Tech Junkie Blog - Real World Tutorials, Happy Coding!: Linux CentOS In-Depth: Securing Your System With SELinux, Enabling SELinux in Enforcing Mode (Part 1)

Monday, January 21, 2019

Linux CentOS In-Depth: Securing Your System With SELinux, Enabling SELinux in Enforcing Mode (Part 1)

Security Enhanced Linux (SELinux) is a set of kernel medications developed by the NSA and later distributed to the public to secure computer systems.  Most people would disable it on install because it's a pain to work with.  But, if configured correctly it could harden your system considerably.

First let's install all the packages that we need for SELinux with the following yum command

yum install policycoreutils policycoreutils-python selinux-policy selinux-policy-targeted libselinux-utils setroubleshoot-server setools setools-console mcstrans

Select "y" when asked for a confirmation.

Now we want to see if SELinux is enabled by getting the status with this command

getenforce | sestatus

As we can see SELinux is enabled on our system.  Currently it is enabled at the highest level which is enforcing.

There are security mode in SELinux, they are the following:

  • Enforcing - In this mode all access from users or processes that are not authorized are denied, and the even will be logged.
  • Permissive - In this mode as the name implies is permission meaning non of the access is denied.  This will be the mode we start out with because we want to test and SELinux using this mode.
  • Disabled - Means SELinux is not enabled.
The first we want to do is set the security mode to "Permissive" so that we can setup and configure SELinux.

Open the file /etc/selinux/config with your favorite editor and change the line SELinux=enforcing to SELinux=permissive so that all files can be labeled

To get into Permissive mode you have to reboot the system type in the command reboot now

Now let's check to see that the Permissive mode was successful with the command grep 'SELinux' /var/log/messages

The next step is to change /etc/selinux/config file back to SELINUX back to enforcing, then reboot the system again.


  1. Thanks for such a great article here. I was searching for something like this for quite a long time and at last, I’ve found it on your blog. It was definitely interesting for me to read about their market situation nowadays.iot certification chennai | iot training courses in chennai | iot training in chennai | iot training in chennai quora