How to disable SELINUX in RHEL 7

RSY Digital World Logo

How to disable SELINUX permanently in RHEL 7

Before we dig into how to disable SELINUX permanently in RHEL 7 ,lets understand it what exactly we have to achieve.

What is SELINUX ?

SELINUX stands for Security Enhance Linux. SELINIX is a security architecture integrated into kernel using Linux Security Modules [LSM].This was project from NSA (an united state national security agency) and SELinux community. SELinux integration into RHEL was a joint effort from NSA & Red hat.

                                                                                                                                                                                                                         

How SELINIX Works ?

SELinux provides a flexible Mandatory Access Control 9MAC) system built into the linux kernel. Standard Linux Discretionary Access Control (DAC)  an application or process running as a user (UID/SUID) has the user’s  permission to objects such as files, sockets, and other processes.

Running a MAC kernel protects the system from malicious applications that can damage or destroy the system.

SELinux defines the access and transition rights of every user, application, process and file on the system. SELinux then governs interaction of these entities using a security policy that specifies how strict or lenient a given RHEL installation should be.

eBook Deal of the Day

It have various modes

  1. Enforcing – SELinux security policy is enforced.
  2. Permissive – SELinux system prints warnings but does not enforce policy.
  3. Disabled – SELinux is fully Disabled.

Download ISO 45001:2018

SELinux Utilities

# getenforce                                          //Display the current status of SELinux configuration status//

[[email protected]]# getenforce

enforcing

Another utility you can use to get the detailed status of SELinux is as below.

#sestatus -v               //Display detailed status of a system running SELinux//

SELinux Detailed Status snap

 

 

 

 

 

 

 

# setenforce                                //It modifies the role in which SELinux runs in real time.//

# setenforce 0                             //SELinux runs in enforcing mode.//

Download ISO Conformity Assessment Standards

# setenforce 1                             //SELinux runs in enforcing mode.//

By default it is set to enforcing means SELINUX is enabled.

So let’s see if we have to disable it permanently in RHEL7. Run either of command to take current status.

Workaround

# getenforce

enforcing

# cat /etc/selinux/config

SELinux current config

 

 

 

 

 

# cp -p /etc/selinix/config /var/tmp/config

#vi /etc/selinix/config               and change SELINUX=enforcing  to SELINUX=disabled

# reboot                                          //reboot the server to make change to take effect. Once back online validate to confirm it is disabled.//

# getenforce              //It will show Disabled now.//

Download ISO14000 Environmental Management Standards

That’s it. This is all about how to disable SELINUX in RHEL 7.

Newsletter Signup Form

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *