The SELinux stands for Security-Enhanced Linux where it is a linux kernel security module. It is enabled by default on most of the linux distribution that we use for servers like centOS. It provides enhanced security measurements. It gives you fine control over all programs and daemons on their activities like communicating with out side programs or controlling whether to establish a outside connections for a particular program.
It is always recommended to have SELinux enabled on a server to avoid common security glitches.
To query the current status of SELinux use the following commands
The above command will report the current status of SELinux. Whether SELinux is enforcing, permissive, or disabled. If it is already disabled.
Open the file /etc/selinux/config and change the option SELINUX to disabled
if you open file you would see something like
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=enforcing # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted
If SELinux is enabled you would see enforcing replace it with disabled.
You should restart the machine to take effect If you change SELINUX status from Enabled to Disabled or vice versa.
To enable SELinux follow the below instructions,
- Open the file /etc/selinux/config
- Change option SELINUX from disabled to enforcing
- Restart the machine
To change the mode of SELinux which is running
$ setenforce usage: setenforce [ Enforcing | Permissive | 1 | 0 ] $ #To Set mode to Permissive $ setenforce Permissive
SELinux is the linux kernel module for enhanced security. SELinux stands for Security-Enhanced Linux. If SELinux is installed on your machine or server you can check the current status by using following commands
[root@lintel ~]# getenforce
The above command will give you one of the following as an output
enforcing, permissive, or disabled
You use the below command which will give simple overview
[root@lintel ~]# sestatus
If enabled you will output something like
# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: permissive Mode from config file: permissive Policy version: 24 Policy from config file: targeted
You can also check the configuration which is located at /etc/selinux/config.
In above config file the option SELINUX describes the status of SELinux. But it’s not precise to determine the status from the configuration file, it’s better to determine the status by using commands mentioned above.
*Note: You need administrator privileges to either enable or disable SELinux