Concept of SELINUX with practical examples



Selinux in Linux | SELINUX is the set of security kernel modules which enhance the security on the unix machine by Appling it on to the machine. This security module is loaded into the kernel of the machine. .Full form of SELINUX is Security Enhanced Linux.
Three modes are present.

Type of modes of SELINUX

1)Enforcing: SELINUX security policies are enforced and action should be blocked and log is listed into the audit log.
2)Permissive: In this mode it gives warning instead of enforcing and log is listed into the audit log
3)Disabled: No selinux policies are active in this mode.

Change mode of SELINUX from enforcing to disabled 

To change mode of selinux from enforcing to disabled reboot is required.
To disable seliux first we have to go the path “/etc/selinux/config” and set the selinux value to disabled like this:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted

After changing this parameter value we must reboot the system .we reboot the
system using the below command.

#shutdown –r now

Concept of selinux with practical examples
Concept of selinux with practical examples


 Change mode Of SELINUX from enforcing to permissive

To change mode of selinux from enforcing to permissive without reboot we can execute the below command.

#setenforce 0

After execute this command we can verify the output using the following command.

#getenforce

We can change the mode of selinux from enforcing to permissive permanently,but reboot is required for this operation. We go to the path “/etc/selinux/config” and the set the selinux value to permissive like this.

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX= permissive
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted

After changing this parameter value we must reboot the system .we reboot the system using the below command.
#shutdown –r now

 Check the status of SELINUX

To check the status of selinux execute the below command:
# sestatus
SELinux status: disabled


If this article is useful to know  Selinux in Linux  please share and subscribe it

SHARE

Admin

  • Image
  • Image
  • Image
  • Image
  • Image
    Blogger Comment
    Facebook Comment

1 comments: