Showing posts with label SELinux modes. Show all posts
Showing posts with label SELinux modes. Show all posts

How Change SELinux mode from Enforcing to Permissive and vice-versa in Linux using commands

SELinux is a set of security rules that determine which process can access which files, directories and ports. A primary goal of SELinux is to protect user data from system service that have been compromised.

SELinux Modes

  1. Enforcing Mode
  2. Permissive Mode
  3. Disabled Mode

SElinux modes image

    Enforcing Mode: SELinux actively denies access to the web server that tries to read files with the context of type tmp_t.
    Permissive Mode: Permissive mode is used to issue troubleshooting. In permissive mode, SELinux allows all interactions, even if there is no explicit rule. This mode can be used to temporarily allow access to the content that SELinux is restricting.
    Disabled Mode: In this mode, SELinux completely disabled.

    How to check current SELinux mode

    getenforce command is used to check current status of SELinux mode.

    Changing current SELinux mode

    The setenforce command modifies the current SELinux mode.
    setenforce 0 or 1
    0 means Enforcing mode and 1 means Permissive mode.

    Setting the Default SELinux mode

    The configuration file that determines what SELinux mode is at boot time /etc/selinux/config. In this configuration file you will see SELINUX=enforcing. Change SELinux mode to SELINUX=Permissive if you want to set to Permissive mode.

    Conclusion:

    1. Policy rules are obeyed and violations logged: Enforcing Mode
    2. Policy rule violations only produce log messages: Permissive Mode
    3. A reboot is required to transition to this mode: Disabled Mode
    4. Label on processes, files, and ports that determine access: Context
     

    Most Reading