disable selinux

How to Disable selinux in Red Hat or CentOS

In this post, learn how to disable selinux in Red Hat and CentOS Operating System. Security-Enhanced Linux (SELinux) is a Linux feature that provides the mechanism for supporting access control security policies.

How to check the status of SELINUX in linux system

Use the given below command to check SELINUX status

getenforce

Open the file /etc/sysconfig/selinux and find the value of “SELINUX=enforcing”
In given below /etc/sysconfig/selinux file, the selinux is in enforcing mode.

[root@localhost ~]# cat /etc/sysconfig/selinux 
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 
[root@localhost ~]# 

Check current SELINUX status

To check the current SELINUX status in CentOS/Red Hat system, use either of the given below command.

  • By using ‘getenforce’ command
    sudo getenforce
    
  • By using ‘sestatus’ command
    sudo sestatus

Temporary change the SELINUX mode into permissive state(Reboot not require)

Use the command to change SELINUX mode to permissive state but it will be temporary till next reboot of system. You do not require to reboot the system to make it effective.

sudo setenforce 0

Note: With setenforce command you can set SELINUX either as ‘Permissive’ or ‘Enforcing’ mode.

  • Permissive: 0
  • Enforcing: 0

Example:

[root@localhost ~]# getenforce 
Enforcing
[root@localhost ~]# 
[root@localhost ~]# setenforce 0
[root@localhost ~]# 
[root@localhost ~]# getenforce 
Permissive
[root@localhost ~]#

Permanently disable SELINUX mode

Edit the file /etc/sysconfig/selinux and change the value of SELINUX=enforcing to disabled and restart the system.

vi /etc/sysconfig/selinux

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

Save the file and RESTART the system. Without restart of system SELINUX mode will not be changed permanently.

sudo init 6

Note: SELINUX has 3 modes. You can use the following value as per SELINUX status you want to set in system. Just update this file /etc/sysconfig/selinux and set any of the following value.

  • enforcing
  • permissive
  • disabled

Posted

in

by

Comments

5 responses to “How to Disable selinux in Red Hat or CentOS”

  1. Tatsh Avatar
    Tatsh

    sed -i /etc/sysconfig/selinux -r -e ‘s/^SELINUX=.*/SELINUX=disabled/g’

    1. sharadchhetri Avatar
      sharadchhetri

      Thankyou Tatsh,
      Very nice. Awesome sed example for readers.

      Adding one more suggestion with your given example.
      Taking backup of file with sed command

      sed -i.bak /etc/sysconfig/selinux -r -e ‘s/^SELINUX=.*/SELINUX=disabled/g’

      https://sharadchhetri.com/2014/07/12/taking-file-backup-using-sed-command-flag/

  2. Wellington Torrejais da Silva Avatar
    Wellington Torrejais da Silva

    Thanks!!!

    1. sharad chhetri Avatar

      You are welcome Wellington

  3. Mesut Tasci Avatar
    Mesut Tasci

    nicely explained. thanks for your time and effort.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: