Question
Following a security audit, the xFusionCorp Industries security team has opted to enhance application and server security with SELinux. To initiate testing, the following requirements have been established for App server 2 in the Stratos Datacenter:Install the required SELinux packages.
Permanently disable SELinux for the time being; it will be re-enabled after necessary configuration changes.
No need to reboot the server, as a scheduled maintenance reboot is already planned for tonight.
Disregard the current status of SELinux via the command line; the final status after the reboot should be disabled.
Answer
1. Install Required SELinux Packages
sudo yum install -y policycoreutils selinux-policy selinux-policy-targeted
2. Permanently Disable SELinux
We don’t disable it temporarily (with setenforce 0) because the requirement is permanently disabled after reboot.
- Edit the SELinux configuration file: sudo vi /etc/selinux/config
- Change the line:
SELINUX=enforcingto SELINUX=disabled - Save & exit.
3. Do Not Reboot Now
- The team already scheduled a reboot later.
- Even if
sestatusorgetenforceshowsenforcingorpermissivenow, that’s fine. - After the scheduled reboot, SELinux will load as disabled because of the config change.
4. Verification (Optional Before Reboot)
- Check the config file to confirm: grep SELINUX= /etc/selinux/config
- Expected output: SELINUX=disabled
Tags
100DaysOfDevOps