HOME RESTORATION DIGITAL PHOTOS DIGITAL BOOKS PROFESSIONAL HISTORY CONTACT ME


CentOS 7 SELinux Configuration

Domain name: example.com     Realm name: EXAMPLE.COM

Workgroup: EXAMPLE     Server IP address: xx.xx.xx.xx

Server name: linuxsvr01     Client name: linuxclnt01

Root password: ?Pa55w0rd!

There are many different opinions on whether SELinux should be set to enforcing or permissive and some talk about disabling it. I have found that setting SELinux to permissive works well in a lab situation.

To see the status of SELinux, issue the following command which shows the printout below

# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28

SELinux status is enforcing, to change it open the /etc/selinux config file with your preferred text editor.

# vi /etc/selinux/config
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

The line highlighted needs to be changed from enforcing to permissive

Reboot the machine for the changes to take effect.

After login and in terminal reissue the command sestatus which will show the new printout with the Current mode and Mode from config file now set to permissive

# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          permissive
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28

That's it! This change should allow us to install, configure and issue commands without problem.