ubuntu:selinux:understanding_selinux_configuration
Ubuntu - SELinux - Understanding SELinux Configuration
The SELinux configuration file is /etc/selinux/config file.
The following are the possible values for the SELINUX variable in the /etc/selinux/config file:
- enforcing – The Security Policy is always Enforced
- permissive – This just simulates the enforcing policy by only printing warning messages and not really enforcing the SELinux. This is good to first see how SELinux works and later figure out what policies should be enforced.
- disabled – Completely disable SELinux
The following are the possible values for SELINUXTYPE variable in the /etc/selinux/config file. This indicates the type of policies that can be used for the SELinux.
- targeted – This policy will protected only specific targeted network daemons (such as DNS, Apache and others).
- mls - Multi Level Security (MLS) allows further categorization of data privilege levels, such as “confidential, secret” etc and would be applied to files on the filesystem, restricting users to only those articles they are entitled to interact with.
- strict – This is for maximum SELinux protection.
SELinux is also often configured in the Grub boot loader. Search /boot/grub/grub.conf file using grep for the words selinux or enforcing:
egrep -i 'selinux=0|enforcing=0' /boot/grub/grub.conf
If you found lines with selinux=0 or enforcing=0, remove them and save the changes.
Reboot the server:
reboot
ubuntu/selinux/understanding_selinux_configuration.txt · Last modified: 2020/07/15 09:30 by 127.0.0.1