Day 5: SElinux Installation and Configuration

Question 

Following a security audit, the xFusionCorp Industries security team has opted to enhance application and server security with SELinux. To initiate testing, the following requirements have been established for App server 2 in the Stratos Datacenter: 


Install the required SELinux packages. 

Permanently disable SELinux for the time being; it will be re-enabled after necessary configuration changes.
No need to reboot the server, as a scheduled maintenance reboot is already planned for tonight.
Disregard the current status of SELinux via the command line; the final status after the reboot should be disabled.





Answer

1. Install Required SELinux Packages

        sudo yum install -y policycoreutils selinux-policy selinux-policy-targeted

2. Permanently Disable SELinux

We don’t disable it temporarily (with setenforce 0) because the requirement is permanently disabled after reboot.

  • Edit the SELinux configuration file: sudo vi /etc/selinux/config
  • Change the line: SELINUX=enforcing to SELINUX=disabled
  • Save & exit.


3. Do Not Reboot Now

  • The team already scheduled a reboot later.
  • Even if sestatus or getenforce shows enforcing or permissive now, that’s fine.
  • After the scheduled reboot, SELinux will load as disabled because of the config change.


4. Verification (Optional Before Reboot)

  • Check the config file to confirm: grep SELINUX= /etc/selinux/config
  • Expected output: SELINUX=disabled

Post a Comment

Previous Post Next Post