how to disable selinux in linux

how to disable selinux in linux

RSY Digital World Logo

how to disable selinux in linux

Before we dig into how to disable selinux in linux ,lets understand it what exactly we have to achieve.

What is SELINUX ?

SELINUX stands for Security Enhance Linux. SELINUX is a security architecture integrated into kernel using Linux Security Modules [LSM].This was project from NSA (an united state national security agency) and SELinux community. SELinux integration into RHEL was a joint effort from NSA & Red hat.


How SELINUX Works ?

SELinux provides a flexible Mandatory Access Control 9MAC system built into the linux kernel. Standard Linux Discretionary Access Control (DAC)  an application or process running as a user (UID/SUID) has the user’s  permission to objects such as files, sockets, and other processes.

Running a MAC kernel protects the system from malicious applications that can damage or destroy the system.

SELinux defines the access and transition rights of every user, application, process and file on the system. SELinux then governs interaction of these entities using a security policy that specifies how strict or lenient a given RHEL installation should be.

eBook Deal of the Day                                                       Download ISO 45001:2018

It have various modes

  1. Enforcing – SELinux security policy is enforced.
  2. Permissive – SELinux system prints warnings but does not enforce policy.
  3. Disabled – SELinux is fully Disabled.

SELinux Utilities

# getenforce    ==>Display the current status of SELinux configuration status.       
Another utility you can use to get the detailed status of SELinux is as below.
# sestatus -v    ==> Display detailed status of a system running SELinux.
# setenforce     ==> It modifies the role in which SELinux runs in real time.
# setenforce 0  ==> SELinux runs in enforcing mode.
Download ISO Conformity Assessment Standards
# setenforce 1  ==> SELinux runs in enforcing mode.
By default it is set to enforcing means SELINUX is enabled.

So let’s see if we have to disable it permanently in RHEL7. Run either of command to take current status.

# getenforce
# cat /etc/selinux/config
SELinux current config

# cp -p /etc/selinux/config /var/tmp/config
# vi /etc/selinux/config       ==> Change SELINUX=enforcing  to SELINUX=disabled
# reboot   ==>  reboot server change to take effect.Once server is back online please
validate that it is disabled.
# getenforce  ==> It will show Disabled now.

That’s it. This is all about how to disable selinux in rhel 7.

Download ISO14000 Environmental Management Standards

If you like our work.Please share & like us on social media to extend your support .

Raj Rai

Raj Rai is an experienced IT Infrastructure Professional with more than 15 years of experience in IT Infrastructure Management. Raj Raj have keen interest in sharing his real world experience in his spare time as his social responsibility for IT infrastructure field. This is his contribution for IT infrastructure management sector for either newbie or even experienced professionals in unix linux cloud network and storage administration field.

This Post Has One Comment

  1. tahalaka news

    Amazing topic still have point of discussion why to disable.It is really important for server security.

Leave a Reply