How to Disabled SELinux using Command Line on CentOS 6/RHEL 6

In this short article, I’ll show you an easy way to disable SELinux in RHEL or CentOS 6 6. You only need to run the following command line. After that, make sure you reboot your CentOS server for changes to take effect.

1. Verify the SELINUX setting before changes :

[root@centos66 ~]# sestatus
SELinux status:                 enforcing

Check the config file :

[root@centos66 ~]# cat /etc/sysconfig/selinux
..
..
SELINUX=enforcing
..
..

2. Issue the following command to changes the config file :

[root@centos66 ~]# sed -i 's/(^SELINUX=).*/SELINUX=disabled/' /etc/sysconfig/selinux

3. Verify the SELINUX status again :

[root@centos66 ~]# sestatus
SELinux status:                 disabled

Check the config file again :

[root@centos66 ~]# cat /etc/sysconfig/selinux

It will change the following, SELINUX=disabled

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

4. Reboot the CentOS/RHEL server :

[root@centos66 ~]# reboot

How to Disable SELinux on RHEL 7/CentOS 7/Oracle Linux 7

Security-Enhanced Linux (SELinux) is an implementation of security policies for operating systems that provides a mechanism to support and help control access in the linux kernel. On Red Hat Enterprise Linux 7 (RHEL 7), CentOS 7 and Oracle Linux 7 (OL7), SELinux services were installed by default. The following tutorial will show you the basic steps to permanently disable SELinux on RHEL 7, CentOS 7 and OL7.

1. Check SELinux status :

[root@centos7 ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28

2. Open selinux configuration file :

[root@centos7 ~]# vi /etc/sysconfig/selinux

3. Change “SELINUX=enforcing” to “SELINUX=disabled” and save the configuration file :

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

4. Reboot the server to take effect :

[root@centos7 ~]# reboot

5. After reboot, you can verify the status of SELinux. Issue “sestatus” command to verify that SELinux permanently disabled:

[root@centos7 ~]# sestatus
SELinux status:                 disabled

How to Disable and Remove AppArmor on Ubuntu 14.04

remove AppArmor on UbuntuAppArmor is a Mandatory Access Control (MAC) and security extension that provides a variety of security policies for Linux kernel. It is an alternative application to SELinux and included with Ubuntu. Most of the time you don’t need it to configure a secure system, and it usually causes more problems because some service wasn’t working as expected. Below steps will show you how to disable and remove AppArmor on Ubuntu 14.04.

Steps to Disable and Remove AppArmor on Ubuntu

1. How to check AppArmor status :

ehowstuff@ubuntu14:~$ sudo apparmor_status
apparmor module is loaded.
4 profiles are loaded.
4 profiles are in enforce mode.
   /sbin/dhclient
   /usr/lib/NetworkManager/nm-dhcp-client.action
   /usr/lib/connman/scripts/dhclient-script
   /usr/sbin/tcpdump
0 profiles are in complain mode.
1 processes have profiles defined.
1 processes are in enforce mode.
   /sbin/dhclient (669)
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.

2. Disable AppArmor and unload the kernel module by entering the following:

ehowstuff@ubuntu14:~$ sudo /etc/init.d/apparmor stop
ehowstuff@ubuntu14:~$ sudo update-rc.d -f apparmor remove

or

ehowstuff@ubuntu14:~$ sudo service apparmor stop
ehowstuff@ubuntu14:~$ sudo update-rc.d -f apparmor remove

3. Remove AppArmor software :

ehowstuff@ubuntu14:~$ sudo apt-get remove apparmor apparmor-utils -y

Example :

ehowstuff@ubuntu14:~$ sudo apt-get remove apparmor apparmor-utils -y
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
  apparmor apparmor-utils
0 upgraded, 0 newly installed, 2 to remove and 119 not upgraded.
After this operation, 1,467 kB disk space will be freed.
(Reading database ... 93228 files and directories currently installed.)
Removing apparmor-utils (2.8.95~2430-0ubuntu5) ...
Removing apparmor (2.8.95~2430-0ubuntu5) ...
 * Clearing AppArmor profiles cache                                                          [ OK ]
All profile caches have been cleared, but no profiles have been unloaded.
Unloading profiles will leave already running processes permanently
unconfined, which can lead to unexpected situations.

