March 19, 2019
March 19, 2019
Security is an essential element of server management. However, personal or small projects can sacrifice certain aspects of security. In the case of Linux distributions, many of them already have strong security policies. In particular, CentOS 7 and RHEL, are profiled as the most reliable security options throughout Linux thanks to SELinux multi level security protection.
However, sometimes too many security policies can hinder some day-to-day and community tasks. That is why it is sometimes necessary to disable certain measures. In this post, we will teach you how to disable SELinux in CentOS 7.
SELinux on the system you installed is a security control feature that restricts access to specific Kernel modules. CentOS 7 and RHEL implement it by default to provide an extra layer of security for the system. However, it can be implemented in other Linux distributions such as Debian.
SELinux is managed through certain rules called “policies” that restrict or allow the use of certain applications for essential parts of the system. The problem is that making these policies is very hard.
SELinux currently has three states:
Now that we know how SELinux works, we know if it’s worth disabling.
It is possible to disable SELinux temporarily or permanently. Each has its own advantages. Doing it temporarily will allow us to test without sacrificing the security of the system. Once the system is restarted, SELinux will be activated again.
On the other hand, if we deactivate SELinux permanently, we will be able to work faster especially if it is a personal or medium sized project. We must bear in mind that, at this point, most Linux distributions have very good security policies so we can afford it.
In this post, we will teach you how to do it both ways.
First, we need to access the server using SSH. If you have any questions about how to do it, check out our SSH tutorial! Run the following command:
On the other hand, if we are using CentOS on our personal computer, we just need to open the terminal.
After that, we have to verify the status of SELinux. It is quite simple and we can do it with the following command:
In the output we will be notified that, SELinux is enabled with the enforcing state.
To disable it temporarily we just run the following command:
Now, we need to check the SELinux status again.
The output will show that SELinux is now in permissive mode, meaning we can use the system easily.
As it is temporarily disabled, changes will be made automatically, at the time of restart, when SELinux is restarted. The main advantage of this method is that it is not necessary to reboot the system.
To permanently disable SELinux, we’ll need need to edit a configuration file.
First, let’s install the nano text editor:
yum install nano
After that, we need to edit the selinux configuration file.
We will edit the value of SELINUX. The file is very descriptive and shows the different values we can assign. In other words, the different states that SELinux can take.
In this case, to disable it completely, we have to set the value to Disabled.
Then, we have to save the file by hitting CTRL+O and close it with CTRL+X. For all this to work, we need to reboot the system, and then we can check if the update worked by executing this command in the command line:
This we will have disabled SELinux in CentOS 7.
SELinux is a great security tool for CentOS 7. However, for some people, it can be a bit annoying and inconvenient. When considering to disable a security layer always think if it is a risk you’re willing to take.
In this post, we overview how to disable SELinux temporarily and permanently, according to the needs we may have. We hope you found this tutorial helpful!