Security Enhanced Linux is the full name for SELinux. It is a Linux kernel tool that provides means for supporting access control security policies. NSA describes SELinux as a set of Linux kernel patches and utilities to provide a powerful and flexible Mandatory Access Control for the Linux Kernel. A Linux Kernel having SELinux enforces mandatory access control policies. This MAC policy confines user programs and system services, as well as access to files and network resources. Limiting access to the minimum required to work reduces or eliminates the ability of these programs and daemons to cause harm if faulty or compromised. The security of a Linux system (having no SELinux support) depends on the correctness of the kernel, all the privileged applications, and each of their configurations. A fault in any one of these areas may allow the compromise of the entire system.
Why Disable SELinux?
New Linux installations have this feature on by default. Due to this, some applications can’t access the files and networks that are protected. Running applications such as cPanel and Plesk requires full access to the files and resources of the system. As a security measure, SElinux stops these processes as they have the ability to modify the system. But you know that these tools are web hosting control panels that require certain modifications to the SELinux in order to run at its full capability.
SELinux has three modes:
- Enforcing: SELinux allows access based on SELinux policy rules.
- Permissive: SELinux only logs actions that would have been denied if running in enforcing mode.
- Disabled: No SELinux policy is loaded.
How To Disable SELinux On CentOS 7
Firstly, we will check the status of the SELinux. To find the status of the mode enter the given command in the terminal.
# sestatus
We can see that currently, the status is enabled and the working mode is Enforced with targeted policy rules.
Disable SELinux Temporarily
Use the given command to change the mode temporarily to permissive. This command only changes the mode for the runtime session.
# setenforce permissive
After entering the command check the status of the current mode and it will be changed to permissive. Doing a restart or log out will change the mode back to enforcing.
Disable SELinux Permanently
To disable SELinux permanently we have to edit the configuration file of SELinux. To do that type in the given command in the terminal. This will open the conf file in read mode.
# vi /etc/sysconfig/selinux
Press I to edit the file and change it to disabled. After that press :wq to write the changes to the file and quit the editor.
Check the status again.
# sestatus
Conclusion
SELinux is a great security tool. However, for some apps, it can be a bit disturbing and inconvenient. In this guide, we learned about SELinux and its different modes. We also learned methods to disable the SELinux temporarily and permanently. That’s it for today.
