Selinux in Linux | SELINUX is
the set of security kernel modules which enhance the security on the unix
machine by Appling it on to the machine. This security module is loaded into
the kernel of the machine. .Full form of SELINUX is Security Enhanced Linux.
Three modes
are present.
Type of modes of SELINUX
1)Enforcing: SELINUX security policies are
enforced and action should be blocked and log is listed into the audit log.
2)Permissive: In this mode it gives warning
instead of enforcing and log is listed into the audit log
3)Disabled: No selinux policies are active in
this mode.
Change mode of SELINUX from enforcing to disabled
To change
mode of selinux from enforcing to disabled reboot is required.
To disable
seliux first we have to go the path “/etc/selinux/config” and set the selinux
value to disabled like this:
# This file controls
the state of SELinux on the system.
# SELINUX= can take
one of these three values:
# enforcing - SELinux
security policy is enforced.
# permissive - SELinux
prints warnings instead of enforcing.
# disabled - No
SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can
take one of these two values:
# targeted - Targeted
processes are protected,
# mls - Multi Level
Security protection.
SELINUXTYPE=targeted
After changing this parameter value
we must reboot the system .we reboot the
system
using the below command.
#shutdown
–r now
 |
| Concept of selinux with practical examples |
Change
mode Of SELINUX from enforcing to permissive
To change
mode of selinux from enforcing to permissive without reboot we can execute the
below command.
#setenforce
0
After
execute this command we can verify the output using the following command.
#getenforce
We can
change the mode of selinux from enforcing to permissive permanently,but reboot
is required for this operation. We go to the path “/etc/selinux/config” and the
set the selinux value to permissive like this.
# This file controls
the state of SELinux on the system.
# SELINUX= can take
one of these three values:
# enforcing - SELinux
security policy is enforced.
# permissive - SELinux
prints warnings instead of enforcing.
# disabled - No
SELinux policy is loaded.
SELINUX= permissive
# SELINUXTYPE= can
take one of these two values:
# targeted - Targeted
processes are protected,
# mls - Multi Level
Security protection.
SELINUXTYPE=targeted
After
changing this parameter value we must reboot the system .we reboot the system
using the below command.
#shutdown
–r now
Check
the status of SELINUX
To check
the status of selinux execute the below command:
# sestatus
SELinux status:
disabled
If this article is useful to know Selinux in Linux please share and subscribe it
If this article is useful to know Selinux in Linux please share and subscribe it
Well explained.Keep udpating Devops Online Training
ReplyDelete