Home » How to » How to change Selinux Mode in Linux » How to check SELinux Status in Linux » How to disable SELinux In Linux » How to enable SELinux in Linux » How to change Selinux Mode in Linux

How to change Selinux Mode in Linux

in , , , , - on 08:25:00 - No comments

Changing SELinux Modes:

Into this article in we will learn about the Selinux  and changing mode of selinux.

Basic Selinux Concepts :

SELinux is a security enhancement to linux that allows users and administrators more control over which users and applications can access which resources, such as files. Standard Linux access controls, such as file modes (-rwxr-xr-x) are modifiable by the user and applications that the user runs, whereas SELInux access controls are determined by a policy loaded on the system and not changeable by careless users or misbehaving applications.

Modes Of SELinux:

There are three modes in which SElinux can be at a time, they are
Enforcing, Premissive and Disabled
  • Enforcing

Enable and enforce the SELinux security policy on the system, denying access and logging actions.
  • Permissive

Permissive mode is similar to debugging Mode. In permissive Mode, SELinux policies and rules are applied to subjects and objects, but actions ( for example, Access Control denials) are not affected. The biggest advantage of permissive mode is that log files and error messages are generated based on the SELinux policy implemented.
  • Disabled

SELinux is turned off and no warn and log messages will be generated and stored.

How to check SELinux Status in Linux.

To check the selinux  mode There are two commands.

#getenforce


[root@linuxelearn ~]# getenforce
Enforcing
[root@linuxelearn ~]#

#sestatus


[root@linuxelearn ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted
[root@linuxelearn ~]#

Changing the Modes of Selinux

To change the mode of selinux the syntax is

#setenforce <option>

In this commands Options used are 0 and 1 ( Where 0 means Permissive and  1 means Enforcing )
To Change the SELinux Mode to Permissive in linux use following command.

#setenforce 0

Verify it using getenforce or sestatus  Commands.


[root@linuxelearn ~]# getenforce
Enforcing
[root@linuxelearn ~]# setenforce 0
[root@linuxelearn ~]# getenforce
Permissive
[root@linuxelearn ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   permissive
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted
[root@linuxelearn ~]#

To Change the SELinux Mode back to Enforcing mode

#setenforce 1

Check the Changes Using  getenforce or sestatus  Commands.


[root@linuxelearn ~]# getenforce
Permissive
[root@linuxelearn ~]# setenforce 1
[root@linuxelearn ~]# getenforce
Enforcing
[root@linuxelearn ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted
[root@linuxelearn ~]#

To make this changes permanent, edit the /etc/sysconfig/selinux file (or the /etc/selinux/config file) using VIM command and replace the following value and save the changes.


SELINUX=permissive

How to disable SELinux In Linux  OR How to Enable SELinux Security in Linux?

To Disable the SELinux Protection or to change it to disabled Mode
  • Edit the /etc/selinux/config file and change SELINUX=disabled

Whenever you changing the mode of SELinux from Enforcing/Permissive to Disabled or Disabled to Permissive/Enforcing, you need to restart the system so that the changes can take effect.

First check the current status of SELinux and the configuration file.


[root@linuxelearn ~]# getenforce
Enforcing
[root@linuxelearn ~]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted


[root@linuxelearn ~]#

Now, edit the configuration file, restart the computer and check the SELinux Status.
  • #vim /etc/selinux/config
  • #init 6 ( to reboot the system )

  
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted
~
~
-- INSERT --                

[root@linuxelearn ~]# getenforce
Disabled
[root@linuxelearn ~]# sestatus
SELinux status:               disabled
[root@linuxelearn ~]#

How to enable SELinux in Linux

To Enable SELinux Back the procedure is exactly same as above, Instead of SELINUX=disabled change it to SELINUX=enforcing or permissive.
And Don’t Forget to restart the system, unless the system is rebooted the changes will not take effect.


If you Like post then share and comment please And if you have any suggestion for me do comment .





Labels: , , , ,

Post a Comment