迅速地了解Amazon Linux 2023只需要5分钟

2 年 ago

文, 翔

50 minutes

首先

2023年3月15日，我们宣布了Amazon Linux 2023的发行。

您可以从”Comparing Amazon Linux 2 and Amazon Linux 2023″中了解关于Amazon Linux 2与Amazon Linux 2023的差异。

本文介绍了根据上述”新动态”信息得出的主要要点。

亚马逊 Linux 2023

因为在”What’s New”中提到了Amazon Linux 2023 (AL2023)，所以本文将使用AL2023进行描述。

生命的终结

关于AL2023的正式寿命周期（EOL），主要版本每2年发布一次。此外，还提供5年的支持。

您可以从发布频率中确认有关EOL的详细信息。

通过了解EOL，升级计划的制定变得更加容易。

安全更新

我认为AL2023的主要特点是安全更新。

安全更新的概要如下所示。

デフォルトはenabledかつpermissiveに設定されています。従ってSELinux ポリシーは強制されないのでオペレーションは拒否せず、AVC（Access Vector Cache）メッセージがログに記録されます。

OpenSSL 3

OpenSSLのバージョンは3です。OpenSSL3の詳細はOpenSSLの公式ドキュメントmigration_guideを参照。

IMDSv2

デフォルトはIMDSv2です。従って実行中のインスタンスからメタデータにアクセスするためのセキュリティが向上しています。IMDSv2の詳細はAWSの公式ドキュメントUse IMDSv2を参照。

验证

确认操作系统信息以及已安装包的版本信息。

为了进行验证，使用CDK部署EC2实例。
有关使用CDK部署EC2实例的方法，请参考我之前写的下面的文章。

AWS CDKでEC2をデプロイする

确认AMI

要启动AL2023的EC2实例，需要有关AL2023的AMI的信息。

如果您想从EC2控制台启动，您可以通过在Amazon Linux中进行搜索来确认。

您可以从GitHub的amazon-linux-2023仓库中，验证以下类型的AL2023的AMI信息。

al2023-ami-kernel-6.1-arm64 适用于 arm64 架构
al2023-ami-minimal-kernel-6.1-arm64 适用于 arm64 架构 (最小化 AMI)
al2023-ami-kernel-6.1-x86_64 适用于 x86_64 架构
al2023-ami-minimal-kernel-6.1-x86_64 适用于 x86_64 架构 (最小化 AMI)

我们可以使用AWS CLI进行确认。

bash-3.2$ aws ssm get-parameter --name "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64"
{
    "Parameter": {
        "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64",
        "Type": "String",
        "Value": "ami-067871d950411e643",
        "Version": 3,
        "LastModifiedDate": "2023-03-16T02:46:57.468000+09:00",
        "ARN": "arn:aws:ssm:ap-northeast-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64",
        "DataType": "text"
    }
}

作为一个例子，在上述的AWS CDK中，如果要部署EC2并指定AMI为al2023-ami-kernel-6.1-x86_64，可以在lib/ec2-cdk-stack.ts文件中按如下方式指定AMI。

const machineImage = ec2.MachineImage.fromSsmParameter(
      '/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64',
    )

AMI ID是每个AWS区域都是唯一的。
上述AMI-067871d950411e643是指当撰写本文时在东京区域确认的AMI ID。
参考：Linux AMI搜索

验证结果

以下是从以ami-067871d950411e643为基础启动的EC2实例中获取的信息。

操作系统信息

要显示操作系统信息，请执行以下命令。

请将以下内容以中文进行本地化改写，只需要一种可能的选项：
$ cat /etc/os-release

答案:
请显示/etc/os-release的内容

NAME="Amazon Linux"
VERSION="2023"
ID="amzn"
ID_LIKE="fedora"
VERSION_ID="2023"
PLATFORM_ID="platform:al2023"
PRETTY_NAME="Amazon Linux 2023"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2023"
HOME_URL="https://aws.amazon.com/linux/"
BUG_REPORT_URL="https://github.com/amazonlinux/amazon-linux-2023"
SUPPORT_END="2028-03-01"

核心版本

要显示内核版本，请执行以下命令。

$ uname -r 可以翻译为 “内核版本号”

6.1.15-28.43.amzn2023.x86_64

已安装的软件包

AL2023的软件包管理采用了Dandified Yum（DNF）。

DNF可以像YUM一样进行操作。
DNF的使用示例请参阅Package management tool。

执行以下命令，您可以获取有关当前安装的所有软件包及其截止日期的信息。

$ sudo dnf supportinfo –显示已安装

出力例
Last metadata expiration check: 0:57:46 ago on Thu Mar 23 11:36:32 2023.
libstoragemgmt 1.9.4-5.amzn2023.0.2 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
nfs-utils 2.5.4-2.rc3.amzn2023.0.3 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python-chevron 0.13.1-1.amzn2023.0.3 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3 3.9.16-1.amzn2023.0.3 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-audit 3.0.6-1.amzn2023.0.2 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-awscrt 0.16.7-1.amzn2023.0.1 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-cffi 1.14.5-1.amzn2023.0.2 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-cryptography 36.0.1-1.amzn2023.0.3 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-dbus 1.2.18-1.amzn2023.0.2 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-gpg 1.15.1-6.amzn2023.0.3 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-hawkey 0.67.0-1.amzn2023.0.5 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-libcomps 0.1.18-1.amzn2023.0.2 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-libdnf 0.67.0-1.amzn2023.0.5 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-libselinux 3.4-5.amzn2023.0.2 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-libsemanage 3.4-5.amzn2023.0.2 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-libstoragemgmt 1.9.4-5.amzn2023.0.2 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-markupsafe 1.1.1-10.amzn2023.0.2 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-netifaces 0.10.6-13.amzn2023.0.2 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-pyrsistent 0.17.3-6.amzn2023.0.2 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-pyyaml 5.4.1-2.amzn2023.0.2 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-rpm 4.16.1.3-12.amzn2023.0.5 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-ruamel-yaml 0.16.6-5.amzn2023.0.2 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-ruamel-yaml-clib 0.1.2-6.amzn2023.0.2 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
python3-setools 4.4.0-9.amzn2023.0.2 installed supported 2028-03-15 Python 3.9 (System Python)has security support until March 2028
acl 2.3.1-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
acpid 2.0.32-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
alternatives 1.15-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
amazon-ec2-net-utils 2.3.0-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
amazon-linux-repo-s3 2023.0.20230315-1.amzn2023 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
amazon-rpm-config 228-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
amazon-ssm-agent 3.1.1927.0-1.amzn2023 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
at 3.1.23-6.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
attr 2.5.1-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
audit 3.0.6-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
audit-libs 3.0.6-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
aws-cfn-bootstrap 2.0-23.amzn2023 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
awscli-2 2.9.19-1.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
basesystem 11-11.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
bash 5.2.15-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
bash-completion 2.11-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
bc 1.07.1-14.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
bind-libs 9.16.27-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
bind-license 9.16.27-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
bind-utils 9.16.27-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
binutils 2.39-6.amzn2023.0.5 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
boost-filesystem 1.75.0-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
boost-system 1.75.0-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
boost-thread 1.75.0-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
bzip2 1.0.8-6.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
bzip2-libs 1.0.8-6.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
c-ares 1.17.2-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
ca-certificates 2023.2.60-1.0.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
checkpolicy 3.4-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
chkconfig 1.15-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
chrony 4.3-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
cloud-init 22.2.2-1.amzn2023.1.7 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
cloud-utils-growpart 0.31-8.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
coreutils 8.32-30.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
coreutils-common 8.32-30.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
cpio 2.13-13.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
cracklib 2.9.6-27.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
cracklib-dicts 2.9.6-27.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
crontabs 1.11-24.20190603git.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
crypto-policies 20220428-1.gitdfb10ea.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
crypto-policies-scripts 20220428-1.gitdfb10ea.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
cryptsetup 2.6.1-1.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
cryptsetup-libs 2.6.1-1.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
curl-minimal 7.88.1-1.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
cyrus-sasl-lib 2.1.27-18.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
cyrus-sasl-plain 2.1.27-18.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
dbus 1.12.24-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
dbus-broker 32-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
dbus-common 1.12.24-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
dbus-libs 1.12.24-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
device-mapper 1.02.185-1.amzn2023.0.4 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
device-mapper-libs 1.02.185-1.amzn2023.0.4 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
diffutils 3.8-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
dnf 4.12.0-2.amzn2023.0.4 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
dnf-data 4.12.0-2.amzn2023.0.4 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
dnf-plugin-release-notification 1.2-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
dnf-plugin-support-info 1.0-2.amzn2023.0.5 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
dnf-plugins-core 4.1.0-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
dosfstools 4.2-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
dracut 055-6.amzn2023.0.6 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
dracut-config-ec2 3.0-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
dracut-config-generic 055-6.amzn2023.0.6 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
dwz 0.14-6.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
dyninst 10.2.1-6.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
e2fsprogs 1.46.5-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
e2fsprogs-libs 1.46.5-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
ec2-hibinit-agent 1.0.4-0.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
ec2-instance-connect 1.1-19.amzn2023 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
ec2-instance-connect-selinux 1.1-19.amzn2023 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
ec2-utils 2.0.1-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
ed 1.14.2-10.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
efi-filesystem 5-4.amzn2023.0.5 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
efi-srpm-macros 5-4.amzn2023.0.5 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
elfutils-debuginfod-client 0.188-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
elfutils-default-yama-scope 0.188-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
elfutils-libelf 0.188-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
elfutils-libs 0.188-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
ethtool 5.15-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
expat 2.5.0-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
file 5.39-7.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
file-libs 5.39-7.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
filesystem 3.14-5.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
findutils 4.8.0-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
fonts-srpm-macros 2.0.5-5.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
fstrm 0.6.1-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
fuse-libs 2.9.9-13.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
gawk 5.1.0-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
gdbm-libs 1.19-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
gdisk 1.0.8-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
gettext 0.21-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
gettext-libs 0.21-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
ghc-srpm-macros 1.5.0-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
glib2 2.73.2-680.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
glibc 2.34-52.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
glibc-all-langpacks 2.34-52.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
glibc-common 2.34-52.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
glibc-gconv-extra 2.34-52.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
glibc-locale-source 2.34-52.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
gmp 6.2.1-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
gnupg2-minimal 2.3.7-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
gnutls 3.7.8-359.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
go-srpm-macros 3.1.0-32.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
gpgme 1.15.1-6.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
gpm-libs 1.20.7-26.amzn2023.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
grep 3.8-1.amzn2023.0.4 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
groff-base 1.22.4-7.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
grub2-common 2.06-61.amzn2023.0.4 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
grub2-efi-x64-ec2 2.06-61.amzn2023.0.4 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
grub2-pc-modules 2.06-61.amzn2023.0.4 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
grub2-tools 2.06-61.amzn2023.0.4 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
grub2-tools-minimal 2.06-61.amzn2023.0.4 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
grubby 8.40-51.amzn2023.0.4 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
gssproxy 0.8.4-2.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
gzip 1.12-1.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
hostname 3.23-4.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
hunspell 1.7.0-9.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
hunspell-en 0.20140811.1-18.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
hunspell-en-GB 0.20140811.1-18.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
hunspell-en-US 0.20140811.1-18.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
hunspell-filesystem 1.7.0-9.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
hwdata 0.353-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
info 6.7-10.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
inih 49-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
initscripts 10.09-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
iproute 5.10.0-2.amzn2023.0.5 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
iputils 20210202-2.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
irqbalance 1.9.0-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
jansson 2.14-0.amzn2023 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
jitterentropy 3.4.1-4.amzn2023 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
json-c 0.14-8.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
kbd 2.4.0-2.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
kbd-misc 2.4.0-2.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
kernel 6.1.15-28.43.amzn2023 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
kernel-livepatch-repo-s3 2023.0.20230315-1.amzn2023 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
kernel-srpm-macros 1.0-14.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
kernel-tools 6.1.15-28.43.amzn2023 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
keyutils 1.6.1-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
keyutils-libs 1.6.1-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
kmod 29-2.amzn2023.0.5 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
kmod-libs 29-2.amzn2023.0.5 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
kpatch-runtime 0.9.7-8.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
krb5-libs 1.20.1-8.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
less 608-2.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libacl 2.3.1-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libaio 0.3.111-11.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libarchive 3.5.3-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libargon2 20171227-9.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libassuan 2.5.5-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libattr 2.5.1-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libbasicobjects 0.1.1-47.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libblkid 2.37.4-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libcap 2.48-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libcap-ng 0.8.2-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libcbor 0.7.0-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libcollection 0.7.0-47.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libcom_err 1.46.5-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libcomps 0.1.18-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libconfig 1.7.2-7.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libcurl-minimal 7.88.1-1.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libdb 5.3.28-49.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libdhash 0.5.0-47.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libdnf 0.67.0-1.amzn2023.0.5 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libeconf 0.4.0-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libedit 3.1-38.20210714cvs.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libev 4.33-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libevent 2.1.12-3.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libfdisk 2.37.4-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libffi 3.1-28.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libfido2 1.10.0-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libgcc 11.3.1-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libgcrypt 1.10.1-7.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libgomp 11.3.1-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libgpg-error 1.42-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libibverbs 37.0-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libidn2 2.3.2-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libini_config 1.3.1-47.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libkcapi 1.4.0-105.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libkcapi-hmaccalc 1.4.0-105.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libldb 2.6.1-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libmaxminddb 1.5.2-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libmetalink 0.1.3-14.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libmnl 1.0.4-13.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libmodulemd 2.13.0-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libmount 2.37.4-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libnfsidmap 2.5.4-2.rc3.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libnghttp2 1.51.0-1.amzn2023 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libnl3 3.5.0-6.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libpath_utils 0.2.1-47.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libpcap 1.10.1-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libpipeline 1.5.3-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libpkgconf 1.8.0-4.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libpsl 0.21.1-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libpwquality 1.4.4-6.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libref_array 0.1.5-47.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
librepo 1.14.2-1.amzn2023.0.4 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libreport-filesystem 2.15.2-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libseccomp 2.5.3-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libselinux 3.4-5.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libselinux-utils 3.4-5.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libsemanage 3.4-5.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libsepol 3.4-3.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libsigsegv 2.13-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libsmartcols 2.37.4-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libsolv 0.7.22-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libss 1.46.5-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libsss_certmap 2.5.0-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libsss_idmap 2.5.0-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libsss_nss_idmap 2.5.0-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libstdc++ 11.3.1-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libtalloc 2.3.4-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libtasn1 4.19.0-1.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libtdb 1.4.7-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libtevent 0.13.0-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libtextstyle 0.21-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libtirpc 1.3.3-0.amzn2023 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libunistring 0.9.10-10.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libuser 0.63-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libutempter 1.2.1-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libuuid 2.37.4-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libuv 1.44.1-156.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libverto 0.3.2-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libverto-libev 0.3.2-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libxcrypt 4.4.33-7.amzn2023 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libxml2 2.10.3-2.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libyaml 0.2.5-5.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
libzstd 1.5.2-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
lm_sensors-libs 3.6.0-8.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
lmdb-libs 0.9.29-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
logrotate 3.20.1-2.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
lsof 4.94.0-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
lua-libs 5.4.4-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
lua-srpm-macros 1-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
lz4-libs 1.9.4-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
man-db 2.9.3-3.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
man-pages 5.10-2.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
microcode_ctl 2.1-53.amzn2023 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
mpfr 4.1.0-7.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
nano 5.8-3.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
ncurses 6.2-4.20200222.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
ncurses-base 6.2-4.20200222.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
ncurses-libs 6.2-4.20200222.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
net-tools 2.0-0.59.20160912git.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
nettle 3.8-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
newt 0.52.21-9.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
npth 1.6-6.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
nspr 4.35.0-4.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
nss 3.88.1-1.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
nss-softokn 3.88.1-1.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
nss-softokn-freebl 3.88.1-1.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
nss-sysinit 3.88.1-1.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
nss-util 3.88.1-1.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
ntsysv 1.15-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
numactl-libs 2.0.14-3.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
ocaml-srpm-macros 6-6.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
openblas-srpm-macros 2-9.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
openldap 2.4.57-6.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
openssh 8.7p1-8.amzn2023.0.4 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
openssh-clients 8.7p1-8.amzn2023.0.4 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
openssh-server 8.7p1-8.amzn2023.0.4 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
openssl 3.0.8-1.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
openssl-libs 3.0.8-1.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
openssl-pkcs11 0.4.12-3.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
os-prober 1.77-7.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
p11-kit 0.24.1-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
p11-kit-trust 0.24.1-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
package-notes-srpm-macros 0.4-18.amzn2023.0.5 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
pam 1.5.1-8.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
parted 3.4-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
passwd 0.80-10.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
pciutils 3.7.0-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
pciutils-libs 3.7.0-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
pcre2 10.40-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
pcre2-syntax 10.40-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Carp 1.50-458.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Class-Struct 0.66-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-DynaLoader 1.47-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Encode 3.15-462.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Errno 1.30-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Exporter 5.74-459.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Fcntl 1.13-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-File-Basename 2.85-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-File-Path 2.18-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-File-Temp 0.231.100-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-File-stat 1.09-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Getopt-Long 2.52-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Getopt-Std 1.12-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-HTTP-Tiny 0.078-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-IO 1.43-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-IPC-Open3 1.21-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-MIME-Base64 3.16-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-POSIX 1.94-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-PathTools 3.78-459.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Pod-Escapes 1.07-458.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Pod-Perldoc 3.28.01-459.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Pod-Simple 3.42-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Pod-Usage 2.01-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Scalar-List-Utils 1.56-459.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-SelectSaver 1.02-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Socket 2.032-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Storable 3.21-458.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Symbol 1.08-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Term-ANSIColor 5.01-459.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Term-Cap 1.17-458.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Text-ParseWords 3.30-458.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-Time-Local 1.300-5.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-constant 1.33-459.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-if 0.60.800-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-interpreter 5.32.1-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-libs 5.32.1-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-mro 1.23-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-overload 1.31-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-overloading 0.02-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-parent 0.238-458.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-podlators 4.14-458.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-srpm-macros 1-39.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-subs 1.03-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
perl-vars 1.05-477.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
pkgconf 1.8.0-4.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
pkgconf-m4 1.8.0-4.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
pkgconf-pkg-config 1.8.0-4.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
policycoreutils 3.4-6.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
policycoreutils-python-utils 3.4-6.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
popt 1.18-6.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
procps-ng 3.3.17-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
protobuf-c 1.4.1-2.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
psacct 6.6.4-9.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
psmisc 23.4-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
publicsuffix-list-dafsa 20221208-60.amzn2023 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python-srpm-macros 3.9-41.amzn2023.0.5 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-attrs 20.3.0-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-babel 2.9.1-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-chardet 4.0.0-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-colorama 0.4.4-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-configobj 5.0.6-23.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-daemon 2.3.0-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-dateutil 2.8.1-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-distro 1.5.0-5.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-dnf 4.12.0-2.amzn2023.0.4 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-dnf-plugins-core 4.1.0-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-docutils 0.16-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-idna 2.10-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-jinja2 2.11.3-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-jmespath 0.10.0-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-jsonpatch 1.21-14.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-jsonpointer 2.0-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-jsonschema 3.2.0-9.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-libs 3.9.16-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-lockfile 0.12.2-5.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-oauthlib 3.0.2-9.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-pip-wheel 21.3.1-2.amzn2023.0.5 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-ply 3.11-11.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-policycoreutils 3.4-6.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-prettytable 0.7.2-25.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-prompt-toolkit 3.0.24-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-pycparser 2.20-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-pyserial 3.4-10.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-pysocks 1.7.1-8.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-pytz 2022.7.1-1.amzn2023 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-requests 2.25.1-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-setuptools 59.6.0-2.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-setuptools-wheel 59.6.0-2.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-six 1.15.0-5.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-urllib3 1.25.10-5.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
python3-wcwidth 0.2.5-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
quota 4.06-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
quota-nls 4.06-4.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
readline 8.1-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
rng-tools 6.14-1.git.56626083.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
rootfiles 8.1-29.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
rpcbind 1.2.6-0.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
rpm 4.16.1.3-12.amzn2023.0.5 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
rpm-build-libs 4.16.1.3-12.amzn2023.0.5 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
rpm-libs 4.16.1.3-12.amzn2023.0.5 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
rpm-plugin-selinux 4.16.1.3-12.amzn2023.0.5 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
rpm-plugin-systemd-inhibit 4.16.1.3-12.amzn2023.0.5 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
rpm-sign-libs 4.16.1.3-12.amzn2023.0.5 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
rsync 3.2.6-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
rust-srpm-macros 21-42.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
screen 4.8.0-5.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
sed 4.8-7.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
selinux-policy 36.16-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
selinux-policy-targeted 36.16-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
setup 2.13.7-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
shadow-utils 4.9-12.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
slang 2.3.2-9.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
sqlite-libs 3.40.0-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
sssd-client 2.5.0-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
sssd-common 2.5.0-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
sssd-kcm 2.5.0-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
strace 5.16-2.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
sudo 1.9.12-1.p2.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
sysctl-defaults 1.0-3.amzn2023 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
sysstat 12.5.6-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
system-release 2023.0.20230315-1.amzn2023 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
systemd 252.4-1161.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
systemd-libs 252.4-1161.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
systemd-networkd 252.4-1161.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
systemd-pam 252.4-1161.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
systemd-resolved 252.4-1161.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
systemd-udev 252.4-1161.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
systemtap-runtime 4.8-3.amzn2023.0.5 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
tar 1.34-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
tbb 2020.3-7.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
tcpdump 4.99.1-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
tcsh 6.24.07-1.amzn2023 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
time 1.9-16.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
traceroute 2.1.0-13.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
tzdata 2022g-1.amzn2023.0.1 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
unzip 6.0-57.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
update-motd 2.0-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
userspace-rcu 0.12.1-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
util-linux 2.37.4-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
util-linux-core 2.37.4-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
vim-common 9.0.1314-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
vim-data 9.0.1314-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
vim-enhanced 9.0.1314-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
vim-filesystem 9.0.1314-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
vim-minimal 9.0.1314-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
wget 1.21.3-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
which 2.21-26.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
words 3.0-37.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
xfsdump 3.1.11-2.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
xfsprogs 5.18.0-1.amzn2023.0.3 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
xxhash-libs 0.8.0-3.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
xz 5.2.5-9.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
xz-libs 5.2.5-9.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
yum 4.12.0-2.amzn2023.0.4 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
zip 3.0-28.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
zlib 1.2.11-33.amzn2023.0.4 installed supported 2028-03-15 Amazon Linux 2023 end-of-life
zstd 1.5.2-1.amzn2023.0.2 installed supported 2028-03-15 Amazon Linux 2023 end-of-life

DNFsupportinfo是用于DNF的插件。
它在GitHub上的dnf-plugin-support-info项目中进行了公开。
参考：管理软件包和操作系统更新。

开放安全套接字层

要显示OpenSSL版本信息，请执行以下命令。

openssl版本

OpenSSL 3.0.8 7 Feb 2023 (Library: OpenSSL 3.0.8 7 Feb 2023)

systemd 系统

要从已注册的systemd单元文件中提取启用自动启动的服务，需要执行以下命令。

systemctl列出的单位文件中筛选已启用的服务。

amazon-ssm-agent.service               enabled         enabled
atd.service                            enabled         enabledauditd.service                         enabled         enabled
chronyd.service                        enabled         enabledcloud-config.service                   enabled         disabled
cloud-final.service                    enabled         disabledcloud-init-local.service               enabled         disabled
cloud-init.service                     enabled         disableddbus-broker.service                    enabled         enabled
getty@.service                         enabled         enabledhibinit-agent.service                  enabled         enabled
import-state.service                   enabled         enabledirqbalance.service                     enabled         enabled
libstoragemgmt.service                 enabled         enablednfs-convert.service                    enabled         disabled
rngd.service                           enabled         enabledrpmdb-rebuild.service                  enabled         enabled
selinux-autorelabel-mark.service       enabled         enabledsshd.service                           enabled         enabled
sssd.service                           enabled         enabledsysstat.service                        enabled         enabled
systemd-fsck-root.service              enabled-runtime disabledsystemd-homed.service                  disabled        enabled
systemd-network-generator.service      enabled         enabledsystemd-networkd-wait-online.service   enabled         disabled
systemd-networkd.service               enabled         enabledsystemd-pstore.service                 disabled        enabled
systemd-remount-fs.service             enabled-runtime disabledsystemd-resolved.service               enabled         enabled
update-motd.service                    enabled         enabled

SELinux是一个安全增强型Linux系统，它具有强大的访问控制机制。

SELinux是一种实现强制访问控制（MAC：Mandatory Access Control）的实施方式。

在Linux内核2.6版本中，它正式地支持并基于安全策略对请求的操作（对象）进行许可或禁止的检查。
因此，它可以提供比任意访问控制（DAC：Discretionary Access Control）更细粒度的访问限制。

SELinux实施了以下三个安全模型。

TEはプロセスがアクセスするリソースを制限するための重要な概念です。プロセスはドメインと呼ばれるラベル（識別子）が付与されます。また、ファイル、ディレクトリ、ソケットやポートなどはタイプと呼ばれるラベルに関連付けされます。
基本的にはディストリビュータが標準ポリシーをカスタマイズして配布しています。

Role Based Access Control（RBAC）とドメイン遷移

RBACはロールを基にユーザーのアクセス制御を行うことができる機能です。
ドメイン遷移によって親プロセスと同じ権限を与えるのではなく、子プロセスに対して権限の制限を行い、最小権限での制御が可能です。

Multi Level Security（MLS）

MLSはベル・ラパドゥラモデルを強制します。
RHELやFedoraなどではMLSを簡略化したMulti Category Security(MCS) と呼ばれるポリシーが搭載されています。MLSを使用するためには、別途パッケージをインストールし、MLSがデフォルトのSELinuxポリシーにするための設定が必要です。

为了检查SELinux的当前模式，请执行以下命令。

获取强制执行状态

Permissive

主要的配置文件是/etc/selinux/config。


# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
# See also:
# https://docs.fedoraproject.org/en-US/quick-docs/getting-started-with-selinux/#getting-started-with-selinux-selinux-states-and-modes
#
# NOTE: In earlier Fedora kernel builds, SELINUX=disabled would also
# fully disable SELinux during boot. If you need a system with SELinux
# fully disabled instead of SELinux running with no policy loaded, you
# need to pass selinux=0 to the kernel command line. You can use grubby
# to persistently set the bootloader to boot with selinux=0:
#
#    grubby --update-kernel ALL --args selinux=0
#
# To revert back to SELinux enabled:
#
#    grubby --update-kernel ALL --remove-args selinux
#
SELINUX=permissive
# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

SELinux的命令

以下是关于确认在AL2023中可以使用的SELinux状态的命令的描述。

$ ps axZ

出力示例：
标签进程ID 终端状态时间指令
system_u:system_r:init_t:s0 1 ? Ss 0:04 /usr/lib/systemd/systemd –switched-root –system –deserialize 32
system_u:system_r:kernel_t:s0 2 ? S 0:00 [kthreadd]
system_u:system_r:kernel_t:s0 3 ? I< 0:00 [rcu_gp]
system_u:system_r:kernel_t:s0 4 ? I< 0:00 [rcu_par_gp]
system_u:system_r:kernel_t:s0 5 ? I< 0:00 [slub_flushwq]
system_u:system_r:kernel_t:s0 6 ? I< 0:00 [netns]
system_u:system_r:kernel_t:s0 8 ? I< 0:00 [kworker/0:0H-events_highpri]
system_u:system_r:kernel_t:s0 10 ? I< 0:00 [mm_percpu_wq]
system_u:system_r:kernel_t:s0 11 ? I 0:00 [rcu_tasks_kthread]
system_u:system_r:kernel_t:s0 12 ? I 0:00 [rcu_tasks_rude_kthread]
system_u:system_r:kernel_t:s0 13 ? I 0:00 [rcu_tasks_trace_kthread]
system_u:system_r:kernel_t:s0 14 ? S 0:00 [ksoftirqd/0]
system_u:system_r:kernel_t:s0 15 ? I 0:00 [rcu_preempt]
system_u:system_r:kernel_t:s0 16 ? S 0:00 [migration/0]
system_u:system_r:kernel_t:s0 18 ? S 0:00 [cpuhp/0]
system_u:system_r:kernel_t:s0 20 ? S 0:00 [kdevtmpfs]
system_u:system_r:kernel_t:s0 21 ? I< 0:00 [inet_frag_wq]
system_u:system_r:kernel_t:s0 22 ? S 0:00 [kauditd]
system_u:system_r:kernel_t:s0 23 ? S 0:00 [khungtaskd]
system_u:system_r:kernel_t:s0 24 ? S 0:00 [oom_reaper]
system_u:system_r:kernel_t:s0 27 ? I< 0:00 [writeback]
system_u:system_r:kernel_t:s0 28 ? S 0:00 [kcompactd0]
system_u:system_r:kernel_t:s0 29 ? SN 0:00 [khugepaged]
system_u:system_r:kernel_t:s0 30 ? I< 0:00 [kintegrityd]
system_u:system_r:kernel_t:s0 31 ? I< 0:00 [kblockd]
system_u:system_r:kernel_t:s0 32 ? I< 0:00 [blkcg_punt_bio]
system_u:system_r:kernel_t:s0 33 ? S 0:00 [xen-balloon]
system_u:system

