Basics of SELinux
What is SELinux?SELinux is a set of security policies/modules which are going to apply on the machine to improve the overall security of the machine. These are the Linux security modules(LSM) which are loaded in to kernel to improve security on accessing services/files which improve security. SELinux is short form of Security Enhanced Linux.
How to set SELinux
SELinux is set in three modes.- Enforcing- SELinux security policy is enforced. IF this is set SELinux is enabled and will try to enforce the SELinux policies strictly
- Permissive – SELinux prints warnings instead of enforcing. This setting will just give warning when any SELinux policy setting is breached
- Disabled – No SELinux policy is loaded. This will totally disable SELinux policies.
How Get SELinux Status
command to get the status.#getenforce
The output will be either “Enabled” or “Disabled”To see SELinux status in simplified way you can use sestatus
#sestatus
To get elobrated info on difference status of SELinux on different services use -b option
#sestatus -b
How to Disabling SELinux
We can do it in two ways1) : edit /etc/selinux/config
change the status of SELINUX fromenforcing to disabled
SELINUX=enforcing
to
SELINUX=disabled
Save the file and exit.
2): Execute below command
echo 0 > /selinux/enforce
or
setenforce 0
How to Enabling SELinux
1) : edit /etc/selinux/configchange the status of SELINUX fromdisabled to enforcing
SELINUX=disabled
to
SELINUX=enforcing
Save the file and exit.
2) : Execute below command
echo 1 > /selinux/enforce
or
setenforce 1
No comments:
Post a Comment