SELINUX: Set enforcing and permissive modes for SELinux.

Share this link

Note: This is an RHCSA 7 exam objective.

Presentation

SELinux stands for Security-Enhanced Linux. It is a way to improve the server security.

The /etc/selinux/config file stores the current configuration:

# more /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

SELinux can run in three different modes (enforcing, permissive and disabled) well described in the above file.
Besides the mode, there is a SELinux type (targeted, minimum and mls). Except if you work in a military agency, you will never need to change the targeted type.

Configuration

To get the current SELinux status:

# sestatus

To set enforcing mode, type:

# setenforce enforcing

To make this change permanent, edit the /etc/sysconfig/selinux file (or the /etc/selinux/config file) and replace the following value:

SELINUX=enforcing

Alternatively, to set permissive mode, type:

# setenforce permissive

To make this change permanent, edit the /etc/sysconfig/selinux file (or the /etc/selinux/config file) and replace the following value:

SELINUX=permissive

To make the reboot mandatory to change the configuration (-P can be added but with caution), type:

# setsebool secure_mode_policyload on

Additional Resources

Also, you can:

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Leave a Reply

6 Comments on "SELINUX: Set enforcing and permissive modes for SELinux."

Notify of
Sort by:   newest | oldest
chrisman
Member
chrisman

I would like to ask the following because I have searched the web for a long time but I can’t find info.
How can I find which types of context can be accessed by the httpd_t domain for example?
Of course I am not meaning these that are at the /var/www
Thanks in Advance and I am sorry for the too many questions.

timlee
Member
timlee

If in the exam, I am asked to set SELinux to enforcing, can I do it at the end? How will it affect my other configurations?

wpDiscuz

RHCSA7: Task of the day

Allowed time: 10 minutes.
Create a XFS file system of 100MB. Mount it under /mnt. Then, increase its size by 50MB.

RHCE7: Task of the day

Allowed time: 10 minutes.
Set up a default secure MariaDB database called maria with a user named muser with all privileges.

Poll for favorite RHEL 7 book

What is your favorite RHEL 7 book to prepare RHCSA & RHCE exams?

View Results

Loading ... Loading ...

Poll for most difficult RHCSA 7 topic

What do you think is the most difficult RHCSA 7 topic?

View Results

Loading ... Loading ...

Poll for most difficult RHCE 7 topic

What do you think is the most difficult RHCE 7 topic?

View Results

Loading ... Loading ...