$ getsebool -a

出力例
abrt_anon_write → 关闭
abrt_handle_event → 关闭
abrt_upload_watch_anon_write → 开启
antivirus_can_scan_system → 关闭
antivirus_use_jit → 关闭
auditadm_exec_content → 开启
authlogin_nsswitch_use_ldap → 关闭
authlogin_radius → 关闭
authlogin_yubikey → 关闭
awstats_purge_apache_log_files → 关闭
boinc_execmem → 开启
cdrecord_read_content → 关闭
cluster_can_network_connect → 关闭
cluster_manage_all_files → 关闭
cluster_use_execmem → 关闭
cobbler_anon_write → 关闭
cobbler_can_network_connect → 关闭
cobbler_use_cifs → 关闭
cobbler_use_nfs → 关闭
collectd_tcp_network_connect → 关闭
colord_use_nfs → 关闭
condor_tcp_network_connect → 关闭
conman_can_network → 关闭
conman_use_nfs → 关闭
cron_can_relabel → 关闭
cron_system_cronjob_use_shares → 关闭
cron_userdomain_transition → 开启
cups_execmem → 关闭
cvs_read_shadow → 关闭
daemons_dontaudit_scheduling → 开启
daemons_dump_core → 关闭
daemons_enable_cluster_mode → 关闭
daemons_use_tcp_wrapper → 关闭
daemons_use_tty → 关闭
dbadm_exec_content → 开启
dbadm_manage_user_files → 关闭
dbadm_read_user_files → 关闭
deny_bluetooth → 关闭
deny_execmem → 关闭
deny_ptrace → 关闭
dhcpc_exec_iptables → 关闭
dhcpd_use_ldap → 关闭
dnsmasq_use_ipset → 关闭
domain_can_mmap_files → 关闭
domain_can_write_kmsg → 关闭
domain_fd_use → 开启
domain_kernel_load_modules → 关闭
entropyd_use_audio → 开启
exim_can_connect_db → 关闭
exim_manage_user_files → 关闭
exim_read_user_files → 关闭
fcron_crond → 关闭
fenced_can_network_connect → 关闭
fenced_can_ssh → 关闭
fips_mode → 开启
ftpd_anon_write → 关闭
ftpd_connect_all_unreserved → 关闭
ftpd_connect_db → 关闭
ftpd_full_access → 关闭
ftpd_use_cifs → 关闭
ftpd_use_fusefs → 关闭
ftpd_use_nfs → 关闭
ftpd_use_passive_mode → 关闭
git_cgi_enable_homedirs → 关闭
git_cgi_use_cifs → 关闭
git_cgi_use_nfs → 关闭
git_session_bind_all_unreserved_ports → 关闭
git_session_users → 关闭
git_system_enable_homedirs → 关闭
git_system_use_cifs → 关闭
git_system_use_nfs → 关闭
gitosis_can_sendmail → 关闭
glance_api_can_network → 关闭
glance_use_execmem → 关闭
glance_use_fusefs → 关闭
global_ssp → 关闭
gluster_anon_write → 关闭
gluster_export_all_ro → 关闭
gluster_export_all_rw → 开启
gluster_use_execmem → 关闭
gpg_web_anon_write → 关闭
gssd_read_tmp → 开启
guest_exec_content → 开启
haproxy_connect_any → 关闭
httpd_anon_write → 关闭
httpd_builtin_scripting → 开启
httpd_can_check_spam → 关闭
httpd_can_connect_ftp → 关闭
httpd_can_connect_ldap → 关闭
httpd_can_connect_mythtv → 关闭
httpd_can_connect_zabbix → 关闭
httpd_can_manage_courier_spool → 关闭
httpd_can_network_connect → 关闭
httpd_can_network_connect_cobbler → 关闭
httpd_can_network_connect_db → 关闭
httpd_can_network_memcache → 关闭
httpd_can_network_relay → 关闭
httpd_can_sendmail → 关闭
httpd_dbus_avahi → 关闭
httpd_dbus_sssd → 关闭
httpd_dontaudit_search_dirs → 关闭
httpd_enable_cgi → 开启
httpd_enable_ftp_server → 关闭
httpd_enable_homedirs → 关闭
httpd_execmem → 关闭
httpd_graceful_shutdown → 关闭
httpd_manage_ipa → 关闭
httpd_mod_auth_ntlm_winbind → 关闭
httpd_mod_auth_pam → 关闭
httpd_read_user_content → 关闭
httpd_run_ipa → 关闭
httpd_run_preupgrade → 关闭
httpd_run_stickshift → 关闭
httpd_serve_cobbler_files → 关闭
httpd_setrlimit → 关闭
httpd_ssi_exec → 关闭
httpd_sys_script_anon_write → 关闭
httpd_tmp_exec → 关闭
httpd_tty_comm → 关闭
httpd_unified → 关闭
httpd_use_cifs → 关闭
httpd_use_fusefs → 关闭
httpd_use_gpg → 关闭
httpd_use_nfs → 关闭
httpd_use_opencryptoki → 关闭
httpd_use_openstack → 关闭
httpd_use_sasl → 关闭
httpd_verify_dns → 关闭
icecast_use_any_tcp_ports → 关闭
init_audit_control → 关闭
init_create_dirs → 开启
irc_use_any_tcp_ports → 关闭
irssi_use_full_network →

$ semanage boolean -l

出力例
SELinux boolean State Default Descriptionabrt_anon_write (off , off) Allow abrt to anon write
abrt_handle_event (off , off) Allow abrt to handle event
abrt_upload_watch_anon_write (on , on) Allow abrt to upload watch anon write
antivirus_can_scan_system (off , off) Allow antivirus to can scan systemantivirus_use_jit (off , off) Allow antivirus to use jit
auditadm_exec_content (on , on) Allow auditadm to exec contentauthlogin_nsswitch_use_ldap (off , off) Allow authlogin to nsswitch use ldap
authlogin_radius (off , off) Allow authlogin to radiusauthlogin_yubikey (off , off) Allow authlogin to yubikey
awstats_purge_apache_log_files (off , off) Allow awstats to purge apache log filesboinc_execmem (on , on) Allow boinc to execmemcdrecord_read_content (off , off) Allow cdrecord to read content
cluster_can_network_connect (off , off) Allow cluster to can network connectcluster_manage_all_files (off , off) Allow cluster to manage all files
cluster_use_execmem (off , off) Allow cluster to use execmemcobbler_anon_write (off , off) Allow cobbler to anon write
cobbler_can_network_connect (off , off) Allow cobbler to can network connectcobbler_use_cifs (off , off) Allow cobbler to use cifs
cobbler_use_nfs (off , off) Allow cobbler to use nfscollectd_tcp_network_connect (off , off) Allow collectd to tcp network connectcolord_use_nfs (off , off) Allow colord to use nfs
condor_tcp_network_connect (off , off) Allow condor to tcp network connect
conman_can_network (off , off) Allow conman to can network
conman_use_nfs (off , off) Allow conman to use nfs
cron_can_relabel (off , off) Allow cron to can relabelcron_system_cronjob_use_shares (off , off) Allow cron to system cronjob use shares
cron_userdomain_transition (on , on) Allow cron to userdomain transition
cups_execmem (off , off) Allow cups to execmem
cvs_read_shadow (off , off) Allow cvs to read shadow
daemons_dontaudit_scheduling (on , on) Allow daemons to dontaudit scheduling
daemons_dump_core (off , off) Allow daemons to dump core
daemons_enable_cluster_mode (off , off) Allow daemons to enable cluster mode
daemons_use_tcp_wrapper (off , off) Allow daemons to use tcp wrapper
daemons_use_tty (off , off) Allow daemons to use tty
dbadm_exec_content (on , on) Allow dbadm to exec content
dbadm_manage_user_files (off , off) Allow dbadm to manage user files
dbadm_read_user_files (off , off) Allow dbadm to read user files
deny_bluetooth (off , off) Allow deny to bluetooth
deny_execmem (off , off) Allow deny to execmem
deny_ptrace (off , off) Allow deny to ptrace
dhcpc_exec_iptables (off , off) Allow dhcpc to exec iptables
dhcpd_use_ldap (off , off) Allow dhcpd to use ldap
dnsmasq_use_ipset (off , off) Allow dnsmasq to use ipset
domain_can_mmap_files (off , off) Allow domain to can mmap files
domain_can_write_kmsg (off , off) Allow domain to can write kmsg
domain_fd_use (on , on) Allow domain to fd use
domain_kernel_load_modules (off , off) Allow domain to kernel load modules
entropyd_use_audio (on , on) Allow entropyd to use audio
exim_can_connect_db (off , off) Allow exim to can connect db
exim_manage_user_files (off , off) Allow exim to manage user files
exim_read_user_files (off , off) Allow exim to read user files
fcron_crond (off , off) Allow fcron to crond
fenced_can_network_connect (off , off) Allow fenced to can network connect
fenced_can_ssh (off , off) Allow fenced to can ssh
fips_mode (on , on) Allow fips to mode
ftpd_anon_write (off , off) Allow ftpd to anon write
ftpd_connect_all_unreserved (off , off) Allow ftpd to connect all unreserved
ftpd_connect_db (off , off) Allow ftpd to connect db
ftpd_full_access (off , off) Allow ftpd to full access
ftpd_use_cifs (off , off) Allow ftpd to use cifs
ftpd_use_fusefs (off , off) Allow ftpd to use fusefs
ftpd_use_nfs (off , off) Allow ftpd to use nfs
ftpd_use_passive_mode (off , off) Allow ftpd to use passive mode
git_cgi_enable_homedirs (off , off) Allow git to cgi enable homedirs
git_cgi_use_cifs (off , off) Allow git to cgi use cifs
git_cgi_use_nfs (off , off) Allow git to cgi use nfs
git_session_bind_all_unreserved_ports (off , off) Allow git to session bind all unreserved ports
git_session_users (off , off) Allow git to session users
git_system_enable_homedirs (off , off) Allow git to system enable homedirs
git_system_use_cifs (off , off) Allow git to system use cifs
git_system_use_nfs (off , off) Allow git to system use nfs
gitosis_can_sendmail (off , off) Allow gitosis to can sendmail
glance_api_can_network (off , off) Allow glance to api can network
glance_use_execmem (off , off) Allow glance to use execmem
glance_use_fusefs (off , off) Allow glance to use fusefs
global_ssp (off , off) Allow global to ssp
gluster_anon_write (off , off) Allow gluster to anon write
gluster_export_all_ro (off , off) Allow gluster to export all ro
gluster_export_all_rw (on , on) Allow gluster to export all rw
gluster_use_execmem (off , off) Allow gluster to use execmem
gpg_web_anon_write (off , off) Allow gpg to web anon write
gssd_read_tmp (on , on) Allow gssd to read tmp
guest_exec_content (on , on) Allow guest to exec content
haproxy_connect_any (off , off) Allow haproxy to connect any
httpd_anon_write (off , off) Allow httpd to anon write
httpd_builtin_scripting (on , on) Allow httpd to builtin scripting
httpd_can_check_spam (off , off) Allow httpd to can check spam
httpd_can_connect_ftp (off , off) Allow httpd to can connect ftp
httpd_can_connect_ldap (off , off) Allow httpd to can connect ldap
httpd_can_connect_mythtv (off , off) Allow httpd to can connect mythtv
httpd_can_connect_zabbix (off , off) Allow httpd to can connect zabbix
httpd_can_manage_courier_spool (off , off) Allow httpd to can manage courier spool
httpd_can_network_connect (off , off) Allow httpd to can network connect
httpd_can_network_connect_cobbler (off , off) Allow httpd to can network connect cobbler
httpd_can_network_connect_db (off , off) Allow httpd to can network connect db
httpd_can_network_memcache (off , off) Allow httpd to can network memcache
httpd_can_network_relay (off , off) Allow httpd to can network relay
httpd_can_sendmail (off , off) Allow httpd to can sendmail
httpd_dbus_avahi (off , off) Allow httpd to dbus avahi
httpd_dbus_sssd (off , off) Allow httpd to dbus sssd
httpd_dontaudit_search_dirs (off , off) Allow httpd to dontaudit search dirs
httpd_enable_cgi (on , on) Allow httpd to enable cgi
httpd_enable_ftp_server (off , off) Allow httpd to enable ftp server
httpd_enable_homedirs (off , off) Allow httpd to enable homedirs
httpd_execmem (off , off) Allow httpd to execmem
httpd_graceful_shutdown (off , off) Allow httpd to graceful shutdown
httpd_manage_ipa (off , off) Allow httpd to manage ipa
httpd_mod_auth_ntlm_winbind (off , off) Allow httpd to mod auth ntlm winbind
httpd_mod_auth_pam (off , off) Allow httpd to mod auth pam
httpd_read_user_content (off , off) Allow httpd to read user content
httpd_run_ipa (off , off) Allow httpd to run ipa
httpd_run_preupgrade (off , off) Allow httpd to run preupgrade
httpd_run_stickshift (off , off) Allow httpd to run stickshift
httpd_serve_cobbler_files (off , off) Allow httpd to serve cobbler files
httpd_setrlimit (off , off) Allow httpd to setrlimit
httpd_ssi_exec (off , off) Allow httpd to ssi exec
httpd_sys_script_anon_write (off , off) Allow httpd to sys script anon write
httpd_tmp_exec (off , off) Allow httpd to tmp exec
httpd_tty_comm (off , off) Allow httpd to tty comm
httpd_unified (off , off) Allow httpd to unified
