Desligando ou desativando SELinux

Categories cPanel, Linux, TutoriaisPosted on

SELinux is a set of extra security restrictions on top of the normal Linux security tools. It gives the systems administrator a finer grain of control than what the kernel typically provides.

But SELinux can sometimes get in your way. For example, I have had typical services, such as Apache, appear to start up correctly, but remain inaccessible from the outside world because I forgot to allow the apache user rights to open that port or maybe my distro forgot about it. Before you turn off SELinux make sure you know why you are turning it off and the security concerns you might be opening yourself up to.

Test if SELinux is running

You can test to see if SELinux is currently enabled with the following command:

selinuxenabled && echo enabled || echo disabled

Turning off SELinux temporarily

Disabling SELinux temporarily is the easiest way to determine if the problem you are experiencing is related to your SELinux settings. To turn it off, you will need to become the root users on your system and execute the following command:

echo 0 > /sys/fs/selinux/enforce

This temporarily turns off SELinux until it is either re-enabled or the system is rebooted. To turn it back on you simply execute this command:

echo 1 > /sys/fs/selinux/enforce

As you can see from these commands what you are doing is setting the file /selinux/enforce to either ‘1’ or ‘0’ to denote ‘true’ and ‘false’.

Configuring SELinux to log warnings instead of block

You can also configure SELinux to give you a warning message instead of actually prohibiting the action. This known as permissive mode. To change SELinux’s behavior to permissive mode you need to edit the configuration file. On Fedora and RHEL systems that file is located at /etc/selinux/config. You need to change the SELINUX option to permissive like so:

SELINUX=permissive

Note that these changes will not take effect until the system is rebooted, which is why the first section comes in handy on a system you either cannot or do not want to reboot right now.

Completely turning off SELinux

To completely disable SELinux instead of setting the configuration file to permissive mode you set it to disabled like:

SELINUX=disabled

You will need to reboot your system or temporarily set SELinux to non-enforcing mode to create the desired effect like the example above.

I hope this HOWTO has given you all of the information you need to turn off SELinux, however if you find any errors on this page or this does not work for you please feel free to E-mail me directly at frank@revsys.com.

Still need more help with SELinux? The book SELinux System Administration, available from Amazon, should be able to help you out.

Updated August 2018: The file system path has changed from /selinux/enforce to /sys/fs/selinux/enforce

 

Fonte: https://www.revsys.com/writings/quicktips/turn-off-selinux.html

Deixe uma resposta

O seu endereço de e-mail não será publicado. Campos obrigatórios são marcados com *