To set a process to complain mode, use the command line tool
'aa-complain'. To really tear down all profiles, run the init script
with the 'teardown' option."
Processing triggers for man-db (2.6.7.1-1) ...

Note : this steps works on ubuntu 14.04 minimal installation without GUI.

Disable SELinux on CentOS 6.5

This post will show how to disable Security-Enhanced Linux (SELinux) on CentOS 6.5. The steps was very simple, but if we did not disable this feature, you may hit a problem when try to do software installation. SELinux checking for allowed operations after standard Linux discretionary access controls are checked.

1. Check selinux status :

[root@centos6 ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

2. Disable SELinux on CentOS 6.4 permanently :

[root@centos6 ~]# vi /etc/sysconfig/selinux

Change “SELINUX=enforcing” to “SELINUX=disabled” :

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

3. Reboot CentOS 6.5 Operating system :

[root@centos6 ~]# init 6

or

[root@centos6 ~]# reboot

4 Steps to Disable SELinux on CentOS 6.4

There are four easy steps to disable Security-Enhanced Linux (SELinux) on CentOS 6.4. The steps was very simple, but if we did not disable this feature, you may hit a problem when try to do software installation. SELinux checking for allowed operations after standard Linux discretionary access controls are checked. Follow below steps to disable SELinux on CentOS 6.4.

1. Check selinux status :

[root@centos64 ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

2. Disable SELinux immediately without reboot :

[root@centos64 ~]# setenforce 0

3. Disable SELinux on CentOS 6.4 permanently :

[root@centos64 ~]# vi /etc/sysconfig/selinux

Change “SELINUX=enforcing” to “SELINUX=disabled” :

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

4. Reboot Operating system :

[root@centos64 ~]# reboot

How to Check and Disable SELinux on CentOS 6.3

Security-Enhanced Linux (SELinux) is a Linux feature that provides security mechanism for supporting access control security policies implemented in the kernel. SELinux checking for allowed operations after standard Linux discretionary access controls are checked. In this post i will shows on how to check SELinux status and disables SELinux on linux CentOS 6.3.

1. How to check SELinux on CentOS 6.3 ?

[root@centos63 ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

or

[root@centos63 ~]# getenforce
Enforcing

2. How to disable SELinux on CentOS 6.3 permanently ?

[root@centos63 ~]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted


or

[root@centos63 ~]# cat /etc/sysconfig/selinux

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted


Change “SELINUX=enforcing” to “SELINUX=disabled” :


# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted


Note : This will disable SELinux on your next reboot

[root@centos63 ~]# sestatus
SELinux status:                 disabled

3. How to disable SELinux on CentOS 6.3 immediately without reboot :

[root@centos63 ~]# setenforce 0

Check SELinux status :

[root@centos63 ~]# getenforce
Permissive

How To Check SELinux Status on CentOS 5.8

SELinux is a Linux feature that provides a mechanism for supporting access control security policies in the Linux kernel. In this post, i will share on how to check Security-Enhanced Linux (SELinux) status on linux CentOS 5.8 server. First method to check the SELinux status is using sestatus command. Another method is check through configuration file.

1. Simply run sestatus command to immediately display the SELinux status :

[root@centos58 ~]# sestatus

Result :

SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 21
Policy from config file:        targeted

2. Display “/etc/selinux/config” config file to get SELINUX status :

[root@centos58 ~]# cat /etc/selinux/config

Example :

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.
#       mls - Multi Level Security protection.
SELINUXTYPE=targeted
# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0


In above configuration file, SELinux is set to “SELINUX=enforcing”, meaning that SELinux is enabled.

How to Fix “cannot restore segment prot after reloc: Permission denied” error While Restarting zmcontrol on Zimbra

Question :

I want to start the Zimbra services. But i am getting the following issue while restarting zmcontrol using “zmcontrol start” command as per below error messages :

[zimbra@mail ~]$ zmcontrol start
Host mail.bloggerbaru.local
        Starting zmconfigd...Done.
        Starting logger...Done.
        Starting mailbox...Done.
        Starting antispam...Done.
        Starting antivirus...Done.
        Starting snmp...Done.
        Starting spell...Failed.
Starting apache...httpd: Syntax error on line 232 of /opt/zimbra/conf/httpd.conf: Cannot load /opt/zimbra/httpd/modules/libphp5.so into server: /opt/zimbra/httpd/modules/libphp5.so: cannot restore segment prot after reloc: Permission denied
failed.