httpd_use_cifs (off , off) Allow httpd to use cifs
httpd_use_fusefs (off , off) Allow httpd to use fusefs
httpd_use_gpg (off , off) Allow httpd to use gpg
httpd_use_nfs (off , off) Allow httpd to use nfs
httpd_use_opencryptoki (off , off) Allow httpd to use opencryptoki
httpd_use_openstack (off , off) Allow httpd to use openstack
httpd_use_sasl (off , off) Allow httpd to use sasl
httpd_verify_dns (off , off) Allow httpd to verify dns
icecast_use_any_tcp_ports (off , off) Allow icecast to use any tcp ports
init_audit_control (off , off) Allow init to audit control
init_create_dirs (on , on) Allow init to create dirs
irc_use_any_tcp_ports (off , off) Allow irc to use any tcp ports
irssi_use_full_network (off , off) Allow irssi to use full network
kdumpgui_run_bootloader (off , off) Allow kdumpgui to run bootloader
keepalived_connect_any (off , off) Allow keepalived to connect any
kerberos_enabled (on , on) Allow kerberos to enabled
ksmtuned_use_cifs (off , off) Allow ksmtuned to use cifs
ksmtuned_use_nfs (off , off) Allow ksmtuned to use nfs
logadm_exec_content (on , on) Allow logadm to exec content
logging_syslogd_append_public_content (off , off) Allow logging to syslogd append public content
logging_syslogd_can_sendmail (off , off) Allow logging to syslogd can sendmail
logging_syslogd_list_non_security_dirs (off , off) Allow logging to syslogd list non security dirs
logging_syslogd_run_nagios_plugins (off , off) Allow logging to syslogd run nagios plugins
logging_syslogd_use_tty (on , on) Allow logging to syslogd use tty
login_console_enabled (on , on) Allow login to console enabled
logrotate_read_inside_containers (off , off) Allow logrotate to read inside containers
logrotate_use_cifs (off , off) Allow logrotate to use cifs
logrotate_use_fusefs (off , off) Allow logrotate to use fusefs
logrotate_use_nfs (off , off) Allow logrotate to use nfs
logwatch_can_network_connect_mail (off , off) Allow logwatch to can network connect mail
lsmd_plugin_connect_any (off , off) Allow lsmd to plugin connect any
mailman_use_fusefs (off , off) Allow mailman to use fusefs
mcelog_client (off , off) Allow mcelog to client
mcelog_exec_scripts (on , on) Allow mcelog to exec scripts
mcelog_foreground (off , off) Allow mcelog to foreground
mcelog_server (off , off) Allow mcelog to server
minidlna_read_generic_user_content (off , off) Allow minidlna to read generic user content
mmap_low_allowed (off , off) Allow mmap to low allowed
mock_enable_homedirs (off , off) Allow mock to enable homedirs
mount_anyfile (on , on) Allow mount to anyfile
mozilla_plugin_bind_unreserved_ports (off , off) Allow mozilla to plugin bind unreserved ports
mozilla_plugin_can_network_connect (on , on) Allow mozilla to plugin can network connect
mozilla_plugin_use_bluejeans (off , off) Allow mozilla to plugin use bluejeans
mozilla_plugin_use_gps (off , off) Allow mozilla to plugin use gps
mozilla_plugin_use_spice (off , off) Allow mozilla to plugin use spice
mozilla_read_content (off , off) Allow mozilla to read content
mpd_enable_homedirs (off , off) Allow mpd to enable homedirs
mpd_use_cifs (off , off) Allow mpd to use cifs
mpd_use_nfs (off , off) Allow mpd to use nfs
mplayer_execstack (off , off) Allow mplayer to execstack
mysql_connect_any (off , off) Allow mysql to connect any
mysql_connect_http (off , off) Allow mysql to connect http
nagios_run_pnp4nagios (off , off) Allow nagios to run pnp4nagios
nagios_run_sudo (off , off) Allow nagios to run sudo
nagios_use_nfs (off , off) Allow nagios to use nfs
named_tcp_bind_http_port (off , off) Allow named to tcp bind http port
named_write_master_zones (on , on) Allow named to write master zones
neutron_can_network (off , off) Allow neutron to can network
nfs_export_all_ro (on , on) Allow nfs to export all ro
nfs_export_all_rw (on , on) Allow nfs to export all rw
nfsd_anon_write (off , off) Allow nfsd to anon write
nis_enabled (off , off) Allow nis to enabled
nscd_use_shm (on , on) Allow nscd to use shm
openfortivpn_can_network_connect (on , on) Allow openfortivpn to can network connect
openshift_use_nfs (off , off) Allow openshift to use nfs
openvpn_can_network_connect (on , on) Allow openvpn to can network connect
openvpn_enable_homedirs (on , on) Allow openvpn to enable homedirs
openvpn_run_unconfined (off , off) Allow openvpn to run unconfined
pcp_bind_all_unreserved_ports (off , off) Allow pcp to bind all unreserved ports
pcp_read_generic_logs (off , off) Allow pcp to read generic logs
pdns_can_network_connect_db (off , off) Allow pdns to can network connect db
piranha_lvs_can_network_connect (off , off) Allow piranha to lvs can network connect
polipo_connect_all_unreserved (off , off) Allow polipo to connect all unreserved
polipo_session_bind_all_unreserved_ports (off , off) Allow polipo to session bind all unreserved ports
polipo_session_users (off , off) Allow polipo to session users
polipo_use_cifs (off , off) Allow polipo to use cifs
polipo_use_nfs (off , off) Allow polipo to use nfs
polyinstantiation_enabled (off , off) Allow polyinstantiation to enabled
postfix_local_write_mail_spool (on , on) Allow postfix to local write mail spool
postgresql_can_rsync (off , off) Allow postgresql to can rsync
postgresql_selinux_transmit_client_label (off , off) Allow postgresql to selinux transmit client label
postgresql_selinux_unconfined_dbadm (on , on) Allow postgresql to selinux unconfined dbadm
postgresql_selinux_users_ddl (on , on) Allow postgresql to selinux users ddl
pppd_can_insmod (off , off) Allow pppd to can insmod
pppd_for_user (off , off) Allow pppd to for user
privoxy_connect_any (on , on) Allow privoxy to connect any
prosody_bind_http_port (off , off) Allow prosody to bind http port
puppetagent_manage_all_files (off , off) Allow puppetagent to manage all files
puppetmaster_use_db (off , off) Allow puppetmaster to use db
racoon_read_shadow (off , off) Allow racoon to read shadow
radius_use_jit (off , off) Allow radius to use jit
redis_enable_notify (off , off) Allow redis to enable notify
rngd_execmem (off , off) Allow rngd to execmem
rpcd_use_fusefs (off , off) Allow rpcd to use fusefs
rsync_anon_write (off , off) Allow rsync to anon write
rsync_client (off , off) Allow rsync to client
rsync_export_all_ro (off , off) Allow rsync to export all ro
rsync_full_access (off , off) Allow rsync to full access
rsync_sys_admin (off , off) Allow rsync to sys admin
samba_create_home_dirs (off , off) Allow samba to create home dirs
samba_domain_controller (off , off) Allow samba to domain controller
samba_enable_home_dirs (off , off) Allow samba to enable home dirs
samba_export_all_ro (off , off) Allow samba to export all ro
samba_export_all_rw (off , off) Allow samba to export all rw
samba_load_libgfapi (off , off) Allow samba to load libgfapi
samba_portmapper (off , off) Allow samba to portmapper
samba_run_unconfined (off , off) Allow samba to run unconfined
samba_share_fusefs (off , off) Allow samba to share fusefs
samba_share_nfs (off , off) Allow samba to share nfs
sanlock_enable_home_dirs (off , off) Allow sanlock to enable home dirs
sanlock_use_fusefs (off , off) Allow sanlock to use fusefs
sanlock_use_nfs (off , off) Allow sanlock to use nfs
sanlock_use_samba (off , off) Allow sanlock to use samba
saslauthd_read_shadow (off , off) Allow saslauthd to read shadow
screen_allow_session_sharing (off , off) Allow screen to allow session sharing
secadm_exec_content (on , on) Allow secadm to exec content
secure_mode (off , off) Allow secure to mode
