Tech Junkie Blog - Real World Tutorials, Happy Coding!: Linux CentOS In-Depth: Securing Your System With SELinux, Enabling SELinux in Enforcing Mode (Part 1)

Monday, January 21, 2019

Linux CentOS In-Depth: Securing Your System With SELinux, Enabling SELinux in Enforcing Mode (Part 1)

Security Enhanced Linux (SELinux) is a set of kernel medications developed by the NSA and later distributed to the public to secure computer systems.  Most people would disable it on install because it's a pain to work with.  But, if configured correctly it could harden your system considerably.

First let's install all the packages that we need for SELinux with the following yum command

yum install policycoreutils policycoreutils-python selinux-policy selinux-policy-targeted libselinux-utils setroubleshoot-server setools setools-console mcstrans















Select "y" when asked for a confirmation.

Now we want to see if SELinux is enabled by getting the status with this command

getenforce | sestatus














As we can see SELinux is enabled on our system.  Currently it is enabled at the highest level which is enforcing.

There are security mode in SELinux, they are the following:

  • Enforcing - In this mode all access from users or processes that are not authorized are denied, and the even will be logged.
  • Permissive - In this mode as the name implies is permission meaning non of the access is denied.  This will be the mode we start out with because we want to test and SELinux using this mode.
  • Disabled - Means SELinux is not enabled.
The first we want to do is set the security mode to "Permissive" so that we can setup and configure SELinux.

Open the file /etc/selinux/config with your favorite editor and change the line SELinux=enforcing to SELinux=permissive so that all files can be labeled



















To get into Permissive mode you have to reboot the system type in the command reboot now






Now let's check to see that the Permissive mode was successful with the command grep 'SELinux' /var/log/messages




The next step is to change /etc/selinux/config file back to SELINUX back to enforcing, then reboot the system again.


















7 comments:

  1. Thanks for such a great article here. I was searching for something like this for quite a long time and at last, I’ve found it on your blog. It was definitely interesting for me to read about their market situation nowadays.iot certification chennai | iot training courses in chennai | iot training in chennai | iot training in chennai quora

    ReplyDelete
  2. Interesting information and attractive.This blog is really rocking... Yes, the post is very interesting and I really like it.I never seen articles like this. I meant it's so knowledgeable, informative, and good looking site. I appreciate your hard work. Good job.
    Kindly visit us @
    Sathya Online Shopping
    Buy AC Online | AC Online Shopping | AC Price | Buy Air Conditioner Online
    Inverter Split AC | Best Inverter AC | Split AC Price | Buy Split AC Online
    Smart LED TV | Smart TV Price | LED TV Online | Buy LED TV Online
    Laptop Online | Laptop Price | Buy Laptop Online | Best Laptop
    Buy HD LED TV
    Buy Ultra HD TV Online
    Buy Mobile Online | Buy Smartphone Online in India

    ReplyDelete
  3. Linux VPS is another facilitating choice which depends on server dividing. The web facilitating server would now be able to be parceled for all intents and purposes and gave to site proprietors or affiliates who might have total access and responsibility for offer of the server. https://1gbits.com/linux-vps/

    ReplyDelete
  4. Picking the sort of web facilitating for a site is a standout amongst the most essential choices that a site proprietor will make. https://monovm.com/dedicated/

    ReplyDelete