How to disable SELINUX permanently in RHEL 7
Before we dig into how to disable SELINUX permanently in RHEL 7 ,lets understand it what exactly we have to achieve.
What is SELINUX ?
SELINUX stands for Security Enhance Linux. SELINIX is a security architecture integrated into kernel using Linux Security Modules [LSM].This was project from NSA (an united state national security agency) and SELinux community. SELinux integration into RHEL was a joint effort from NSA & Red hat.
How SELINIX Works ?
SELinux provides a flexible Mandatory Access Control 9MAC) system built into the linux kernel. Standard Linux Discretionary Access Control (DAC) an application or process running as a user (UID/SUID) has the user’s permission to objects such as files, sockets, and other processes.
Running a MAC kernel protects the system from malicious applications that can damage or destroy the system.
SELinux defines the access and transition rights of every user, application, process and file on the system. SELinux then governs interaction of these entities using a security policy that specifies how strict or lenient a given RHEL installation should be.
It have various modes
- Enforcing – SELinux security policy is enforced.
- Permissive – SELinux system prints warnings but does not enforce policy.
- Disabled – SELinux is fully Disabled.
# getenforce //Display the current status of SELinux configuration status//
[[email protected]]# getenforce
Another utility you can use to get the detailed status of SELinux is as below.
#sestatus -v //Display detailed status of a system running SELinux//
# setenforce //It modifies the role in which SELinux runs in real time.//
# setenforce 0 //SELinux runs in enforcing mode.//
# setenforce 1 //SELinux runs in enforcing mode.//
By default it is set to enforcing means SELINUX is enabled.
So let’s see if we have to disable it permanently in RHEL7. Run either of command to take current status.
# cat /etc/selinix/config
# cp -p /etc/selinix/config /var/tmp/config
#vi /etc/selinix/config and change SELINUX=enforcing to SELINUX=disabled
# reboot //reboot the server to make change to take effect. Once back online validate to confirm it is disabled.//
# getenforce //It will show Disabled now.//
That’s it. This is all about how to disable SELINUX in RHEL 7.