How to change Selinux Mode in Linux

Changing SELinux Modes:

Into this article in we will learn about the Selinux and changing mode of selinux.

Basic Selinux Concepts :

Selinux is a security enhancement to linux that allows users and administrators more control over which users and applications can access which resources, such as files. Standard Linux access controls, such as file modes (-rwxr-xr-x) are modifiable by the user and applications that the user runs, whereas SELInux access controls are determined by a policy loaded on the system and not changeable by careless users or misbehaving applications.

Modes Of SELinux:

There are three modes in which SElinux can be at a time, they are Enforcing, Premissive and Disabled
  • Enforcing

 

Enable and enforce the SELinux security policy on
the system, denying access and logging actions.
  • Permissive

 

Permissive mode is similar to debugging Mode. In
permissive Mode, SELinux policies and rules are applied to subjects and objects,
but actions ( for example, Access Control denials) are not affected. The
biggest advantage of permissive mode is that log files and error messages are
generated based on the SELinux policy implemented.
  • Disabled

 

SELinux is turned off and no warn and log messages
will be generated and stored.
How
to check SELinux Status in Linux.
 
To check the selinux
mode There are two commands.
#getenforce
 
[root@linuxelearn
~]# getenforce
Enforcing
[root@linuxelearn
~]#
#sestatus
 
[root@linuxelearn
~]# sestatus
SELinux
status:                 enabled
SELinuxfs
mount:                /selinux
Current
mode:                   enforcing
Mode
from config file:          enforcing
Policy
version:                 24
Policy
from config file:        targeted
[root@linuxelearn
~]#
Changing
the Modes of Selinux
 
To change the mode of selinux the syntax is
#setenforce
<option>
 
In
this commands Options used are 0 and 1
( Where 0 means Permissive and  1 means Enforcing )
To Change the SELinux Mode to Permissive in linux
use following command.
 
#setenforce
0
 
Verify it using getenforce
or sestatus  Commands.
[root@linuxelearn
~]# getenforce
Enforcing
[root@linuxelearn
~]# setenforce 0
[root@linuxelearn
~]# getenforce
Permissive
[root@linuxelearn
~]# sestatus
SELinux
status:                 enabled
SELinuxfs
mount:                /selinux
Current
mode:                   permissive
Mode
from config file:          enforcing
Policy
version:                 24
Policy
from config file:        targeted
[root@linuxelearn
~]#
To Change the SELinux Mode back to Enforcing mode
#setenforce
1
 
Check the Changes Using  getenforce
or sestatus  Commands.
[root@linuxelearn
~]# getenforce
Permissive
[root@linuxelearn
~]# setenforce 1
[root@linuxelearn
~]# getenforce
Enforcing
[root@linuxelearn
~]# sestatus
SELinux
status:                 enabled
SELinuxfs
mount:                /selinux
Current
mode:                   enforcing
Mode
from config file:          enforcing
Policy
version:                 24
Policy
from config file:        targeted
[root@linuxelearn
~]#
To make this changes permanent, edit the /etc/sysconfig/selinux file (or the /etc/selinux/config file) using VIM
command and replace the following value and save the changes.
SELINUX=permissive

How to disable SELinux In Linux  OR How to Enable SELinux Security in Linux?

To Disable the SELinux Protection or to change it to
disabled Mode
  • Edit the /etc/selinux/config
    file and change SELINUX=disabled

 

Whenever you changing the mode of SELinux from Enforcing/Permissive to Disabled
or Disabled to Permissive/Enforcing, you need to restart the system so that the
changes can take effect.
First check the current status of SELinux and the configuration file.
[root@linuxelearn
~]# getenforce
Enforcing
[root@linuxelearn
~]# cat /etc/selinux/config
#
This file controls the state of SELinux on the system.
#
SELINUX= can take one of these three values:
#     enforcing – SELinux security policy is
enforced.
#     permissive – SELinux prints warnings
instead of enforcing.
#     disabled – No SELinux policy is loaded.
SELINUX=enforcing
#
SELINUXTYPE= can take one of these two values:
#     targeted – Targeted processes are
protected,
#     mls – Multi Level Security protection.
SELINUXTYPE=targeted
[root@linuxelearn
~]#
Now, edit the configuration file, restart the
computer and check the SELinux Status.
  • #vim
    /etc/selinux/config
  • #init
    6

    ( to reboot the system )

 

#
This file controls the state of SELinux on the system.
#
SELINUX= can take one of these three values:
#     enforcing – SELinux security policy is
enforced.
#     permissive – SELinux prints warnings
instead of enforcing.
#     disabled – No SELinux policy is loaded.
SELINUX=disabled
#
SELINUXTYPE= can take one of these two values:
#     targeted – Targeted processes are
protected,
#     mls – Multi Level Security protection.
SELINUXTYPE=targeted
~
~

INSERT —
[root@linuxelearn
~]# getenforce
Disabled
[root@linuxelearn
~]# sestatus
SELinux
status:               disabled
[root@linuxelearn
~]#

How to enable SELinux in Linux

To Enable SELinux Back the procedure is exactly same as above, Instead of SELINUX=disabled
change it to SELINUX=enforcing or permissive.
And Don’t Forget to restart the system, unless the system is rebooted the changes will not take effect.
If you Like post then share and comment please And if you have any suggestion for me do comment .

 

Leave a Reply

Your email address will not be published. Required fields are marked *