What is SELinux and how does it work & its configuration?
SeLinux is a set of security policies & modules which are going to apply on the machine to improve the overall security of the machine. These are the Linux security modules(LSM) which are loaded in to kernel to improve security on accessing services & files which improve security. SELinux is short form of Security Enhanced Linux. or in short it prevent the miss configuration or compromised daemon to damage the operating system
SELinux has three modes.How to set SELinux ?In this Article we're only going to touch on SELinux contexts and labels. SELinux policies contain various rules that allow interaction between different contexts. Contexts may be ports, processes, files, directories, and so on. Instead of getting overwhelmed with the technical concepts of SELinux, we'll instead look at the practical side of using SELinux.
Enforcing- SELinux security policy is enforced. IF this is set SELinux is enabled and will try to enforce the SELinux policies strictly
Permissive – SELinux prints warnings instead of enforcing. This setting will just give warning when any SELinux policy setting is breached
Disabled – No SELinux policy is loaded. This will totally disable SELinux policies.
How Get SELinux Status
commands or steps to check the status of SELinux. There are three way you can check the status of SELinux.
1.cat /etc/selinux/config
You will see SELINUX=disabled or =Enforcing or =Permissive
2 #getenforce
The output will be either “Permissive” or “Enforcing”
3. cat /selinux/enforce
The output will be "0" or "1" (Where 0 is Permissive and 1 for Enforcing )
To see SELinux status in simplified way you can use sestatus
#sestatus
To get elaborated info on difference status of SELinux on different services use -b option. using this command you can check the status of all services or daemon if SELinux is on or off for that service.
#sestatus -b
How to Disabling SELinux
We can do it in three ways
1) : edit /etc/selinux/config
change the status of SELINUX from enforcing to disabled
SELINUX=enforcing
to
SELINUX=disabled
Save the file and exit.
2): Execute below command
echo 0 > /selinux/enforce
or
3): setenforce 0
How to Enabling SELinux
1) : edit /etc/selinux/config
change the status of SELINUX from disabled to enforcing
SELINUX=disabled
to
SELINUX=enforcing
Save the file and exit.
2) : Execute below command
#echo 1 > /selinux/enforce
or
#setenforce 1
Please comment Below if you have any query or suggestion regarding this post.
SELinux has three modes.How to set SELinux ?In this Article we're only going to touch on SELinux contexts and labels. SELinux policies contain various rules that allow interaction between different contexts. Contexts may be ports, processes, files, directories, and so on. Instead of getting overwhelmed with the technical concepts of SELinux, we'll instead look at the practical side of using SELinux.
Enforcing- SELinux security policy is enforced. IF this is set SELinux is enabled and will try to enforce the SELinux policies strictly
Permissive – SELinux prints warnings instead of enforcing. This setting will just give warning when any SELinux policy setting is breached
Disabled – No SELinux policy is loaded. This will totally disable SELinux policies.
How Get SELinux Status
commands or steps to check the status of SELinux. There are three way you can check the status of SELinux.
1.cat /etc/selinux/config
You will see SELINUX=disabled or =Enforcing or =Permissive
2 #getenforce
The output will be either “Permissive” or “Enforcing”
3. cat /selinux/enforce
The output will be "0" or "1" (Where 0 is Permissive and 1 for Enforcing )
To see SELinux status in simplified way you can use sestatus
#sestatus
To get elaborated info on difference status of SELinux on different services use -b option. using this command you can check the status of all services or daemon if SELinux is on or off for that service.
#sestatus -b
How to Disabling SELinux
We can do it in three ways
1) : edit /etc/selinux/config
change the status of SELINUX from enforcing to disabled
SELINUX=enforcing
to
SELINUX=disabled
Save the file and exit.
2): Execute below command
echo 0 > /selinux/enforce
or
3): setenforce 0
How to Enabling SELinux1) : edit /etc/selinux/config
change the status of SELINUX from disabled to enforcing
SELINUX=disabled
to
SELINUX=enforcing
Save the file and exit.
2) : Execute below command
#echo 1 > /selinux/enforce
or
#setenforce 1
Please comment Below if you have any query or suggestion regarding this post.
What is SELinux and how does it work & its configuration?
Reviewed by TecGeeks News
on
July 29, 2016
Rating:
Reviewed by TecGeeks News
on
July 29, 2016
Rating:
No comments: