SELinux, or
Security-Enhanced Linux, is a set of security modules which are
loaded in to kernel to improve security on accessing services/files which
improve security. SELinux was initially released as a collaborative
between Red Hat and the National Security Agency. The SELinux kernel
separates policy and decisions inside the kernel to distribute levels of
protection and prevent a total security breach.
Step 1: Check SELinux current status, issue the sestatus command.
[root@linuxcnf ~]# sestatus
SELinux
status:
enabled
SELinuxfs
mount:
/sys/fs/selinux
SELinux root
directory:
/etc/selinux
Loaded policy
name:
targeted
Current
mode:
enforcing
Mode from config
file:
enforcing
Policy MLS
status:
enabled
Policy deny_unknown status: allowed
Max kernel policy version:
28
[root@linuxcnf ~]#
|
Step 2: Modify the SELinux configuration file and Change
‘SELINUX=enforcing’ to ‘SELINUX=permissive’ or ‘SELINUX=disabled’ and save the
configuration file:
[root@linuxcnf ~]# vi /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy
is enforced.
# permissive - SELinux prints warnings
instead of enforcing.
# disabled - No SELinux policy is
loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are
protected,
# minimum - Modification of targeted
policy. Only selected processes are protected.
# mls - Multi Level Security
protection.
SELINUXTYPE=targeted
[root@linuxcnf ~]#
|
Step 3: Reboot the system to reflect the changes.
[root@linuxcnf ~]# reboot
|
No comments:
Post a Comment