Skip to content

Ercan Ermis

notes for everyone

Menu
  • AWS
  • Kubernetes
  • Linux
  • DevOps
  • Docker
  • GCP
  • Uncategorized
  • Contact Me
Menu

Disable SELinux on CentOS 7 or CentOS 8

Posted on November 8, 2019April 24, 2021 by Ercan

This tutorial shows you how you can disable SELinux (Security-Enhanced Linux) on your CentOS server. The CentOS version should be 7 or 8. The version does not matter.

What is SELinux?

SELinux is a security mechanism directly controlling by the kernel. It allows administrators and users more control over access controls on access based SELinux policies.

SELinux has three different modes of operation. Here they are:

  1. Enforcing: Allows access based on SELinux policies and the policy rules.
  2. Permissive: SELinux only logs actions that would have been denied if running in enforcing mode.
  3. Disabled: No messages logged and there is no more SELinux policy enabled on the server. Most of the time disabled mode is using web control panels like cPanel and/or Plesk.

Prerequisites

Only the root user or a user with sudo privileges can update SELinux mode.

Check the SELinux Mode

You can make sure about your SELinux status with the “sestatus” command. The print shows that SELinux is enabled and mode set to enforcing.

SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      31

Disabling SELinux

I strongly recommended changing the mode to permissive. Sometimes some of the applications don’t like SELinux and they required to mode disabled.

To permanently change SELinux mode from enforcing to disabled, first of all, you should use your text editor like vi or nano.

Open the /etc/selinux/config file and change the SELINUX value to disabled on the 6th line like below:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#  enforcing - SELinux security policy is enforced.
#  permissive - SELinux prints warnings instead of enforcing.
#  disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
#  minimum - Modification of targeted policy. Only selected processes are protected. 
#  mls - Multi Level Security protection.
SELINUXTYPE=targeted

Now you can save the file and exit from the text editor. Time to reboot the server:

sudo reboot

Final Control of SELinux Status

Now, we should make sure about SELinux successfully disabled on the server. Run “sestatus” command again, the output should like this:

SELinux status:                 disabled

Conclusion

Now you can change the SELinux modes which one is suitable for you or you need. SELinux is a security mechanism by implementing mandatory access control (MAC). SELinux comes enforcing mode by default on CentOS7 and CentOS8 system. It can be modifying by editing the configuration file and rebooting the server.

You can access more information about SELinux on their CentOS SELinux pages.

Share on Social Media
twitter facebook linkedin reddit

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • What is an Internet Gateway in AWS?
  • What are Route Tables on AWS VPC?
  • What is Subnet on AWS VPC?
  • What is AWS VPC?
  • Prevent nginx from caching DNS for proxy
  • Scaling PHP Applications on AWS
  • Create an S3 Bucket and Set a Policy via CLI
  • Issue a Let’s Encrypt SSL with the AWS Route53
  • Automate Let’s Encrypt SSL on AWS Application Load Balancer
  • Let’s Learn Kubernetes – Part 3
  • Deploy a website to S3 and CloudFront with Bitbucket Pipelines
  • Let’s Learn Kubernetes – Part 2
  • Protect your AWS Account with specified IPs
  • Let’s Learn Kubernetes – Part 1
  • Differences between AWS CLI v1 and v2
  • SSL CA Problem on CentOS7 Docker and Solution
  • What do I have?
  • Deploy HA nginx to AWS ECS with Geolocation Routing via Terraform
  • Deploy nginx docker to AWS ECS with Terraform Automation
  • How to Install Node Exporter on Linux Server
  • FortiClient Problem on M1 MacBookPro Problem Solution
  • Connect your AWS to GCP with Terraform via IPSec Site-to-Site VPN
  • Google Cloud Platform Automation with Terraform Easily
  • How to secure your Amazon Web Services account
  • Install UGREEN USB Ethernet Adapter on macOS
  • Redirect 301 HTTPS on App Engine with nginx on Google Cloud Platform
  • Set two different Target Groups on AWS Load Balancer with Terraform
  • Extend your ec2 Linux disk without reboot on Amazon Web Services
  • Create a New Grant User on AWS RDS (MariaDB)
  • Amazon S3 CORS Settings with CloudFront on Amazon Web Services
  • Take your GitLab backup everyday if it works in Docker
  • Find large files in CentOS, ubuntu and MacOS easily
  • Fix “Error: rpmdb open failed” on CentOS or Amazon Linux 2
  • Error: No space left on the device when starting/stopping services only
  • Juniper SRX110H-VA VDSL2 Configuration Step by Step
  • Enable Logrotation for Docker Containers
  • Download specific file extension via wget easily on terminal
  • Find the exact size of certain files in Linux via terminal
  • Disable SELinux on CentOS 7 or CentOS 8
  • Hello Blog!

Tag Cloud

active-active amazon linux 2 amazon web services automation aws basics bug centos centos7 cloud cloudfront container containers crud curl deployment devops docker ec2 ecs fargate file size gcp gitlab google cloud platform iam policy k8s kubernetes kubernetes architecture kubernetes basics linux macos network nginx pipeline replicaset route table s3 security terraform ubuntu vpc vpn wget yum

Archive

  • January 2023 (2)
  • December 2022 (2)
  • August 2022 (2)
  • July 2022 (3)
  • June 2022 (6)
  • March 2022 (1)
  • July 2021 (1)
  • May 2021 (5)
  • April 2021 (5)
  • February 2021 (1)
  • January 2021 (1)
  • September 2020 (2)
  • July 2020 (1)
  • April 2020 (1)
  • March 2020 (1)
  • February 2020 (1)
  • November 2019 (5)
©2023 Ercan Ermis | Built using WordPress and Responsive Blogily theme by Superb