In this short article, I’ll show you an easy way to disable SELinux in RHEL or CentOS 6 6. You only need to run the following command line. After that, make sure you reboot your CentOS server for changes to take effect.
1. Verify the SELINUX setting before changes :
[root@centos66 ~]# sestatus
SELinux status: enforcing
Check the config file :
[root@centos66 ~]# cat /etc/sysconfig/selinux
..
..
SELINUX=enforcing
..
..
2. Issue the following command to changes the config file :
[root@centos66 ~]# sed -i 's/(^SELINUX=).*/SELINUX=disabled/' /etc/sysconfig/selinux
3. Verify the SELINUX status again :
[root@centos66 ~]# sestatus
SELinux status: disabled
Check the config file again :
[root@centos66 ~]# cat /etc/sysconfig/selinux
It will change the following, SELINUX=disabled
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
Security-Enhanced Linux (SELinux) is an implementation of security policies for operating systems that provides a mechanism to support and help control access in the linux kernel. On Red Hat Enterprise Linux 7 (RHEL 7), CentOS 7 and Oracle Linux 7 (OL7), SELinux services were installed by default. The following tutorial will show you the basic steps to permanently disable SELinux on RHEL 7, CentOS 7 and OL7.
3. Change “SELINUX=enforcing” to “SELINUX=disabled” and save the configuration file :
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
4. Reboot the server to take effect :
[root@centos7 ~]# reboot
5. After reboot, you can verify the status of SELinux. Issue “sestatus” command to verify that SELinux permanently disabled:
AppArmor is a Mandatory Access Control (MAC) and security extension that provides a variety of security policies for Linux kernel. It is an alternative application to SELinux and included with Ubuntu. Most of the time you don’t need it to configure a secure system, and it usually causes more problems because some service wasn’t working as expected. Below steps will show you how to disable and remove AppArmor on Ubuntu 14.04.
Steps to Disable and Remove AppArmor on Ubuntu
1. How to check AppArmor status :
ehowstuff@ubuntu14:~$ sudo apparmor_status
apparmor module is loaded.
4 profiles are loaded.
4 profiles are in enforce mode.
/sbin/dhclient
/usr/lib/NetworkManager/nm-dhcp-client.action
/usr/lib/connman/scripts/dhclient-script
/usr/sbin/tcpdump
0 profiles are in complain mode.
1 processes have profiles defined.
1 processes are in enforce mode.
/sbin/dhclient (669)
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
2. Disable AppArmor and unload the kernel module by entering the following:
ehowstuff@ubuntu14:~$ sudo apt-get remove apparmor apparmor-utils -y
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
apparmor apparmor-utils
0 upgraded, 0 newly installed, 2 to remove and 119 not upgraded.
After this operation, 1,467 kB disk space will be freed.
(Reading database ... 93228 files and directories currently installed.)
Removing apparmor-utils (2.8.95~2430-0ubuntu5) ...
Removing apparmor (2.8.95~2430-0ubuntu5) ...
* Clearing AppArmor profiles cache [ OK ]
All profile caches have been cleared, but no profiles have been unloaded.
Unloading profiles will leave already running processes permanently
unconfined, which can lead to unexpected situations.
To set a process to complain mode, use the command line tool
'aa-complain'. To really tear down all profiles, run the init script
with the 'teardown' option."
Processing triggers for man-db (2.6.7.1-1) ...
Note : this steps works on ubuntu 14.04 minimal installation without GUI.
This post will show how to disable Security-Enhanced Linux (SELinux) on CentOS 6.5. The steps was very simple, but if we did not disable this feature, you may hit a problem when try to do software installation. SELinux checking for allowed operations after standard Linux discretionary access controls are checked.
1. Check selinux status :
[root@centos6 ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted
2. Disable SELinux on CentOS 6.4 permanently :
[root@centos6 ~]# vi /etc/sysconfig/selinux
Change “SELINUX=enforcing” to “SELINUX=disabled” :
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
There are four easy steps to disable Security-Enhanced Linux (SELinux) on CentOS 6.4. The steps was very simple, but if we did not disable this feature, you may hit a problem when try to do software installation. SELinux checking for allowed operations after standard Linux discretionary access controls are checked. Follow below steps to disable SELinux on CentOS 6.4.
1. Check selinux status :
[root@centos64 ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted
2. Disable SELinux immediately without reboot :
[root@centos64 ~]# setenforce 0
3. Disable SELinux on CentOS 6.4 permanently :
[root@centos64 ~]# vi /etc/sysconfig/selinux
Change “SELINUX=enforcing” to “SELINUX=disabled” :
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
Security-Enhanced Linux (SELinux) is a Linux feature that provides security mechanism for supporting access control security policies implemented in the kernel. SELinux checking for allowed operations after standard Linux discretionary access controls are checked. In this post i will shows on how to check SELinux status and disables SELinux on linux CentOS 6.3.
1. How to check SELinux on CentOS 6.3 ?
[root@centos63 ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted
or
[root@centos63 ~]# getenforce
Enforcing
2. How to disable SELinux on CentOS 6.3 permanently ?
[root@centos63 ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
or
[root@centos63 ~]# cat /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
Change “SELINUX=enforcing” to “SELINUX=disabled” :
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
Note : This will disable SELinux on your next reboot
SELinux is a Linux feature that provides a mechanism for supporting access control security policies in the Linux kernel. In this post, i will share on how to check Security-Enhanced Linux (SELinux) status on linux CentOS 5.8 server. First method to check the SELinux status is using sestatus command. Another method is check through configuration file.
1. Simply run sestatus command to immediately display the SELinux status :
[root@centos58 ~]# sestatus
Result :
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 21
Policy from config file: targeted
2. Display “/etc/selinux/config” config file to get SELINUX status :
[root@centos58 ~]# cat /etc/selinux/config
Example :
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0
In above configuration file, SELinux is set to “SELINUX=enforcing”, meaning that SELinux is enabled.
I want to start the Zimbra services. But i am getting the following issue while restarting zmcontrol using “zmcontrol start” command as per below error messages :
[zimbra@mail ~]$ zmcontrol start
Host mail.bloggerbaru.local
Starting zmconfigd...Done.
Starting logger...Done.
Starting mailbox...Done.
Starting antispam...Done.
Starting antivirus...Done.
Starting snmp...Done.
Starting spell...Failed.
Starting apache...httpd: Syntax error on line 232 of /opt/zimbra/conf/httpd.conf: Cannot load /opt/zimbra/httpd/modules/libphp5.so into server: /opt/zimbra/httpd/modules/libphp5.so: cannot restore segment prot after reloc: Permission denied
failed.
Answer : It was SELinux caused the Zimbra services problems failed to start and you have to disable selinux file as below :
1. Disable SELinux on your next reboot.
[root@centos6 ~]# vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0
To disable SELinux, without having to reboot, you can use the setenforce command as below:
In this post, i will share on how to check Security-Enhanced Linux (SELinux) status on Red Hat Enterprise Linux 6 (RHEL 6). SELinux is a Linux feature that provides a mechanism for supporting access control security policies in the Linux kernel. First method to check the SELinux status is using sestatus command. The sestatus command returns the SELinux status and the SELinux policy being used on Linux RHEL 6 server as per below example :
1. Simply run this command to check the SELinux status on your RHEL 6 :
[root@rhel6 ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
In above /etc/selinux/config, SELINUX is set to SELINUX=disabled.
If enable, it will be like below :
[root@rhel6 ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
If SELinux is enabled, it will look like SELINUX=permissive
In Redhat Enterprise Linux 6 (RHEL 6) minimal server installation, SELinux is set to enable. To disable SELinux, without having to reboot, you can use the setenforce command as below:
[root@rhel6 ~]# setenforce 0
To disabled the SELinux on your next reboot, please change “SELINUX=enforcing” to “SELINUX=disabled”.
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
Change to the following :
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
In CentOS 6.2 minimal server installation, SELinux is set to enable. To disabled the SELinux, please change “SELINUX=enforcing” to “SELINUX=disabled”. This will disable SELinux on your next reboot.
[root@centos6 ~]# vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
To disable SELinux, without having to reboot, you can use the setenforce command as below: