Need to to disable SELinux on CentOS 7? How to disable SELinux from the command line over ssh based session?
This guide is for you.
SELinux is an acronym for Security-Enhanced Linux. It is a Linux kernel security feature for access control. Basically, with the help of SELinux sysadmin can determine which Linux server users and apps can access resources.
Here at LinuxAPT, as part of our Server Management Services, we regularly help our Customers to perform Linux Server Configuration tasks.
In this context, we shall look into the process to disable SELinux security feature on a CentOS / RHEL and Fedora Linux.
Security-Enhanced Linux (SELinux) is a mandatory access control (MAC) security mechanism implemented in the kernel. SELinux was first introduced in CentOS 4 and significantly enhanced in later CentOS releases. These enhancements mean that content varies as to how to approach SELinux over time to solve problems.
It is an implementation of a mandatory access control mechanism in the Linux kernel and was developed by NSA.
To change #SELinux to enforcing mode, follow the steps below;
i. Open the /etc/selinux/config file in a text editor of your choice, for example: # vi /etc/selinux/config.
ii. Configure the SELINUX=enforcing option: # This file controls the state of SELinux on the system.
iii. Save the change, and restart the #system: # reboot.
The process to remove and disable SELinux security features is as follows:
i. Log in to your server
ii. Check the current SELinux status, run: sestatus
iii. To disable SELinux on CentOS 7 temporarily, run: sudo setenforce 0
iv. Edit the /etc/selinux/config file and set the SELINUX to disabled
v. Reboot the Linux server
vi. Verify it by running the sestatus and getenforce again
To get the main point, You can modify the mode SELinux is running in using the setenforce command. For example, to put SELinux in enforcing mode, execute:
sudo setenforce Enforcing
To put SELinux in permissive mode i.e. disabled mode:
sudo setenforce Permissive
Note that is temporary solution to disable SELinux without rebooting the server and active for the current session only.
Now, let us see all commands related to using SELinux in details.
To do this, execute the following sestatus command;
Another option is to run the following command to print the current mode of SELinux;
You can also use the following cat command:
This will display the output as shown below;
The /etc/selinux/config file controls the state of SELinux on the system. SELINUX= can take one of these three values:
i. enforcing – SELinux security policy is enforced.
ii. permissive – SELinux prints warnings instead of enforcing (disabled).
iii. disabled – No SELinux policy is loaded (disabled).
SELINUXTYPE= can take one of following:
i. targeted – Targeted processes are protected.
ii. minimum – Modification of targeted policy. Only selected processes are protected.
iii. mls – Multi Level Security protection.
To do this, modify the /etc/selinux/config file, run:
sudo vi /etc/selinux/config
Set SELINUX to disabled:
Save and close the file in vi/vim. Reboot the Linux system:
After reboot, make sure following commands gives Disabled output indicating that SELinux removed and disabled on your Linux server: