SELinux or Security Enhanced Linux is basically an access control mechanism which may or may not be integrated in the Linux distributions. Mostly the recent distributions of Linux have this mechanism inbuilt. It has two main components. One of them is Kernel mechanism. It enforces a pack of access rules that can be applied to processes and files.
The next one is file labels. Each and every file of the system you are working on have an extra label that is attached to those access rules. Enrolling yourself in Linux admin training in Hyderabad will make it transparent for understanding. To find whether SELinux is currently working on your system, you need to use the command: “selinuxenabled && echo enabled || echo disabled.”
To Have or Not to Have SELinux
Using SELinux in a correct way can definitely lower the risk of risk of your system. By disabling it you are opening your system to the hackers. Those who are comfortable using SELinux, argues that the applications must be fixed in a way to work with SELinux, instead of disabling the security mechanism altogether. There are two options: to disable the SELinux temporarily or to delete it permanently from your system. To keep it simple, there are two ways of disabling:
* Permissive: You need to shift the SELinux kernel into a mechanism where all operations are allowed. In this mode the operations are allowed with message that a particular operation would not be allowed access. The process of label for files is active in this mode. The command used is: SELINUX= Permissive
* Disabled: In this the SELinux is completely disabled in the Kernel by switching it off. All the operations are permitted. Moreover, it also disables the task which generally decides what to be labeled on the files along with processing. The command used is: SELINUX = Disable
The process of disabling will lead to various hurdles if you again want to use SELinux. It will require a complete re-labelling of the entire file system.
Disabling Linux Temporarily
This will help you to find out whether the problems you are experiencing while running a process is due to SELinux or any other reason. To switch it off you have to be the root users and the run the command:
Echo 0> / seliux/enforce
It will turn off the SELinux temporarily till you want it again. To re-enable you have to execute the command:
Echo 1> / selinux/enforce
Even rebooting the system will enable the SELinux on your system.
Turn off the SELinux
In order to disable SELinux you do not need to set the configuration file to the permissive status rather you have to set it to disable mode using the command: SELINUX= disabled. To do so you have to reboot the system or also can set SELinux to non-enforcing status and get the desired result.
If you feel that you are in need of SELinux you can enable SELinux by following certain guidelines which you can easily expertise on by joining the Linux admin training in Hyderabad.