SELinux stands for Security-Enhanced Linux, a set of security modules/policies are going to apply on the machine to increase the overall security of the server. In this, modules have been loaded into kernel while accessing files/services which improves security.

SELinux was introduced in RHEL5, and it is extra secure compared to PAM.

SELinux Modes

Enforcing – In this mode, the policy will be enforced. SELinux can prevent the system from being accessed by an application.

Permissive – In this mode, the SELinux will allow access, but everything events will be logged.

Disabled – In this mode, the SELinux is disabled.

SELinux Status

Check the current status of SELinux.

getenforce
Output
Enforcing

OR

You can use the below command.

sestatus
Output
SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 28

In the above output, you can see SELinux is currently enabled and in Enforcing Mode.

Disable SELinux

The main reason for disabling SELinux is that some of the applications won’t work expected and may cause the disturbance to the functionality of the application.

Temporary

You can use the setenforce command to disable SELinux temporarily. This setting will stay until you reboot the machine.

setenforce 0

Permanent

To disable permanently, you will need to edit the /etc/selinux/config file and change the status from
enforcing to disabled.

vi /etc/selinux/config

Change From:

SELINUX=enforcing

To:

SELINUX=disabled

Reboot the machine upon modifying the SELinux mode.

reboot

Check the SELinux status after reboot.

getenforce
Output
Disabled

Conlcusion

That’s All. You have successfully disabled SELinux on CentOS 7. Please share your feeedback in comments section.

Previous
Next
POSTS YOU MAY LIKE
comments powered by Disqus