SELinux management
From TBwiki
(Difference between revisions)
(creation) |
(fix format) |
||
| Line 3: | Line 3: | ||
The following command will retreive the SELinux status of your system (output may vary):<br> | The following command will retreive the SELinux status of your system (output may vary):<br> | ||
| − | + | sestatus | |
exemple from CentOS 5.3<br> | exemple from CentOS 5.3<br> | ||
| − | + | SELinux status: enabled | |
| + | SELinuxfs mount: /selinux | ||
| + | Current mode: permissive | ||
| + | Mode from config file: permissive | ||
| + | Policy version: 21 | ||
| + | Policy from config file: targeted | ||
| + | |||
== How to disable SELinux<br> == | == How to disable SELinux<br> == | ||
| Line 13: | Line 19: | ||
=== Disable SELinux now<br> === | === Disable SELinux now<br> === | ||
| − | + | setenforce 0 | |
Warning: SELinux will start again if configuration is not changed.<br> | Warning: SELinux will start again if configuration is not changed.<br> | ||
| Line 23: | Line 29: | ||
Edit the file:<br> | Edit the file:<br> | ||
| − | + | vi /etc/selinux/config> | |
Set the line to SELINUX=disabled <br> | Set the line to SELINUX=disabled <br> | ||
| − | + | # This file controls the state of SELinux on the system. | |
| + | # SELINUX= can take one of these three values: | ||
| + | # enforcing - SELinux security policy is enforced. | ||
| + | # permissive - SELinux prints warnings instead of enforcing. | ||
| + | # disabled - SELinux is fully disabled. | ||
| + | SELINUX=disabled <------ Line to modify | ||
| + | # SELINUXTYPE= type of policy in use. Possible values are: | ||
| + | # targeted - Only targeted network daemons are protected. | ||
| + | # strict - Full SELinux protection. | ||
| + | SELINUXTYPE=targeted | ||
Revision as of 15:22, 26 February 2010
Contents |
How to get SELinux status
The following command will retreive the SELinux status of your system (output may vary):
sestatus
exemple from CentOS 5.3
SELinux status: enabled SELinuxfs mount: /selinux Current mode: permissive Mode from config file: permissive Policy version: 21 Policy from config file: targeted
How to disable SELinux
Disable SELinux now
setenforce 0
Warning: SELinux will start again if configuration is not changed.
Disable SELinux at next reboot
Edit the file:
vi /etc/selinux/config>
Set the line to SELINUX=disabled
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=disabled <------ Line to modify # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted
