SELinux (Security-Enhanced Linux) is a security module built into the Linux kernel that provides access control and other security features. By default, SELinux is usually enabled on CentOS and Red Hat Enterprise Linux, but it may be set to permissive mode, which logs violations but does not enforce them. To turn on SELinux protection, you can follow these steps:
- Check the current status of SELinux by running the following command:
sestatus
This will show the current SELinux mode (enforcing, permissive, or disabled).
- If SELinux is currently in permissive mode, you can set it to enforcing mode by editing the
/etc/selinux/configfile with a text editor and changing theSELINUXparameter toenforcing, like so:
SELINUX=enforcing
Save the file and exit.
- Reboot your system to apply the new SELinux mode. Alternatively, you can set SELinux to enforcing mode without a reboot by running the following command:
setenforce 1
This will immediately change the SELinux mode to enforcing.
- After changing the SELinux mode, you may need to modify SELinux policy rules to allow specific services or applications to function properly. You can use tools like
semanageoraudit2allowto modify SELinux policy rules.
That’s it! You have successfully turned on SELinux protection on your CentOS or Red Hat Enterprise Linux system.