Security is an essential element of server administration. However, personal or small projects can sacrifice certain aspects of security. In the case of Linux distributions, many of them already have strong security policies. In particular, CentOS 7 and RHEL are emerging as the most reliable security options in all of Linux thanks to SELinux multi-level security protection.
However, sometimes too many security policies can hinder some daily and community tasks. That is why it is sometimes necessary to deactivate certain measures. In this post, we will teach you how to disable SELinux on CentOS 7.
What is SELinux?
SELinux on the system you installed is a security control feature that restricts access to specific kernel modules. CentOS 7 and RHEL implement it by default to provide an extra layer of security for the system. However, it can be implemented in other Linux distributions such as Debian.
SELinux is managed through certain rules called “policies” that restrict or allow the use of certain applications for essential parts of the system. The problem is that making these policies is very difficult.
SELinux currently has three statuses:
- The enforcement status denies all unauthorized access. In this state, we refer to it as SELinux enabled
- in permissive SELinux print warnings. Unlike the first state, this status allows unauthorized access but displays a warning
- means the feature is disabled and allows all access without warnings
Disabling SELinux status
Now that we know how SELinux works, we know if it’s worth disabling
. Disabling SELinux You can disable
SELinux
temporarily
or permanently. Each has its own advantages. Doing so temporarily will allow us to test without sacrificing system security. Once the system restarts, SELinux will be activated again.
On the other hand, if we deactivate SELinux permanently, we can work faster especially if it is a personal or medium-sized project. We must bear in mind that, at this point, most Linux distributions have very good security policies so we can afford it.
In this post, we will teach you how to do it both ways on CentOS 7.
Disable SELinux temporarily on CentOS 7
First, we need to access the server using SSH. If you have any questions about how to do this, check out our SSH tutorial! Run the following command:
ssh su-user@your-server
On the other hand, if we are using CentOS on our personal computer, we only need to open the terminal
.
After that, we have to check the status of SELinux. It is quite simple and we can do it
with the following command: sstatus
In the output we will be notified
that, SELinux is enabled with the application status.
To disable it temporarily we just run the following command:
its setenforce 0
Now, we need to check the status of
SELinux again.
The output will show that SELinux is now in permissive mode, which means we can use the system easily.
As it is temporarily disabled, changes will be made automatically, at the time of reboot, when SELinux is restarted. The main advantage of this method is that there is no need to restart the system.
Disable SELinux
permanently on CentOS 7
To disable SELinux permanently, we will need to edit a
configuration file. First, let’s install the text editor nano:yum install nano
After that, we need to edit the selinux configuration file
. nano /etc/sysconfig/selinux
We will edit the
value of SELINUX. The file is very descriptive and shows the different values that we can assign. In other words, the different states that SELinux can take. In this case, to disable it completely, we have to set the value to Disabled.
SELINUX=disabled
Then, we need to save the file by pressing CTRL + O and close it with CTRL + X. For all this to work, we need to restart the system, and then we can check if the update worked by running this command on the command line:
sstatus
This will have been disabled on CentOS
7.
Conclusion
SELinux is a great security tool for CentOS 7. However, for some people, it can be a bit annoying and inconvenient. When considering disabling a layer of security, always think about whether it’s a risk you’re willing to take.
In this post, we
review how to disable SELinux temporarily and permanently, according to the needs we may have. We hope you found this tutorial useful!