What is SELinux and how does it work & its configuration?

SeLinux is a set of security policies & modules which are going to apply on the machine to improve the overall security of the machine. These are the Linux security modules(LSM) which are loaded in to kernel to improve security on accessing services & files which improve security. SELinux is short form of Security Enhanced Linux. or in short it prevent the miss configuration or compromised daemon to damage the operating system

SELinux has three modes.How to set SELinux ?In this Article  we're only going to touch on SELinux contexts and labels. SELinux policies contain various rules that allow interaction between different contexts. Contexts may be  ports, processes, files, directories, and so on. Instead of getting overwhelmed with the technical concepts of SELinux, we'll instead look at the practical side of using SELinux.

Enforcing- SELinux security policy is enforced. IF this is set SELinux is enabled and will try to enforce the SELinux policies strictly

Permissive – SELinux prints warnings instead of enforcing. This setting will just give warning when any SELinux policy setting is breached

Disabled – No SELinux policy is loaded. This will totally disable SELinux policies.

How Get SELinux Status

commands or steps to check the status of SELinux. There are three way you can check the status of SELinux.

1.cat /etc/selinux/config 

You will see SELINUX=disabled or =Enforcing or =Permissive

2 #getenforce

The output will be either “Permissive” or “Enforcing”

3. cat /selinux/enforce 

The output will be "0" or "1" (Where 0 is Permissive and 1 for Enforcing )

To see SELinux status in simplified way you can use sestatus

To get elaborated info on difference status of SELinux on different services use -b option. using this command you can check the status of all services or daemon  if SELinux is on or off for that service.
#sestatus -b

How to Disabling SELinux

We can do it in three ways
1) : edit /etc/selinux/config
change the status of SELINUX from enforcing to disabled
Save the file and exit.

2): Execute below command
echo 0 > /selinux/enforce
3): setenforce 0

How to Enabling SELinux

1) : edit /etc/selinux/config
change the status of SELINUX from disabled to enforcing
Save the file and exit.
2) : Execute below command
#echo 1 > /selinux/enforce
#setenforce 1

Please comment Below if you have any query or suggestion regarding this post.
What is SELinux and how does it work & its configuration? What is SELinux and how does it work & its configuration? Reviewed by Unknown on July 29, 2016 Rating: 5

No comments:

Get Your Business Online Now

Powered by Blogger.