How to disable Selinux in RedHat
Security-Enhanced Linux (SELinux) is a Linux feature that
provides the mechanism for supporting access control security policies.
·
SELinux has three
modes ie enforcing, permissive and disable.
·
SELinux has
two "modes" of operation: permissive and enforcing
·
in permissive mode
SELinux does not enforce its policy, but only logs what it would have blocked
(or granted)
·
applications
that are SELinux-aware might still behave differently with permissive mode
than when SELinux is completely disabled
·
specific
types can be marked as permissive while the rest of the system is
in enforcing mode
·
completely
disabling SELinux has consequences on the file contexts so an entire system
relabeling is needed afterwards
How to check the status of
SELINUX in linux system
Use the below given command to check SELINUX
Use the below given command to check SELINUX
getenforce
or open the file /etc/sysconfig/selinux and find the
value of “SELINUX=enforcing”
In below given /etc/sysconfig/selinux file. The selinux is in enforcing mode.
In below given /etc/sysconfig/selinux file. The selinux is in enforcing mode.
[root@localhost ~]# cat /etc/sysconfig/selinux
# This file controls the state of
SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted – Targeted processes are protected,
# mls – Multi Level Security protection.
SELINUXTYPE=targeted
# SELINUX= can take one of these three values:
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted – Targeted processes are protected,
# mls – Multi Level Security protection.
SELINUXTYPE=targeted
[root@localhost ~]#
To temporary change the SELINUX mode into permissive state in running system without reboot.
Use the command setenforce 0 and to reverse setenforce 1
[root@localhost ~]# getenforce
Enforcing
[root@localhost ~]#
[root@localhost ~]# setenforce 0
[root@localhost ~]#
[root@localhost ~]# getenforce
Permissive
[root@localhost ~]#
Enforcing
[root@localhost ~]#
[root@localhost ~]# setenforce 0
[root@localhost ~]#
[root@localhost ~]# getenforce
Permissive
[root@localhost ~]#
[root@localhost ~]# sestatus
SELinux status:
enabled
SELinuxfs mount:
/sys/fs/selinux
SELinux root directory:
/etc/selinux
Loaded policy name:
targeted
Current mode:
permissive
Mode from config file:
enforcing
Policy MLS status:
enabled
Policy deny_unknown status:
allowed
Max kernel policy version:
28
[root@linux1 ~]#
For permanent change in selinux mode edit the file
/etc/sysconfig/selinux.
Change the value of SELINUX=enforcing into permissive or disabled and restart the system
Change the value of SELINUX=enforcing into permissive or disabled and restart the system
[root@localhost ~]# vi
/etc/sysconfig/selinux
# This file controls the state of
SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted – Targeted processes are protected,
# mls – Multi Level Security protection.
SELINUXTYPE=targeted
# SELINUX= can take one of these three values:
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted – Targeted processes are protected,
# mls – Multi Level Security protection.
SELINUXTYPE=targeted
[root@localhost ~]#
Save the
file and RESTART the system. Without restart of system SELINUX mode will not be
changed permanently.