SELinux modes – Simple explanation

Everyone who uses linux might be familiar with SELinux. The full form of SELinux is Security-Enhanced Linux. It is a kernel level security module that enhances the access level security policies.

In this post I will be quickly explaining about the various modes in SELinux.

There are three modes in SELinux

  • Enforcing
  • Permissive
  • Disabled

In CentOS and RHEL systems , the SELinux configurations are controlled using the configuration file /etc/sysconfig/selinux.

The changes made to this file needs a system reboot. We can disable the SELinux permanently only with a system reboot. But we can set the SELinux into permissive mode without reboot. This can be easily performed by issuing a setenforce command. The details are explained in my another blog post.

Here we can set SELinux to any of the modes mentioned above.

In the Enforcing mode, SELinux is completely active and it will allow access only using the SELinux policies. User can configure the policies to enable access to their application.

In the Permissive mode, the SELinux will be monitoring and logging all the activities that would have been denied if it is in the enforcing state. The SELinux will not block any activities in this state.

In the Disabled mode, SELinux will be completely disabled.

CDH cluster installation failing in “distributing” stage- Failure due to stall on seeded torrent

I faced this issue while distributing the downloaded packages in cloudera manager.

The solution that worked for me is to add the IP Address – Hostname mapping in all the /etc/hosts files of all the cloudera manager server and agents

/etc/hosts

192.168.0.101   cdhdatanode1

Linux commands to check the disk utilization, size of directory or file

  • Command to check the disk utilization
df -h

The ‘-h’ option will provide the utilization in human readable format.

  • Command to check the size of a directory
du -sh <directory name>
  • Command to check the size of a file
du -sh <file name>
  • Command to check the size of files in a directory

Go inside the directory and execute the following command

du -sh *

 

Configure Network in CentOS / RHEL from command line

How many of you are aware of a text user interface for network configuration ?. A tool called NMTUI (Network Manager Text User Interface) is available in CentOS and Redhat systems. You can simply open this by typing nmtui in the command line.

If this command is not available, you have to install the NetworkManager-tui package.

yum install NetworkManager-tui

If you type nmtui command in command line, the following console will open up. You can configure the network configurations in the opened console. You can

nmtui

nmtui

Disable SELinux without reboot

To disable the SELinux by modifying /etc/sysconfig/selinux file, we have to perform a reboot. In some cases, we may not be able to perform a reboot because this involves a downtime of the system. In this situations we can disable SELinux by using a simple command. This will not disable SELinux permanently. The effect will last until the next reboot, but you have the option to edit the selinux file so that it will be in the disabled state even after  the reboot also. The steps for disabling selinux permanently are explained in my previous post.

The command the check the status of SELinux is given below.

sestatus

This may show enforcing or permissive or disabled. In permissive mode, SELinux will not block anything, but merely warns you. The line will show enforcing when it’s actually blocking.

To disable the SELinux temporarily we can use the following command. This has to be executed as root or using sudo.

setenforce 0

After this command execution we can check the status of selinux using sestatus command. If it is permissive, we are good to go. 🙂

Disable SELinux in CentOS and RHEL

Security-Enhanced Linux (SELinux) is a security architecture integrated into the 2.6.x kernel using the Linux Security Modules. It is a project of the United States National Security Agency (NSA) and the SELinux community. SELinux integration into Red Hat Enterprise Linux was a joint effort between the NSA and Red Hat.

Most of the application needs SELinux to be turned off. Turning off selinux is simple. You can use the following steps to turn off selinux in RHEL or CentOS 6 and 7 operating systems.

Open the file /etc/sysconfig/selinux . The contents will be similar as below.

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted

 

The contents are self explanatory. Change the value of SELINUX as disabled and save the file. Then reboot the system.