Previous Topic: uxauthd.sh Script—Administer UNAB AgentNext Topic: uxconsole Utility—Manage UNAB Endpoints


uxauth_selinux.sh—Enable SElinux Support

The uxauth_selinux.sh script deploys a SELinux policy that enables UNAB to work in SElinux environment. The script enables support for the following utilities: ssh, rlogin, ftp, sftp, and passwd.

You can install the SELinux UNAB policy using the extensive or the general installations. Extensive installation adds permissions for the SELinux security context type usr_t. General installation does not add permissions for the user_t type and hence general installation UNAB cannot support offline users login and user login reports.

The uxauth_selinux.sh script is located in the UNAB lbin directory, by default: /opt/CA/uxauthd/lbin. The uxauth installation package can be customized to run the script during UNAB installation where SELinux policy is installed in general mode. You can also run the script after installation from the default location.

Note: Installing an extensive policy automatically uninstalls previously installed general policy.

This command has the following format:

uxauth_selinux.sh {-i [-e]| -r | -h}
-i

Installs the policy in the SElinux environment

-e

Specifies to invoke the extensive installation option that adds permissions for the usr_t type

-r

Removes the policy from the SElinux environment

-h

Displays the help