on , on) Allow postfix to local write mail spool
postgresql_can_rsync (off , off) Allow postgresql to can rsync
postgresql_selinux_transmit_client_label (off , off) Allow postgresql to selinux transmit client label
postgresql_selinux_unconfined_dbadm (on , on) Allow postgresql to selinux unconfined dbadm
postgresql_selinux_users_ddl (on , on) Allow postgresql to selinux users ddl
pppd_can_insmod (off , off) Allow pppd to can insmod
pppd_for_user (off , off) Allow pppd to for user
privoxy_connect_any (on , on) Allow privoxy to connect any
prosody_bind_http_port (off , off) Allow prosody to bind http port
puppetagent_manage_all_files (off , off) Allow puppetagent to manage all files
puppetmaster_use_db (off , off) Allow puppetmaster to use db
racoon_read_shadow (off , off) Allow racoon to read shadow
radius_use_jit (off , off) Allow radius to use jit
redis_enable_notify (off , off) Allow redis to enable notify
rngd_execmem (off , off) Allow rngd to execmem
rpcd_use_fusefs (off , off) Allow rpcd to use fusefs
rsync_anon_write (off , off) Allow rsync to anon write
rsync_client (off , off) Allow rsync to client
rsync_export_all_ro (off , off) Allow rsync to export all ro
rsync_full_access (off , off) Allow rsync to full access
rsync_sys_admin (off , off) Allow rsync to sys admin
samba_create_home_dirs (off , off) Allow samba to create home dirs
samba_domain_controller (off , off) Allow samba to domain controller
samba_enable_home_dirs (off , off) Allow samba to enable home dirs
samba_export_all_ro (off , off) Allow samba to export all ro
samba_export_all_rw (off , off) Allow samba to export all rw
samba_load_libgfapi (off , off) Allow samba to load libgfapi
samba_portmapper (off , off) Allow samba to portmapper
samba_run_unconfined (off , off) Allow samba to run unconfined
samba_share_fusefs (off , off) Allow samba to share fusefs
samba_share_nfs (off , off) Allow samba to share nfs
sanlock_enable_home_dirs (off , off) Allow sanlock to enable home dirs
sanlock_use_fusefs (off , off) Allow sanlock to use fusefs
sanlock_use_nfs (off , off) Allow sanlock to use nfs
sanlock_use_samba (off , off) Allow sanlock to use samba
saslauthd_read_shadow (off , off) Allow saslauthd to read shadow
screen_allow_session_sharing (off , off) Allow screen to allow session sharing
secadm_exec_content (on , on) Allow secadm to exec content
secure_mode (off , off) Allow secure to mode
secure_mode_insmod (off , off) Allow secure to mode insmod
secure_mode_policyload (off , off) Allow secure to mode policyload
selinuxuser_direct_dri_enabled (on , on) Allow selinuxuser to direct dri enabled
selinuxuser_execheap (off , off) Allow selinuxuser to execheap
selinuxuser_execmod (on , on) Allow selinuxuser to execmod
selinuxuser_execstack (on , on) Allow selinuxuser to execstack
selinuxuser_mysql_connect_enabled (off , off) Allow selinuxuser to mysql connect enabled
selinuxuser_ping (on , on) Allow selinuxuser to ping
selinuxuser_postgresql_connect_enabled (off , off) Allow selinuxuser to postgresql connect enabled
selinuxuser_rw_noexattrfile (on , on) Allow selinuxuser to rw noexattrfile
selinuxuser_share_music (off , off) Allow selinuxuser to share music
selinuxuser_tcp_server (off , off) Allow selinuxuser to tcp server
selinuxuser_udp_server (off , off) Allow selinuxuser to udp server
selinuxuser_use_ssh_chroot (off , off) Allow selinuxuser to use ssh chroot
sge_domain_can_network_connect (off , off) Allow sge to domain can network connect
sge_use_nfs (off , off) Allow sge to use nfs
smartmon_3ware (off , off) Allow smartmon to 3ware
smbd_anon_write (off , off) Allow smbd to anon write
spamassassin_can_network (off , off) Allow spamassassin to can network
spamd_enable_home_dirs (on , on) Allow spamd to enable home dirs
spamd_update_can_network (off , off) Allow spamd to update can network
squid_connect_any (on , on) Allow squid to connect any
squid_use_tproxy (off , off) Allow squid to use tproxy
ssh_chroot_rw_homedirs (off , off) Allow ssh to chroot rw homedirs
ssh_keysign (off , off) Allow ssh to keysign
ssh_sysadm_login (off , off) Allow ssh to sysadm login
ssh_use_tcpd (off , off) Allow ssh to use tcpd
sslh_can_bind_any_port (off , off) Allow sslh to can bind any port
sslh_can_connect_any_port (off , off) Allow sslh to can connect any port
sssd_access_kernel_keys (off , off) Allow sssd to access kernel keys
sssd_connect_all_unreserved_ports (off , off) Allow sssd to connect all unreserved ports
staff_exec_content (on , on) Allow staff to exec content
staff_use_svirt (off , off) Allow staff to use svirt
swift_can_network (off , off) Allow swift to can network
sysadm_exec_content (on , on) Allow sysadm to exec content
systemd_socket_proxyd_bind_any (off , off) Allow systemd to socket proxyd bind any
systemd_socket_proxyd_connect_any (off , off) Allow systemd to socket proxyd connect any
telepathy_connect_all_ports (off , off) Allow telepathy to connect all ports
telepathy_tcp_connect_generic_network_ports (on , on) Allow telepathy to tcp connect generic network ports
tftp_anon_write (off , off) Allow tftp to anon write
tftp_home_dir (off , off) Allow tftp to home dir
tmpreaper_use_cifs (off , off) Allow tmpreaper to use cifs
tmpreaper_use_nfs (off , off) Allow tmpreaper to use nfs
tmpreaper_use_samba (off , off) Allow tmpreaper to use samba
tomcat_can_network_connect_db (off , off) Allow tomcat to can network connect db
tomcat_read_rpm_db (off , off) Allow tomcat to read rpm db
tomcat_use_execmem (off , off) Allow tomcat to use execmem
tor_bind_all_unreserved_ports (off , off) Allow tor to bind all unreserved ports
tor_can_network_relay (off , off) Allow tor to can network relay
tor_can_onion_services (off , off) Allow tor to can onion services
unconfined_chrome_sandbox_transition (on , on) Allow unconfined to chrome sandbox transition
unconfined_dyntrans_all (off , off) Allow unconfined to dyntrans all
unconfined_login (on , on) Allow unconfined to login
unconfined_mozilla_plugin_transition (on , on) Allow unconfined to mozilla plugin transition
unprivuser_use_svirt (off , off) Allow unprivuser to use svirt
use_ecryptfs_home_dirs (off , off) Allow use to ecryptfs home dirs
use_fusefs_home_dirs (off , off) Allow use to fusefs home dirs
use_lpd_server (off , off) Allow use to lpd server
use_nfs_home_dirs (off , off) Allow use to nfs home dirs
use_samba_home_dirs (off , off) Allow use to samba home dirs
use_virtualbox (on , on) Allow use to virtualbox
user_exec_content (on , on) Allow user to exec content
varnishd_connect_any (off , off) Allow varnishd to connect any
virt_lockd_blk_devs (off , off) Allow virt to lockd blk devs
virt_qemu_ga_read_nonsecurity_files (off , off) Allow virt to qemu ga read nonsecurity files
virt_read_qemu_ga_data (off , off) Allow virt to read qemu ga data
virt_rw_qemu_ga_data (off , off) Allow virt to rw qemu ga data
virt_sandbox_share_apache_content (off , off) Allow virt to sandbox share apache content
virt_sandbox_use_all_caps (on , on) Allow virt to sandbox use all caps
virt_sandbox_use_audit (on , on) Allow virt to sandbox use audit
virt_sandbox_use_fusefs (off , off) Allow virt to sandbox use fusefs
virt_sandbox_use_mknod (off , off) Allow virt to sandbox use mknod
virt_sandbox_use_netlink (off , off) Allow virt to sandbox use netlink
virt_sandbox_use_sys_admin (off , off) Allow virt to sandbox use sys admin
virt_transition_userdomain (off , off) Allow virt to transition userdomain
virt_use_comm (off , off) Allow virt to use comm
virt_use_execmem (off , off) Allow virt to use execmem
virt_use_fusefs (off , off) Allow virt to use fusefs
virt_use_glusterd (off , off) Allow virt to use glusterd
virt_use_nfs (off , off) Allow virt to use nfs
virt_use_pcscd (off , off) Allow virt to use pcscd
virt_use_rawip (off , off) Allow virt to use rawip
virt_use_samba (off , off) Allow virt to use samba
virt_use_sanlock (off , off) Allow virt to use sanlock
virt_use_usb (on , on) Allow virt to use usb
virt_use_xserver (off , off) Allow virt to use xserver
webadm_manage_user_files (off , off) Allow webadm to manage user files
webadm_read_user_files (off , off) Allow webadm to read user files
wine_mmap_zero_ignore (off , off) Allow wine to mmap zero ignore
xdm_bind_vnc_tcp_port (off , off) Allow xdm to bind vnc tcp port
xdm_exec_bootloader (off , off) Allow xdm to exec bootloader
xdm_manage_bootloader (on , on) Allow xdm to manage bootloader
xdm_sysadm_login (off , off) Allow xdm to sysadm login
xdm_write_home (off , off) Allow xdm to write home
xen_use_nfs (off , off) Allow xen to use nfs
xend_run_blktap (on , on) Allow xend to run blktap
xend_run_qemu (on , on) Allow xend to run qemu
xguest_connect_network (on , on) Allow xguest to connect network
xguest_exec_content (on , on) Allow xguest to exec content
xguest_mount_media (on , on) Allow xguest to mount media
xguest_use_bluetooth (on , on) Allow xguest to use bluetooth
xserver_clients_write_xshm (off , off) Allow xserver to clients write xshm
xserver_execmem (off , off) Allow xserver to execmem
xserver_object_manager (off , off) Allow xserver to object manager
zabbix_can_network (off , off) Allow zabbix to can network
zabbix_run_sudo (off , off) Allow zabbix to run sudo
zarafa_setrlimit (off , off) Allow zarafa to setrlimit
zebra_write_config (off , off) Allow zebra to write config
zoneminder_anon_write (off , off) Allow zoneminder to anon write
zoneminder_run_sudo (off , off) Allow zoneminder to run sudo
- アクセスが拒否された理由を表示
$ cat /var/log/audit/audit.log | audit2why
出力例
type=AVC msg=audit(1679572303.022:191): avc: denied { sys_resource } for pid=2582 comm="systemd-tmpfile" capability=24 scontext=system_u:system_r:systemd_tmpfiles_t:s0 tcontext=system_u:system_r:systemd_tmpfiles_t:s0 tclass=capability permissive=1
Was caused by:
Missing type enforcement (TE) allow rule.
You can use audit2allow to generate a loadable module to allow this access.
本記事では紹介しきれないほどSELinuxには、専用のコマンドや補助ツールが存在しますが、AL2023ではseinfoなど最初から利用できないコマンドもあります。
おわりに
SELinuxは金融系など高度なセキュリティ要求が求められるシステムではない限り、自主的に使用しているシステムは少ないと思います。
とはいえ、求められるセキュリティが向上していることについては理解しておくべきでしょう。