All About Selinux Enforcing

What is Selinux Enforcing and How to Disable it

What is Selinux ?

Selinux stands for Security Enhanced Linux, so as it reads from it's name it's about the security layer for Linux kernel. It includes a set of kernel modifications which includes a defense layer for the Linux system.

Check Selinux Status

sestatus

For extra details you can run

setatus -v

Selinux Modes

Selinux has 3 modes:

Enforcing: Which means that it's enabled and will prevent all actions against security booleans.

Permissive: In this mode the Selinux will be enabled but will only log the actions and show warnings.

Disabled: In this mode the Selinux will be disabled.

 

Change Selinux Mode

Simply go to below files and do the following changes

vi /etc/selinux/config

Then set the selinux to the desired mode

SELINUX=disabled

Selinux Booleans

Selinux has a lot of booleans sets which allows you to change the policies, to list booleans you can run any of the below commands.

sestatus -b

semanage boolean -l

getsebool -a

 

Change/Set Selinux Boolean

In below example I will enable the httpd_can_network which allows or disable httpd scripts to connect to system

setsebool -P httpd_can_network_connect on

For list of selinux booleans you can follow this link.

 

 


Subscribe to
for video tutorials updates