Tuesday 3 December 2019

How to Disable SE-Linux on CentOS 8




SE-Linux, or Security-Enhanced Linux, is a set of security modules which are loaded in to kernel to improve security on accessing services/files which improve security. 

This article describes How to Disable SE-Linux on CentOS 8.

Step 1: Confirm SE-Linux Current Status: Run the following commands getenforce or sestatus to check SE-Linux current status:

[root@linuxcnf ~]# getenforce
Enforcing
[root@linuxcnf ~]#

[root@linuxcnf ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      31
[root@linuxcnf ~]#

Step 2: Change the Configuration: Modify the SE-Linux configuration file and Change ‘SELINUX=enforcing’ to ‘SELINUX=permissive’ or ‘SELINUX=disabled’ and save the configuration file:

[root@linuxcnf ~]# vi /etc/sysconfig/selinux

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

[root@linuxcnf ~]#

Step 3: Finally, Reboot the system to reflect the changes:

[root@linuxcnf ~]# reboot

Done!!! SE-Linux is disabled successfully.

No comments:

Post a Comment