SELinux (Security-Enhanced Linux) is a Linux kernel security feature for access control designed by the NSA, the US national security agency, that allows administrators to better control access to the system.
In this guide we will see how to desable SElinux at CentOS 7 and RHEL 7. Here are the steps to deactivate SElinux :
1- Check the current status of SElinux. 2- Deactivate SElinux temporarily 3- Desable SElinux permanently. 4- Reboot 5- Check the status of SElinux
Let’s see in detail all these steps.
Check the current status of SElinux :
Use « getenforce » command to see the status of SElinux :
[root@server ~]# getenforce Enforcing
You can have three states of SElinux :
Enforcing : activated
Permissive : displays warnings instead of applying them.
Disabled : SElinux is disabled
Another way to see the status of SElinux is the /etc/selinux/config file :
[root@server ~]# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=enforcing # SELINUXTYPE= can take one of three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
Temporarily disable SELinux:
Use « setenforce » command to disable SELinux :
[root@bdd ~]# setenforce usage: setenforce [ Enforcing | Permissive | 1 | 0 ]
[root@bdd ~]# setenforce 0 [root@bdd ~]# getenforce Permissive
This change is temporary, which means that if you restart your machine, the change is lost.
Permanently disabled SElinux :
Edit the /etc/selinux/config file and change the value of « SELINUX » to « disabled » :
[root@server ~]# vim /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
Save the file and restart the machine.
Check the status of SElinux:
After rebooting the machine checking the status of SElinux, it should be in the Disabled state:
[root@server ~]# getenforce Disabled [root@server ~]# vim /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
Here, you now know the two methods to deactivate SElinux, it should be noted that it is not recommended to deactivate it, and to do it just in the case of diagnostics to check if SElinux is the cause of a blockage.
Nslookup : 8 commandes les plus utilisés
dd (Disk Dump) : 7 exemples pratiques d’utilisation
nmap : les 12 commandes que vous devez connaître
Protocole du routage
Fail2Ban : How to protect Linux services