×



Need to to disable SELinux on CentOS 7? How to disable SELinux from the command line over ssh based session?

This guide is for you.

SELinux is an acronym for Security-Enhanced Linux. It is a Linux kernel security feature for access control. Basically, with the help of SELinux sysadmin can determine which Linux server users and apps can access resources.
Here at LinuxAPT, as part of our Server Management Services, we regularly help our Customers to perform Linux Server Configuration tasks.
In this context, we shall look into the process to disable SELinux security feature on a CentOS / RHEL and Fedora Linux.

More information about SELinux and its benefits ?

Security-Enhanced Linux (SELinux) is a mandatory access control (MAC) security mechanism implemented in the kernel. SELinux was first introduced in CentOS 4 and significantly enhanced in later CentOS releases. These enhancements mean that content varies as to how to approach SELinux over time to solve problems.
It is an implementation of a mandatory access control mechanism in the Linux kernel and was developed by NSA.

How do I enforce SELinux?

To change #SELinux to enforcing mode, follow the steps below;
i. Open the /etc/selinux/config file in a text editor of your choice, for example: # vi /etc/selinux/config.
ii. Configure the SELINUX=enforcing option: # This file controls the state of SELinux on the system.
iii. Save the change, and restart the #system: # reboot.

How to disable SELinux on a CentOS 7 / RHEL 7 / Fedora Linux ?

The process to remove and disable SELinux security features is as follows:
i. Log in to your server
ii. Check the current SELinux status, run: sestatus
iii. To disable SELinux on CentOS 7 temporarily, run: sudo setenforce 0
iv. Edit the /etc/selinux/config file and set the SELINUX to disabled
v. Reboot the Linux server
vi. Verify it by running the sestatus and getenforce again

To get the main point, You can modify the mode SELinux is running in using the setenforce command. For example, to put SELinux in enforcing mode, execute:

sudo setenforce Enforcing
sestatus

To put SELinux in permissive mode i.e. disabled mode:
sudo setenforce Permissive

sestatus
getenforce

Note that is temporary solution to disable SELinux without rebooting the server and active for the current session only.

Now, let us see all commands related to using SELinux in details.

How to find out SELinux status on CentOS 7 ?

To do this, execute the following sestatus command;

sestatus

Another option is to run the following command to print the current mode of SELinux;

getenforce
Enforcing

You can also use the following cat command:

cat /etc/selinux/config

This will display the output as shown below;

SELINUX=enforcing
SELINUXTYPE=targeted

What are the different types of security policy when using SELinux ?

The /etc/selinux/config file controls the state of SELinux on the system. SELINUX= can take one of these three values:
i. enforcing – SELinux security policy is enforced.
ii. permissive – SELinux prints warnings instead of enforcing (disabled).
iii. disabled – No SELinux policy is loaded (disabled).

SELINUXTYPE= can take one of following:
i. targeted – Targeted processes are protected.
ii. minimum – Modification of targeted policy. Only selected processes are protected.
iii. mls – Multi Level Security protection.

How to Disabling SELinux permanently ?

To do this, modify the /etc/selinux/config file, run:

sudo vi /etc/selinux/config

Set SELINUX to disabled:

SELINUX=disabled

Save and close the file in vi/vim. Reboot the Linux system:

sudo reboot

After reboot, make sure following commands gives Disabled output indicating that SELinux removed and disabled on your Linux server:

getenforce
sestatus


[Need urgent Support to perform Ubuntu related tasks ? We are available to help you today. ]


Conclusion


More Linux Tutorials

We create Linux HowTos and Tutorials for Sys Admins. Visit us on IbmiMedia.com

Also for Tech related tips, Visit forum.outsourcepath.com or General Technical tips on www.outsourcepath.com