disable selinux

In this post, learn how to disable selinux in Red Hat and CentOS Operating System. Security-Enhanced Linux (SELinux) is a Linux feature that provides the mechanism for supporting access control security policies.

How to check the status of SELINUX in linux system

Use the given below command to check SELINUX status

getenforce

Open the file /etc/sysconfig/selinux and find the value of “SELINUX=enforcing”
In given below /etc/sysconfig/selinux file, the selinux is in enforcing mode.

[root@localhost ~]# cat /etc/sysconfig/selinux 
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 
[root@localhost ~]# 

Check current SELINUX status

To check the current SELINUX status in CentOS/Red Hat system, use either of the given below command.

  • By using ‘getenforce’ command
    sudo getenforce
    
  • By using ‘sestatus’ command
    sudo sestatus

Temporary change the SELINUX mode into permissive state(Reboot not require)

Use the command to change SELINUX mode to permissive state but it will be temporary till next reboot of system. You do not require to reboot the system to make it effective.

sudo setenforce 0

Note: With setenforce command you can set SELINUX either as ‘Permissive’ or ‘Enforcing’ mode.

  • Permissive: 0
  • Enforcing: 0

Example:

[root@localhost ~]# getenforce 
Enforcing
[root@localhost ~]# 
[root@localhost ~]# setenforce 0
[root@localhost ~]# 
[root@localhost ~]# getenforce 
Permissive
[root@localhost ~]#

Permanently disable SELINUX mode

Edit the file /etc/sysconfig/selinux and change the value of SELINUX=enforcing to disabled and restart the system.

vi /etc/sysconfig/selinux

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

Save the file and RESTART the system. Without restart of system SELINUX mode will not be changed permanently.

sudo init 6

Note: SELINUX has 3 modes. You can use the following value as per SELINUX status you want to set in system. Just update this file /etc/sysconfig/selinux and set any of the following value.

  • enforcing
  • permissive
  • disabled

Read Some More Articles

5 Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.