How to Configure SELinux?
Linux comes with pre-set SELinux security rules, making it easy to configure. Admins can also create their own rules. There are two main ways to configure SELinux – permanently or just for the current session.
Configure SELinux Permanently
To set SELinux rules that stay even after restarting, edit the /etc/selinux/config file. This file controls the SELinux settings. In this file you can change the SELINUX variable to the below.
- enforcing (blocks unauthorized access)
- permissive (logs access attempts but doesn’t block)
- disabled (turns off SELinux completely)
For example to set the permissive mode follow the below steps :
1. Open the config file in any text editor like vim, nano and gedit etc and then Change the SELINUX=permissive after that Save and exit.
2. Restart your computer and then Use the below command to verify the new setting is applied.
Command :
sudo sesstatus
Output :
Configure SELinux Temporarily
You can also change SELinux settings just for your current session. These changes get reset after the restarting. Use the “setenforce” command to Enable selinux temporarily use the first command to Turn on enforcing mode and use the second command to Turn off enforcing mode.
Command :
setenforce 0
setenforce 1
Output :
What is SELinux?
SELinux is a special security system built into Linux computers. It helps keep your computer safe and secure. With SELinux, different programs and users on the computer have limited permissions. This means each program or user can only access certain files and do certain actions that they are allowed to do. For example, The web browser can connect to the internet but it cannot read your private documents. This prevents viruses and hackers from gaining full control over your system if they get into one program.
SELinux sets rules about what different programs and users are permitted to do. System administrators enable SELinux and set up these security rules based on their needs.
Table of Content
- What Is SELinux?
- How Security-Enhanced Linux Works?
- SELinux Policies
- SELinux Labels and Type Enforcement
- SELinux Modes
- How to Configure SELinux?
- Configure SELinux Permanently
- Configure SELinux Temporarily
- Linux vs. SELinux: What are the Differences?
- AppArmor vs. SELinux
Contact Us