secure_mode_insmod (off , off) Allow secure to mode insmod
secure_mode_policyload (off , off) Allow secure to mode policyload
selinuxuser_direct_dri_enabled (on , on) Allow selinuxuser to direct dri enabled
selinuxuser_execheap (off , off) Allow selinuxuser to execheap
selinuxuser_execmod (on , on) Allow selinuxuser to execmod
selinuxuser_execstack (on , on) Allow selinuxuser to execstack
selinuxuser_mysql_connect_enabled (off , off) Allow selinuxuser to mysql connect enabled
selinuxuser_ping (on , on) Allow selinuxuser to ping
selinuxuser_postgresql_connect_enabled (off , off) Allow selinuxuser to postgresql connect enabled
selinuxuser_rw_noexattrfile (on , on) Allow selinuxuser to rw noexattrfile
selinuxuser_share_music (off , off) Allow selinuxuser to share music
selinuxuser_tcp_server (off , off) Allow selinuxuser to tcp server
selinuxuser_udp_server (off , off) Allow selinuxuser to udp server
selinuxuser_use_ssh_chroot (off , off) Allow selinuxuser to use ssh chroot
sge_domain_can_network_connect (off , off) Allow sge to domain can network connect
sge_use_nfs (off , off) Allow sge to use nfs
smartmon_3ware (off , off) Allow smartmon to 3ware
smbd_anon_write (off , off) Allow smbd to anon write
spamassassin_can_network (off , off) Allow spamassassin to can network
spamd_enable_home_dirs (on , on) Allow spamd to enable home dirs
spamd_update_can_network (off , off) Allow spamd to update can network
squid_connect_any (on , on) Allow squid to connect any
squid_use_tproxy (off , off) Allow squid to use tproxy
ssh_chroot_rw_homedirs (off , off) Allow ssh to chroot rw homedirs
ssh_keysign (off , off) Allow ssh to keysign
ssh_sysadm_login (off , off) Allow ssh to sysadm login
ssh_use_tcpd (off , off) Allow ssh to use tcpd
sslh_can_bind_any_port (off , off) Allow sslh to can bind any port
sslh_can_connect_any_port (off , off) Allow sslh to can connect any port
sssd_access_kernel_keys (off , off) Allow sssd to access kernel keys
sssd_connect_all_unreserved_ports (off , off) Allow sssd to connect all unreserved ports
staff_exec_content (on , on) Allow staff to exec content
staff_use_svirt (off , off) Allow staff to use svirt
swift_can_network (off , off) Allow swift to can network
sysadm_exec_content (on , on) Allow sysadm to exec content
systemd_socket_proxyd_bind_any (off , off) Allow systemd to socket proxyd bind any
systemd_socket_proxyd_connect_any (off , off) Allow systemd to socket proxyd connect any
telepathy_connect_all_ports (off , off) Allow telepathy to connect all ports
telepathy_tcp_connect_generic_network_ports (on , on) Allow telepathy to tcp connect generic network ports
tftp_anon_write (off , off) Allow tftp to anon write
tftp_home_dir (off , off) Allow tftp to home dir
tmpreaper_use_cifs (off , off) Allow tmpreaper to use cifs
tmpreaper_use_nfs (off , off) Allow tmpreaper to use nfs
tmpreaper_use_samba (off , off) Allow tmpreaper to use samba
tomcat_can_network_connect_db (off , off) Allow tomcat to can network connect db
tomcat_read_rpm_db (off , off) Allow tomcat to read rpm db
tomcat_use_execmem (off , off) Allow tomcat to use execmem
tor_bind_all_unreserved_ports (off , off) Allow tor to bind all unreserved ports
tor_can_network_relay (off , off) Allow tor to can network relay
tor_can_onion_services (off , off) Allow tor to can onion services
unconfined_chrome_sandbox_transition (on , on) Allow unconfined to chrome sandbox transition
unconfined_dyntrans_all (off , off) Allow unconfined to dyntrans all
unconfined_login (on , on) Allow unconfined to login
unconfined_mozilla_plugin_transition (on , on) Allow unconfined to mozilla plugin transition
unprivuser_use_svirt (off , off) Allow unprivuser to use svirt
use_ecryptfs_home_dirs (off , off) Allow use to ecryptfs home dirs
use_fusefs_home_dirs (off , off) Allow use to fusefs home dirs
use_lpd_server (off , off) Allow use to lpd server
use_nfs_home_dirs (off , off) Allow use to nfs home dirs
use_samba_home_dirs (off , off) Allow use to samba home dirs
use_virtualbox (on , on) Allow use to virtualbox
user_exec_content (on , on) Allow user to exec content
varnishd_connect_any (off , off) Allow varnishd to connect any
virt_lockd_blk_devs (off , off) Allow virt to lockd blk devs
virt_qemu_ga_read_nonsecurity_files (off , off) Allow virt to qemu ga read nonsecurity files
virt_read_qemu_ga_data (off , off) Allow virt to read qemu ga data
virt_rw_qemu_ga_data (off , off) Allow virt to rw qemu ga data
virt_sandbox_share_apache_content (off , off) Allow virt to sandbox share apache content
virt_sandbox_use_all_caps (on , on) Allow virt to sandbox use all caps
virt_sandbox_use_audit (on , on) Allow virt to sandbox use audit
virt_sandbox_use_fusefs (off , off) Allow virt to sandbox use fusefs
virt_sandbox_use_mknod (off , off) Allow virt to sandbox use mknod
virt_sandbox_use_netlink (off , off) Allow virt to sandbox use netlink
virt_sandbox_use_sys_admin (off , off) Allow virt to sandbox use sys admin
virt_transition_userdomain (off , off) Allow virt to transition userdomain
virt_use_comm (off , off) Allow virt to use comm
virt_use_execmem (off , off) Allow virt to use execmem
virt_use_fusefs (off , off) Allow virt to use fusefs
virt_use_glusterd (off , off) Allow virt to use glusterd
virt_use_nfs (off , off) Allow virt to use nfs
virt_use_pcscd (off , off) Allow virt to use pcscd
virt_use_rawip (off , off) Allow virt to use rawip
virt_use_samba (off , off) Allow virt to use samba
virt_use_sanlock (off , off) Allow virt to use sanlock
virt_use_usb (on , on) Allow virt to use usb
virt_use_xserver (off , off) Allow virt to use xserver
webadm_manage_user_files (off , off) Allow webadm to manage user files
webadm_read_user_files (off , off) Allow webadm to read user files
wine_mmap_zero_ignore (off , off) Allow wine to mmap zero ignore
xdm_bind_vnc_tcp_port (off , off) Allow xdm to bind vnc tcp port
xdm_exec_bootloader (off , off) Allow xdm to exec bootloader
xdm_manage_bootloader (on , on) Allow xdm to manage bootloader
xdm_sysadm_login (off , off) Allow xdm to sysadm login
xdm_write_home (off , off) Allow xdm to write home
xen_use_nfs (off , off) Allow xen to use nfs
xend_run_blktap (on , on) Allow xend to run blktap
xend_run_qemu (on , on) Allow xend to run qemu
xguest_connect_network (on , on) Allow xguest to connect network
xguest_exec_content (on , on) Allow xguest to exec content
xguest_mount_media (on , on) Allow xguest to mount media
xguest_use_bluetooth (on , on) Allow xguest to use bluetooth
xserver_clients_write_xshm (off , off) Allow xserver to clients write xshm
xserver_execmem (off , off) Allow xserver to execmem
xserver_object_manager (off , off) Allow xserver to object manager
zabbix_can_network (off , off) Allow zabbix to can network
zabbix_run_sudo (off , off) Allow zabbix to run sudo
zarafa_setrlimit (off , off) Allow zarafa to setrlimit
zebra_write_config (off , off) Allow zebra to write config
zoneminder_anon_write (off , off) Allow zoneminder to anon write
zoneminder_run_sudo (off , off) Allow zoneminder to run sudo

$ cat /var/log/audit/audit.log | audit2why

发送的日志消息如下：
type=AVC msg=audit(1679572303.022:191): avc: denied { sys_resource } for pid=2582 comm=”systemd-tmpfile” capability=24 scontext=system_u:system_r:systemd_tmpfiles_t:s0 tcontext=system_u:system_r:systemd_tmpfiles_t:s0 tclass=capability permissive=1
这是由以下原因引起的：
缺少类型强制（TE）允许规则。
您可以使用audit2allow来生成一个可加载的模块以允许此访问。

在本文中无法介绍所有的SELinux专用命令和辅助工具，但在AL2023中可能会有一些初始就无法使用的命令，例如seinfo。

最后

只有在金融等需要高度安全要求的系统中，才会自愿地使用SELinux。

尽管如此，我们应该理解到安全性需求正在提高。