Tech Junkie Blog - Real World Tutorials, Happy Coding!: Linux CentOS In-Depth: Securing Your System With SELinux, Enabling SELinux in Enforcing Mode (Part 1)

Thursday, May 27, 2021

Linux CentOS In-Depth: Securing Your System With SELinux, Enabling SELinux in Enforcing Mode (Part 1)

Security Enhanced Linux (SELinux) is a set of kernel medications developed by the NSA and later distributed to the public to secure computer systems.  Most people would disable it on install because it's a pain to work with.  But, if configured correctly it could harden your system considerably.

First let's install all the packages that we need for SELinux with the following yum command

yum install policycoreutils policycoreutils-python selinux-policy selinux-policy-targeted libselinux-utils setroubleshoot-server setools setools-console mcstrans















Select "y" when asked for a confirmation.

Now we want to see if SELinux is enabled by getting the status with this command

getenforce | sestatus














As we can see SELinux is enabled on our system.  Currently it is enabled at the highest level which is enforcing.

There are security mode in SELinux, they are the following:

  • Enforcing - In this mode all access from users or processes that are not authorized are denied, and the even will be logged.
  • Permissive - In this mode as the name implies is permission meaning non of the access is denied.  This will be the mode we start out with because we want to test and SELinux using this mode.
  • Disabled - Means SELinux is not enabled.
The first we want to do is set the security mode to "Permissive" so that we can setup and configure SELinux.

Open the file /etc/selinux/config with your favorite editor and change the line SELinux=enforcing to SELinux=permissive so that all files can be labeled



















To get into Permissive mode you have to reboot the system type in the command reboot now






Now let's check to see that the Permissive mode was successful with the command grep 'SELinux' /var/log/messages




The next step is to change /etc/selinux/config file back to SELINUX back to enforcing, then reboot the system again.


















8 comments:

  1. To be honest your article is informative and very helpful. Hp Laptop
    Hp Laptop online

    ReplyDelete
  2. Get yourself this fantastic stainless-steel rocker garlic press. Comfortable grip and rocking motion allows you to crush the garlic in record time. Easy to store and

    clean.
    garlic crusher
    cell phone holder for car

    ReplyDelete
  3. I think this is among the most significant info for me. And i’m glad reading your article.
    skills you can learn online

    ReplyDelete

  4. MyMovers is a team of technically-skilled and experienced Packers and movers in Bangalore who deliver their services across India. They provide various services to their customers to remove the word Shifting bizarre from the dictionary.
    movers and packers in Bangalore
    Packers and movers in Bangalore

    ReplyDelete

Search This Blog