TWhosting
New member
- Joined
- Nov 10, 2016
- Messages
- 5
- Points
- 0
SELinux (Security-Enhanced Linux) is a Linux kernel extension that controls access to certain resources.
SELinux is activated by default in a CentOS 7 installation. If this feature is not needed, SELinux can also be disabled. The following article describes how this works. The described settings must be as a privileged user (root).
Display SELinux status
To read the current status of SELinux helps and sestatus the command. The following display shows the output with SELinux enabled.
or if it is disabled
Enable SELinux
In order to disable SELinux you can need to adjust configuration file in /etc/sysconfig/selinux. The following settings can be selected.
a screen will appear as follows
Press ENTER or type command to continue
remove "#" before #SELINUX=enforcing to enable SELINUX
There are some variables you can use
enforcing - SELinux is enabled
permissive - SELinux is active but only logging
disabled - SELinux deactivated
For these changes to take effect, the server must be restarted.
or
The issue of sestatus shows that SELinux was disabled in this case.
Should SELinux remain active and only the behavior of this can also be changed with the command setenforce be performed without rebooting.
setenforce 1 - enforcing
setenforce 0 - permissive
Disable SELinux
set SELINUX=disabled and adding #SELINUX=enforcing as below
Good documentation about SELinux can be found on the website of the Fedora project.
SELinux is activated by default in a CentOS 7 installation. If this feature is not needed, SELinux can also be disabled. The following article describes how this works. The described settings must be as a privileged user (root).
Display SELinux status
To read the current status of SELinux helps and sestatus the command. The following display shows the output with SELinux enabled.
Code:
sestatus
Code:
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
Code:
[root@vps87755 ~]# sestatus
SELinux status: disabledIn order to disable SELinux you can need to adjust configuration file in /etc/sysconfig/selinux. The following settings can be selected.
Code:
vis /etc/sysconfig/selinux
Code:
E325: ATTENTION
Found a swap file by the name "/etc/selinux/.config.swp"
owned by: root dated: Thu Nov 10 09:14:10 2016
file name: /etc/sysconfig/selinux
modified: YES
user name: root host name: vps89755.vps.ovh.ca
process ID: 24517
While opening file "/etc/sysconfig/selinux"
dated: Thu Nov 3 04:13:18 2016
(1) Another program may be editing the same file. If this is the case,
be careful not to end up with two different instances of the same
file when making changes. Quit, or continue with caution.
(2) An edit session for this file crashed.
If this is the case, use ":recover" or "vim -r /etc/sysconfig/selinux"
to recover the changes (see ":help recovery").
If you did this already, delete the swap file "/etc/selinux/.config.swp"
to avoid this message.
"/etc/sysconfig/selinux" 14L, 476C
Code:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
#SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targetedThere are some variables you can use
enforcing - SELinux is enabled
permissive - SELinux is active but only logging
disabled - SELinux deactivated
For these changes to take effect, the server must be restarted.
Code:
reboot
Code:
shutdown -r nowShould SELinux remain active and only the behavior of this can also be changed with the command setenforce be performed without rebooting.
setenforce 1 - enforcing
setenforce 0 - permissive
Code:
setenfor 0
Code:
sestatus
Code:
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28set SELINUX=disabled and adding #SELINUX=enforcing as below
Code:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
#SELINUX=enforcing
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targetedGood documentation about SELinux can be found on the website of the Fedora project.
