How To Enable SELinux In CentOS/RHEL 7

August 27, 2019

Introduction

SELinux is a security mechanism built into the Linux kernel. Linux distributions such as CentOS, RHEL, and Fedora are equipped with SELinux by default.

SELinux improves server security by restricting and defining how a server processes requests and users interact with sockets, network ports, and essential directories.

For example, if an unauthorized user gains access, server access is restricted to a specified section, limiting the damage caused by the data breach. SELinux can also obstruct the installation of software packages or terminate processes during regular use.

Read this short tutorial to learn how to enable SELinux on CentOS 7.

tutorial on enabling SELinux on CentOS 7

Prerequisites

  • A user account with sudo privileges
  • Access to a terminal/console
  • An RHEL-based system, such as CentOS 7
  • A text editor, such as nano

SELinux Modes

SELinux has 3 modes.

  • Enforcing mode: This is the default mode. It blocks and logs actions that are against defined policy.
  • Permissive mode: Allows actions to take place and logs the events in detail. This mode is useful when testing SELinux features. Changing modes between enforcing and permissive does not require a system reboot.
  • Disabled mode: Allows for all actions and does not log any activity. Changing to this mode requires a system reboot for it to apply. Learn more on disabling SELinux.

Check Status of SELinux

To check the current settings type the following command in your terminal:

sestatus

The output confirms that SELinux is disabled.

Confirmation that SELinux is disabled

How to Enable SELinux

To enable SELinux follow these steps:

1. We need to change the status of the service in the /etc/selinux/config file. Use a text editor such as Nano.

For example using nano, access the file with the command:

sudo nano /etc/selinux/config

2. You are now able to change the mode of SELinux to either enforcing or permissive.

Edit the marked line to the mode you need.

Image displays the line that needs to be edited to change selinux status to active.

3. Next press CTRL + X to save changes and exit the edit mode. Hit ‘y’ and press Enter to confirm.

4. To reboot enter:

sudo reboot

5. To check the status of SELinux by entering sestatus in the command line once again.

The result now confirms that the service is enabled and in enforcing mode.

Confirmation that selinux is now active and in enforcing mode.

Change SELinux Mode

Instead of disabling SELinux completely, a good option is to set it to permissive mode. As actions take place,they will leave a trail in the log file.

Note: By default, SELinux log messages are located in the /var/log/audit/audit.log file.

To change the mode from enforcing to permissive type:

sudo setenforce 0

To turn the enforcing mode back on, enter:

sudo setenforce 1

These changes only apply to the current session. They turn back to default after a reboot. To make the changes permanent, edit the configuration file using a text editor, as discribed above.

Conclusion

Now you know how to enable SELinux on CentOS 7. Start protecting your servers today.

Was this article helpful?
YesNo
Vladimir Kaplarevic
Vladimir is a resident Tech Writer at phoenixNAP. He has more than 7 years of experience in implementing e-commerce and online payment solutions with various global IT services providers. His articles aim to instill a passion for innovative technologies in others by providing practical advice and using an engaging writing style.
Next you should read
How to Disable or Turn Off SELinux on CentOS 7
August 27, 2019

SELinux is a mandatory access control (MAC) enforcer built into the Linux kernel. It limits the privileges of...
Read more
21 Server Security Tips to Secure Your Server
August 27, 2019

Hackers are always on the lookout for server vulnerabilities. Minimize risks and be confident your data is...
Read more
How to Install & Setup a Mumble Server on CentOS 7
January 14, 2019

Growing demands for extreme computing power have lead to the unavoidable presence of bare metal servers...
Read more
How to Install MySQL 8.0 in Ubuntu 18.04
December 12, 2018

MySQL is an open-source relational database server tool for Linux operating systems. It is widely used in...
Read more