SELinux management
From TBwiki
(Difference between revisions)
(creation) |
|||
| (3 intermediate revisions by 2 users not shown) | |||
| Line 3: | Line 3: | ||
The following command will retreive the SELinux status of your system (output may vary):<br> | The following command will retreive the SELinux status of your system (output may vary):<br> | ||
| − | + | sestatus | |
exemple from CentOS 5.3<br> | exemple from CentOS 5.3<br> | ||
| − | + | SELinux status: enabled | |
| + | SELinuxfs mount: /selinux | ||
| + | Current mode: permissive | ||
| + | Mode from config file: permissive | ||
| + | Policy version: 21 | ||
| + | Policy from config file: targeted | ||
| + | |||
| + | <br> | ||
== How to disable SELinux<br> == | == How to disable SELinux<br> == | ||
| − | === | + | === Set SELinux to permissive (not truly disabled)<br> === |
| − | + | setenforce 0 | |
| − | + | ||
| − | + | ||
<br> | <br> | ||
| − | === Disable SELinux | + | === Disable SELinux entirely<br> === |
Edit the file:<br> | Edit the file:<br> | ||
| − | + | vi /etc/selinux/config | |
Set the line to SELINUX=disabled <br> | Set the line to SELINUX=disabled <br> | ||
| − | + | # This file controls the state of SELinux on the system. | |
| + | # SELINUX= can take one of these three values: | ||
| + | # enforcing - SELinux security policy is enforced. | ||
| + | # permissive - SELinux prints warnings instead of enforcing. | ||
| + | # disabled - SELinux is fully disabled. | ||
| + | SELINUX=disabled <------ Line to modify | ||
| + | # SELINUXTYPE= type of policy in use. Possible values are: | ||
| + | # targeted - Only targeted network daemons are protected. | ||
| + | # strict - Full SELinux protection. | ||
| + | SELINUXTYPE=targeted | ||
| + | |||
| + | Reboot or use the setenforce command:<br> | ||
| + | <pre>shutdown -r now | ||
| + | or | ||
| + | setenforce 0 | ||
| + | </pre> | ||
Latest revision as of 07:46, 22 July 2011
Contents |
How to get SELinux status
The following command will retreive the SELinux status of your system (output may vary):
sestatus
exemple from CentOS 5.3
SELinux status: enabled SELinuxfs mount: /selinux Current mode: permissive Mode from config file: permissive Policy version: 21 Policy from config file: targeted
How to disable SELinux
Set SELinux to permissive (not truly disabled)
setenforce 0
Disable SELinux entirely
Edit the file:
vi /etc/selinux/config
Set the line to SELINUX=disabled
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=disabled <------ Line to modify # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted
Reboot or use the setenforce command:
shutdown -r now or setenforce 0
