linux_config_selinux

This is an old revision of the document!

Overview

SElinux or Security Enchanced linux is PAIN in the “buttom”. it is designed as militery grade security for the US army. That being said if you have it enabled (default) you cannot configure pretty much anything on the software you install without changing the context of the SElinux.

So let's see how to disable and check for status:

Manage

SElinux has three modes: Enforcing Permissive Disabled

The first two are enabling the SElunix, while the last one totally disables it.

You can check if SElinux is currently enabled by issuing the following command:

Check SElinux 

[root@************ redis]# getenforce
Enforcing

That means, that it is enabled and it is the highest priority. If you don't have requirement to have SElinux, I suggest to ALWAYS change the police to “Permissive” that means it will still monitor the access and yells at you when you violate it, but it won't stop your work.

Let's see how we can disable it:

Enable / Disable

To change the mode to Permissive and reverse, we can use the following command:

Change modes 

[root@tbp-mts-redis01 redis]# setenforce 0 - Permissive
[root@tbp-mts-redis01 redis]# getenforce
Permissive
[root@tbp-mts-redis01 redis]# setenforce 1 - Enforcing
[root@tbp-mts-redis01 redis]# getenforce
Enforcing
[root@tbp-mts-redis01 redis]#

We cannot totally disable it while the Linux is working, we have to restart. Also bare in mind that any change (with setenforce) doesn't survive a restart. To disable it totally and/or to make our changes persistant, we have to modify the following file:

Persistant Change 

[root@************** redis]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing  <- Change what you want here. This change will persist a restart.
# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted
  • linux_config_selinux.1601374610.txt.gz
  • Last modified: 2020/09/29 10:16
  • by andonovj