Disable Selinux – On Ubuntu, CentOS, Debian, Rhel. In this post, we introduce SELinux, and its importance then show you how to disable SELinux on Ubuntu, Debian, CentOS and RHEL.
The United States National Security Agency (NSA) and the Linux distribution Red Hat teamed closely on the development of SELinux. It was designed to mend Linux’s security by adding an extra layer of Discretionary Access Controls (DAC) to verify that only authorized actions might be executed. Red Hat Enterprise Linux 4 and the Fedora distribution, sponsored by Red Hat, were the first to provide complete SELinux functionality.
Security Enhanced Linux is what the “SE” in SELinux refers to. Linux, like Android, iOS, and Windows, is an operating system. Linux, on the other hand, has never been created by a single firm; rather, it has been an open source effort from the start.
The Linux kernel, the “core” of Linux, is open source software, meaning that its source code may be used by anybody for any purpose. Many other operating systems have been built on top of the Linux kernel. The most popular distributions are Fedora, Ubuntu, and Debian.
Security Enhanced Linux is an add on to the Linux kernel that may also be used as a stand alone security component. You may simply turn off the SELinux module if you don’t require it, even if it comes pre installed on several Linux variants.
With SELinux, system administrators have more control over what programs can and cannot execute. Essential processes are allowed to continue while all others are stopped. Security flaws in user applications are considerably mitigated as a result.
In this section, we are showing you how to disable the SELinux policy on Ubuntu, Debian, CentOS, and RHEL operating systems.
Different Types of SELinux Policy
The SELinux default configuration file is located in the /etc/selinux/ directory. It contains the different types of security policies to control the state of the SELinux on the Linux system.
The SELinux directive contains the list of the three different values as shown below.
enforcing – This value will enable or enforce the SELinux security policy.
permissive – This configuration value will print warnings instead of enforcing (disabled).
disabled – This will disable the SELinux policy.
The SELINUXTYPE directive contains the list of the three different values as shown below.
targeted – Used to protect the target processes.
minimum – This will protect only selected processes.
mls – Used for multi level security protection.
Check SELinux Current Status
There are multiple ways you to check the status of the SELinux policy. Use the sestatus command to verify the status of the SELinux policy.
sestatus
You should see the SELinux status on the following screen.
As you can see in the above screen, the SELinux policy is enabled on your system.
You can also use the getenforce command to check the current mode of SELinux.
getenforce
You see the current SELinux mode in the following output.
Enforcing
Another option is to see the SELinux configuration file to verify the SELinux policy status. In this case, use the cat command to view the SELinux configuration file.
cat /etc/selinux/config
You should see the status of SELinux on the following screen.
Use the echo command as a root user to disable SELinux temporarily.
echo 0 > /sys/fs/selinux/enforce
Otherwise, you can also use the setenforce command to disable the SELinux as shown below:
setenforce 0
Additionally, use the Permissive option to disable the SELinux policy.
setenforce Permissive
All the methods listed above only work until the next reboot. After the system reboot, the SELinux policy is enabled again. In this case, you need to disable the SELinux policy Permanently.
In this section, we are navigating how to disable the SELinux policy on Ubuntu, CentOS, Debian, and RHEL operating systems.
Disable the SELinux Policy on RHEL
Disable the SELinux policy permanently by modifying the SELinux main configuration file. The location of the SELinux configuration file is different based on your operating system.
For the RHEL operating system, edit the SELinux configuration file using the nano editor.
nano /etc/sysconfig/selinux
You should see the default configuration option on the following screen.
Now, find the line “SELINUX=enabled” and replaced it with the following line:
SELINUX=disabled
Now, save and close the file and restart your system to apply the policy changes.
reboot
After the system reboot, you can check the status of the SELinux policy using the following command.
sestatus
You should see the SELinux status in the following output:
SELinux status: disabled
Disable the SELinux Policy on Ubuntu Debian and CentOS
The SELinux main configuration file in UbuntuDebian and CentOS is located at /etc/selinux/config. Modify this file to disable the SELinux policy.
Let’s edit the SELinux configuration file.
nano /etc/selinux/config
Find the following line:
SELINUX=enforcing
And, replaced it with the following line:
SELINUX=disabled
Save and close the file then restart your system to apply the changes.
reboot
After rebooting the system, you can verify the SELinux policy using the following command.
Disable Selinux - On Ubuntu, CentOS, Debian, Rhel Conclusion
In this guide, we showed you why SELinux is used, different SELinux policy types, and check the status of SELinux policy. Then, we explained how to disable the SELinux policy temporarily via the command line and disable it permanently by editing the SELinux configuration file. This guide works for all major operating systems.
While SELinux is not required to utilize Linux, it is strongly recommended if your system demands a high degree of security. You may run Linux in permissive mode, which permits SELinux to apply regulations without blocking any operations that would break those policies if you do not want the extra protection that SELinux provides. SELinux is a robust security system, but implementing it requires more effort. The government, the military, and the financial sector may all benefit greatly from its usage because of the importance they place on security.
I am a fan of open source technology and have more than 10 years of experience working with Linux and Open Source technologies. I am one of the Linux technical writers for Cloud Infrastructure Services.
00votes
Article Rating
Subscribe
Login and comment with
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.
DisagreeAgree
Login and comment with
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.