how to disable selinux in linux
Before we dig into how to disable selinux in linux ,lets understand it what exactly we have to achieve.
Table of Contents
What is SELINUX ?
SELINUX stands for Security Enhance Linux. SELINUX is a security architecture integrated into kernel using Linux Security Modules [LSM].This was project from NSA (an united state national security agency) and SELinux community. SELinux integration into RHEL was a joint effort from NSA & Red hat.
How SELINUX Works ?
SELinux provides a flexible Mandatory Access Control 9MAC system built into the linux kernel. Standard Linux Discretionary Access Control (DAC) an application or process running as a user (UID/SUID) has the user’s permission to objects such as files, sockets, and other processes.
Running a MAC kernel protects the system from malicious applications that can damage or destroy the system.
SELinux defines the access and transition rights of every user, application, process and file on the system. SELinux then governs interaction of these entities using a security policy that specifies how strict or lenient a given RHEL installation should be.
It have various modes
- Enforcing – SELinux security policy is enforced.
- Permissive – SELinux system prints warnings but does not enforce policy.
- Disabled – SELinux is fully Disabled.
# getenforce ==>Display the current status of SELinux configuration status. enforcing Another utility you can use to get the detailed status of SELinux is as below. # sestatus -v ==> Display detailed status of a system running SELinux. # setenforce ==> It modifies the role in which SELinux runs in real time. # setenforce 0 ==> SELinux runs in enforcing mode. Download ISO Conformity Assessment Standards # setenforce 1 ==> SELinux runs in enforcing mode. By default it is set to enforcing means SELINUX is enabled.
So let’s see if we have to disable it permanently in RHEL7. Run either of command to take current status.
Workaround # getenforce enforcing # cat /etc/selinux/config # cp -p /etc/selinux/config /var/tmp/config # vi /etc/selinux/config ==> Change SELINUX=enforcing to SELINUX=disabled # reboot ==> reboot server change to take effect.Once server is back online please validate that it is disabled. # getenforce ==> It will show Disabled now. That’s it. This is all about how to disable selinux in rhel 7. Download ISO14000 Environmental Management Standards
If you like our work.Please share & like us on social media to extend your support .