Page 91 - RHEL8 BOOK
P. 91
SELinux modes
SELinux gives that extra layer of security to the resources in the system. It provides the MAC (mandatory
access control) as contrary to the DAC (Discretionary access control).
SELinux can operate in any of the 3 modes:
1. Enforced : Actions contrary to the policy are blocked and a corresponding event is logged in the audit
log.
2. Permissive : Actions contrary to the policy are only logged in the audit log.
3. Disabled: The SELinux is disabled entirely.
Configuration file
Step 1: SELinux configuration file /etc/selinux/config :
[root@sun ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
Toggling SELinux modes (Temporarily)
Step 2: To switch between the SELinux modes temporarily we can use the setenforce
[root@sun ~] # setenforce [ Enforcing | Permissive | 1 | 0 ]
0 –> Permissive
1 –> Enforcing
Step 3: Verify the current mode of SELinux :
[root@sun ~] # getenforce
Enforcing
Step 4: we can also use the status command to get a detailed status :
[root@sun ~] # sestatus
SELinux status: enabled
SELinuxfs mount: /selinux --> virtual FS similar to /proc
Current mode: enforcing --> current mode of operation
Mode from config file: permissive --> mode set in the /etc/sysconfig/selinux file.
Policy version: 24
Policy from config file: targeted
S. Pradhan
(MCA, MBA-IT, BCA, CCNA, MCSA 2012, RHCE, ETHICAL HACKING)
Email Id:-spradhan.iiht@gmail.com
91
