How to Enable or Disable SELinux in Different Modes?
SELinux stands for Security-Enhanced Linux. SELinux is just like the Windows firewall, but it is more secure and private. It manages all the access control policies. We can control the status of SELinux security by using some direct commands or by actually going to the SELinux configuration file and editing the status. SELinux can have three values, enforcing, permissive and disabled. Enforcing means SELinux security policy is enforced. Permissive means SELinux is not enforcing but will print warnings. Disabled means it is not enforcing and also not print warning.
Check the Status
When SELinux is enforcing:
When SELinux is Permissive:
Two ways to Enable or Disable SELinux:
- Through commands.
- Edit SELinux config file.
#setenforce Enforcing #getenforce
#setenforce Permissive #getenforce
Instead of Enforcing and Permissive, you can also use 1 and 0 respectively. For example
#setenforce 0 #getenforce
Edit SELinux Configuration File:
Open SELinux configuration file in vi editor. It is located at /etc/selinux/config
Now edit status to disabled
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted ~ ~ ~ ~ ~ ~ ~ ~ "/etc/selinux/config" 14L, 548C
Now press ESC and type :wq and hit Enter to save it. Now check the status of SELinux using getenforce command.
NOTE: You need to restart the system to actually see the changes occur. Hence, we have disabled the SELinux service by editing the configuration file.