Answer :
It was SELinux caused the Zimbra services problems failed to start and you have to disable selinux file as below :

1. Disable SELinux on your next reboot.

[root@centos6 ~]# vi /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.
#       mls - Multi Level Security protection.
SELINUXTYPE=targeted
# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0

To disable SELinux, without having to reboot, you can use the setenforce command as below:

[root@mail ~]# setenforce 0

2. Rerun zmcontrol start command again :

[zimbra@mail ~]$ zmcontrol start
Host mail.bloggerbaru.local
        Starting zmconfigd...Done.
        Starting logger...Done.
        Starting mailbox...Done.
        Starting antispam...Done.
        Starting antivirus...Done.
        Starting snmp...Done.
        Starting spell...Done.
        Starting mta...Done.
        Starting stats...Done.

How to Check SELinux Status on RHEL 6

In this post, i will share on how to check Security-Enhanced Linux (SELinux) status on Red Hat Enterprise Linux 6 (RHEL 6). SELinux is a Linux feature that provides a mechanism for supporting access control security policies in the Linux kernel. First method to check the SELinux status is using sestatus command. The sestatus command returns the SELinux status and the SELinux policy being used on Linux RHEL 6 server as per below example :

1. Simply run this command to check the SELinux status on your RHEL 6 :

[root@rhel6 ~]# /usr/sbin/sestatus
SELinux status:                 disabled

or

[root@rhel6 ~]# sestatus
SELinux status:                 disabled

2. Alternatively, you can run this command :

[root@rhel6 ~]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

In above /etc/selinux/config, SELINUX is set to SELINUX=disabled.

If enable, it will be like below :

[root@rhel6 ~]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

If SELinux is enabled, it will look like SELINUX=permissive

How to Disable the SELinux on RHEL 6

In Redhat Enterprise Linux 6 (RHEL 6) minimal server installation, SELinux is set to enable. To disable SELinux, without having to reboot, you can use the setenforce command as below:

    [root@rhel6 ~]# setenforce 0
    

To disabled the SELinux on your next reboot, please change “SELINUX=enforcing” to “SELINUX=disabled”.

    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    #     enforcing - SELinux security policy is enforced.
    #     permissive - SELinux prints warnings instead of enforcing.
    #     disabled - No SELinux policy is loaded.
    SELINUX=enforcing
    # SELINUXTYPE= can take one of these two values:
    #     targeted - Targeted processes are protected,
    #     mls - Multi Level Security protection.
    SELINUXTYPE=targeted
    

Change to the following :

    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    #     enforcing - SELinux security policy is enforced.
    #     permissive - SELinux prints warnings instead of enforcing.
    #     disabled - No SELinux policy is loaded.
    SELINUX=disabled
    # SELINUXTYPE= can take one of these two values:
    #     targeted - Targeted processes are protected,
    #     mls - Multi Level Security protection.
    SELINUXTYPE=targeted
    

How to Disable the SELinux on CentOS 6.2

In CentOS 6.2 minimal server installation, SELinux is set to enable. To disabled the SELinux, please change “SELINUX=enforcing” to “SELINUX=disabled”. This will disable SELinux on your next reboot.

    [root@centos6 ~]# vi /etc/selinux/config
    
    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    #     enforcing - SELinux security policy is enforced.
    #     permissive - SELinux prints warnings instead of enforcing.
    #     disabled - No SELinux policy is loaded.
    SELINUX=enforcing
    # SELINUXTYPE= can take one of these two values:
    #     targeted - Targeted processes are protected,
    #     mls - Multi Level Security protection.
    SELINUXTYPE=targeted
    
    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    #     enforcing - SELinux security policy is enforced.
    #     permissive - SELinux prints warnings instead of enforcing.
    #     disabled - No SELinux policy is loaded.
    SELINUX=disabled
    # SELINUXTYPE= can take one of these two values:
    #     targeted - Targeted processes are protected,
    #     mls - Multi Level Security protection.
    SELINUXTYPE=targeted
    

To disable SELinux, without having to reboot, you can use the setenforce command as below:

    [root@centos6 ~]# setenforce 0