This article covers how to set up SELinux on #CentOS 7. #SELinux is a security mechanism built into the Linux kernel. Linux distributions such as CentOS, RHEL, and Fedora are equipped with SELinux by default.
SELinux improves server security by restricting and defining how a server processes requests and users interact with sockets, network ports, and essential directories.
To check SELinux mode:
The easiest way on how to check SELinux ( Security Enhanced Linux ) operation mode is to use getenforce command.
This command without any options or arguments will simply print a current status SELinux operational mode.
Furthermore, the current status of SELinux operational mode can be set permanently or temporarily.
To check whether SELinux is enabled or not:
1. Use the getenforce command. [vagrant@vagrantdev ~]$ getenforce Permissive.
2. Use the sestatus command.
3. Use the SELinux Configuration File i.e. cat /etc/selinux/config to view the status.
To configure SELinux to enforcing mode:
1. Open the /etc/selinux/config file in a text editor of your choice, for example: # vi /etc/selinux/config.
2. Configure the SELINUX=enforcing option: # This file controls the state of SELinux on the system.
3. Save the change, and restart the system: # reboot.
To enable SELinux without rebooting:
1. Changing the SELinux mode at run time. If SELinux is disabled it cannot be enabled without rebooting.
2. To detemine the current Mode of SELinux.
3. Changing the SELinux mode Permanently. In the /boot/grub/grub.conf file add a line: selinux=0.
4. Or in /etc/sysconfig/selinux change.
To permanently change mode to permissive:
1. Edit the /etc/selinux/config file as follows: # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced.
2. Restart the system: $ reboot.