How to Disabled SELinux using Command Line on CentOS 6/RHEL 6

In this short article, I’ll show you an easy way to disable SELinux in RHEL or CentOS 6 6. You only need to run the following command line. After that, make sure you reboot your CentOS server for changes to take effect.

1. Verify the SELINUX setting before changes :

[root@centos66 ~]# sestatus
SELinux status:                 enforcing

Check the config file :

[root@centos66 ~]# cat /etc/sysconfig/selinux
..
..
SELINUX=enforcing
..
..

2. Issue the following command to changes the config file :

[root@centos66 ~]# sed -i 's/(^SELINUX=).*/SELINUX=disabled/' /etc/sysconfig/selinux

3. Verify the SELINUX status again :

[root@centos66 ~]# sestatus
SELinux status:                 disabled

Check the config file again :

[root@centos66 ~]# cat /etc/sysconfig/selinux

It will change the following, SELINUX=disabled

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

4. Reboot the CentOS/RHEL server :

[root@centos66 ~]# reboot

How to Disable SELinux on RHEL 7/CentOS 7/Oracle Linux 7

Security-Enhanced Linux (SELinux) is an implementation of security policies for operating systems that provides a mechanism to support and help control access in the linux kernel. On Red Hat Enterprise Linux 7 (RHEL 7), CentOS 7 and Oracle Linux 7 (OL7), SELinux services were installed by default. The following tutorial will show you the basic steps to permanently disable SELinux on RHEL 7, CentOS 7 and OL7.

1. Check SELinux status :

[root@centos7 ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28

2. Open selinux configuration file :

[root@centos7 ~]# vi /etc/sysconfig/selinux

3. Change “SELINUX=enforcing” to “SELINUX=disabled” and save the configuration file :

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

4. Reboot the server to take effect :

[root@centos7 ~]# reboot

5. After reboot, you can verify the status of SELinux. Issue “sestatus” command to verify that SELinux permanently disabled:

[root@centos7 ~]# sestatus
SELinux status:                 disabled

Disable SELinux on CentOS 6.5

This post will show how to disable Security-Enhanced Linux (SELinux) on CentOS 6.5. The steps was very simple, but if we did not disable this feature, you may hit a problem when try to do software installation. SELinux checking for allowed operations after standard Linux discretionary access controls are checked.

1. Check selinux status :

[root@centos6 ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

2. Disable SELinux on CentOS 6.4 permanently :

[root@centos6 ~]# vi /etc/sysconfig/selinux

Change “SELINUX=enforcing” to “SELINUX=disabled” :

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

3. Reboot CentOS 6.5 Operating system :

[root@centos6 ~]# init 6

or

[root@centos6 ~]# reboot

4 Steps to Disable SELinux on CentOS 6.4

There are four easy steps to disable Security-Enhanced Linux (SELinux) on CentOS 6.4. The steps was very simple, but if we did not disable this feature, you may hit a problem when try to do software installation. SELinux checking for allowed operations after standard Linux discretionary access controls are checked. Follow below steps to disable SELinux on CentOS 6.4.

1. Check selinux status :

[root@centos64 ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

2. Disable SELinux immediately without reboot :

[root@centos64 ~]# setenforce 0

3. Disable SELinux on CentOS 6.4 permanently :

[root@centos64 ~]# vi /etc/sysconfig/selinux

Change “SELINUX=enforcing” to “SELINUX=disabled” :

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

4. Reboot Operating system :

[root@centos64 ~]# reboot

How to Check and Disable SELinux on CentOS 6.3

Security-Enhanced Linux (SELinux) is a Linux feature that provides security mechanism for supporting access control security policies implemented in the kernel. SELinux checking for allowed operations after standard Linux discretionary access controls are checked. In this post i will shows on how to check SELinux status and disables SELinux on linux CentOS 6.3.

1. How to check SELinux on CentOS 6.3 ?

[root@centos63 ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

or

[root@centos63 ~]# getenforce
Enforcing

2. How to disable SELinux on CentOS 6.3 permanently ?

[root@centos63 ~]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted


or

[root@centos63 ~]# cat /etc/sysconfig/selinux

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted


Change “SELINUX=enforcing” to “SELINUX=disabled” :


# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted


Note : This will disable SELinux on your next reboot

[root@centos63 ~]# sestatus
SELinux status:                 disabled

3. How to disable SELinux on CentOS 6.3 immediately without reboot :

[root@centos63 ~]# setenforce 0

Check SELinux status :

[root@centos63 ~]# getenforce
Permissive

How To Check SELinux Status on CentOS 5.8

SELinux is a Linux feature that provides a mechanism for supporting access control security policies in the Linux kernel. In this post, i will share on how to check Security-Enhanced Linux (SELinux) status on linux CentOS 5.8 server. First method to check the SELinux status is using sestatus command. Another method is check through configuration file.

1. Simply run sestatus command to immediately display the SELinux status :

[root@centos58 ~]# sestatus

Result :

SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 21
Policy from config file:        targeted

2. Display “/etc/selinux/config” config file to get SELINUX status :

[root@centos58 ~]# cat /etc/selinux/config

Example :

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.
#       mls - Multi Level Security protection.
SELINUXTYPE=targeted
# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0


In above configuration file, SELinux is set to “SELINUX=enforcing”, meaning that SELinux is enabled.

How to Fix “cannot restore segment prot after reloc: Permission denied” error While Restarting zmcontrol on Zimbra

Question :

I want to start the Zimbra services. But i am getting the following issue while restarting zmcontrol using “zmcontrol start” command as per below error messages :

[zimbra@mail ~]$ zmcontrol start
Host mail.bloggerbaru.local
        Starting zmconfigd...Done.
        Starting logger...Done.
        Starting mailbox...Done.
        Starting antispam...Done.
        Starting antivirus...Done.
        Starting snmp...Done.
        Starting spell...Failed.
Starting apache...httpd: Syntax error on line 232 of /opt/zimbra/conf/httpd.conf: Cannot load /opt/zimbra/httpd/modules/libphp5.so into server: /opt/zimbra/httpd/modules/libphp5.so: cannot restore segment prot after reloc: Permission denied
failed.

Answer :
It was SELinux caused the Zimbra services problems failed to start and you have to disable selinux file as below :

1. Disable SELinux on your next reboot.

[root@centos6 ~]# vi /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.
#       mls - Multi Level Security protection.
SELINUXTYPE=targeted
# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0

To disable SELinux, without having to reboot, you can use the setenforce command as below:

[root@mail ~]# setenforce 0

2. Rerun zmcontrol start command again :

[zimbra@mail ~]$ zmcontrol start
Host mail.bloggerbaru.local
        Starting zmconfigd...Done.
        Starting logger...Done.
        Starting mailbox...Done.
        Starting antispam...Done.
        Starting antivirus...Done.
        Starting snmp...Done.
        Starting spell...Done.
        Starting mta...Done.
        Starting stats...Done.

How to Check SELinux Status on RHEL 6

In this post, i will share on how to check Security-Enhanced Linux (SELinux) status on Red Hat Enterprise Linux 6 (RHEL 6). SELinux is a Linux feature that provides a mechanism for supporting access control security policies in the Linux kernel. First method to check the SELinux status is using sestatus command. The sestatus command returns the SELinux status and the SELinux policy being used on Linux RHEL 6 server as per below example :

1. Simply run this command to check the SELinux status on your RHEL 6 :

[root@rhel6 ~]# /usr/sbin/sestatus
SELinux status:                 disabled

or

[root@rhel6 ~]# sestatus
SELinux status:                 disabled

2. Alternatively, you can run this command :

[root@rhel6 ~]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

In above /etc/selinux/config, SELINUX is set to SELINUX=disabled.

If enable, it will be like below :

[root@rhel6 ~]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

If SELinux is enabled, it will look like SELINUX=permissive

How to Install and Configure Samba Server on RHEL 6

In this post i will show on how to install and configure a Samba server an also how to transfer files from client side. For this example we are using two systems one Red Hat Enterprise Linux (RHEL 6) server one Window XP clients.

1. Install samba, portmap or rpcbind and xinetd service :

[root@rhel6 ~]# yum install samba-* portmap xinetd -y
Loaded plugins: rhnplugin
This system is not registered with RHN.
RHN support will be disabled.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package rpcbind.i686 0:0.2.0-8.el6 set to be updated
---> Package samba.i686 0:3.5.4-68.el6 set to be updated
---> Package samba-client.i686 0:3.5.4-68.el6 set to be updated
---> Package samba-common.i686 0:3.5.4-68.el6 set to be updated
---> Package samba-winbind.i686 0:3.5.4-68.el6 set to be updated
---> Package samba-winbind-clients.i686 0:3.5.4-68.el6 set to be updated
---> Package xinetd.i686 2:2.3.14-29.el6 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package                      Arch        Version                 Repository                   Size
====================================================================================================
Installing:
 rpcbind                      i686        0.2.0-8.el6             DVD-RHEL6-Repository         50 k
 samba                        i686        3.5.4-68.el6            DVD-RHEL6-Repository        5.0 M
 samba-client                 i686        3.5.4-68.el6            DVD-RHEL6-Repository         11 M
 samba-common                 i686        3.5.4-68.el6            DVD-RHEL6-Repository         13 M
 samba-winbind                i686        3.5.4-68.el6            DVD-RHEL6-Repository        3.5 M
 samba-winbind-clients        i686        3.5.4-68.el6            DVD-RHEL6-Repository        1.1 M
 xinetd                       i686        2:2.3.14-29.el6         DVD-RHEL6-Repository        121 k

Transaction Summary
====================================================================================================
Install       7 Package(s)
Upgrade       0 Package(s)

Total download size: 34 M
Installed size: 121 M
Downloading Packages:
----------------------------------------------------------------------------------------------------
Total                                                                42 MB/s |  34 MB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : samba-winbind-clients-3.5.4-68.el6.i686                                      1/7
  Installing     : samba-common-3.5.4-68.el6.i686                                               2/7
  Installing     : samba-3.5.4-68.el6.i686                                                      3/7
  Installing     : samba-client-3.5.4-68.el6.i686                                               4/7
  Installing     : samba-winbind-3.5.4-68.el6.i686                                              5/7
  Installing     : 2:xinetd-2.3.14-29.el6.i686                                                  6/7
  Installing     : rpcbind-0.2.0-8.el6.i686                                                     7/7

Installed:
  rpcbind.i686 0:0.2.0-8.el6                   samba.i686 0:3.5.4-68.el6
  samba-client.i686 0:3.5.4-68.el6             samba-common.i686 0:3.5.4-68.el6
  samba-winbind.i686 0:3.5.4-68.el6            samba-winbind-clients.i686 0:3.5.4-68.el6
  xinetd.i686 2:2.3.14-29.el6

Complete!

2. On RHEL 6, portmap is called and replaced by rpcbind. Make sure rpcbind and xinetd is start :

[root@rhel6 ~]# service rpcbind start
Starting rpcbind:                                          [  OK  ]
[root@rhel6 ~]# service xinetd start
Starting xinetd:                                           [  OK  ]

3. Set rpcbind and xinetd start at boot :

[root@rhel6 ~]# chkconfig rpcbind on
[root@rhel6 ~]# chkconfig xinetd on

4. Check rpcbind and xinetd service status :

[root@rhel6 ~]# service rpcbind status
rpcbind (pid  2737) is running...
[root@rhel6 ~]# service xinetd status
xinetd (pid  2750) is running...

5. Create a normal user named sambauser1 :

[root@rhel6 ~]# useradd sambauser1
[root@rhel6 ~]# passwd sambauser1
Changing password for user sambauser1.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

6. Create /smb directory and grant it full permission :

[root@rhel6 ~]# mkdir /smb
[root@rhel6 ~]# chmod 777 /smb

7. Open and modify /etc/samba/smb.conf main samba configuration files :

[root@rhel6 ~]# vi /etc/samba/smb.conf
#
# Hosts Allow/Hosts Deny lets you restrict who can connect, and you can
# specifiy it as a per share option as well
#
        workgroup = MSHOME
        server string = Samba Server Version %v

;       netbios name = MYSERVER

;       interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
        hosts allow = 127. 192.168.12. 192.168.13. 192.168.1.
# Add this line to share at the bottom of the config file :
[smb]
comment = Personal stuff
path = /smb
public = no
writable = yes
printable = no
browseable = yes
write list = sambauser1

8. Now add sambauser1 user to samba user :

[root@rhel6 ~]# smbpasswd -a sambauser1
New SMB password:
Retype new SMB password:
tdbsam_open: Converting version 0.0 database to version 4.0.
tdbsam_convert_backup: updated /var/lib/samba/private/passdb.tdb file.
account_policy_get: tdb_fetch_uint32 failed for type 1 (min password length), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 2 (password history), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 3 (user must logon to change password), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 4 (maximum password age), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 5 (minimum password age), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 6 (lockout duration), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 7 (reset count minutes), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 8 (bad lockout attempt), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 9 (disconnect time), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 10 (refuse machine password change), returning 0
Added user sambauser1.

9. Set smb service auto start at boot :

[root@rhel6 ~]# chkconfig smb on
[root@rhel6 ~]# service smb start
Starting SMB services:                                     [  OK  ]

10. Check smb current status :

[root@rhel6 ~]# service smb status
smbd (pid  2823) is running...

11. Stop iptables and makesure selinux is disabled :

[root@rhel6 ~]# service ip6tables stop
ip6tables: Flushing firewall rules:                        [  OK  ]
ip6tables: Setting chains to policy ACCEPT: filter         [  OK  ]
ip6tables: Unloading modules:                              [  OK  ]
[root@rhel6 ~]# service iptables stop
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]
[root@rhel6 ~]# setenforce 0
setenforce: SELinux is disabled

12. Check whether samba port opened and running :

[root@rhel6 ~]# netstat -plunt | grep smbd
tcp        0      0 :::139                      :::*                        LISTEN      3212/smbd
tcp        0      0 :::445                      :::*                        LISTEN      3212/smbd

13. Go on windows system and ping samba server. Make sure workgroup = MSHOME and allow 192.168.1.x network.
samba
14. Enter share path.
samba
15. First try to login from sambauser1 account :
samba
16. Samba successfully connected. You can start to upload now :
samba

How to Disable the SELinux on RHEL 6

In Redhat Enterprise Linux 6 (RHEL 6) minimal server installation, SELinux is set to enable. To disable SELinux, without having to reboot, you can use the setenforce command as below:

    [root@rhel6 ~]# setenforce 0
    

To disabled the SELinux on your next reboot, please change “SELINUX=enforcing” to “SELINUX=disabled”.

    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    #     enforcing - SELinux security policy is enforced.
    #     permissive - SELinux prints warnings instead of enforcing.
    #     disabled - No SELinux policy is loaded.
    SELINUX=enforcing
    # SELINUXTYPE= can take one of these two values:
    #     targeted - Targeted processes are protected,
    #     mls - Multi Level Security protection.
    SELINUXTYPE=targeted
    

Change to the following :

    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    #     enforcing - SELinux security policy is enforced.
    #     permissive - SELinux prints warnings instead of enforcing.
    #     disabled - No SELinux policy is loaded.
    SELINUX=disabled
    # SELINUXTYPE= can take one of these two values:
    #     targeted - Targeted processes are protected,
    #     mls - Multi Level Security protection.
    SELINUXTYPE=targeted
    

How to Disable the SELinux on CentOS 6.2

In CentOS 6.2 minimal server installation, SELinux is set to enable. To disabled the SELinux, please change “SELINUX=enforcing” to “SELINUX=disabled”. This will disable SELinux on your next reboot.

    [root@centos6 ~]# vi /etc/selinux/config
    
    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    #     enforcing - SELinux security policy is enforced.
    #     permissive - SELinux prints warnings instead of enforcing.
    #     disabled - No SELinux policy is loaded.
    SELINUX=enforcing
    # SELINUXTYPE= can take one of these two values:
    #     targeted - Targeted processes are protected,
    #     mls - Multi Level Security protection.
    SELINUXTYPE=targeted
    
    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    #     enforcing - SELinux security policy is enforced.
    #     permissive - SELinux prints warnings instead of enforcing.
    #     disabled - No SELinux policy is loaded.
    SELINUX=disabled
    # SELINUXTYPE= can take one of these two values:
    #     targeted - Targeted processes are protected,
    #     mls - Multi Level Security protection.
    SELINUXTYPE=targeted
    

To disable SELinux, without having to reboot, you can use the setenforce command as below:

    [root@centos6 ~]# setenforce 0