Security is an essential element of server administration; however, personal or small projects can safely sacrifice certain aspects of security. In the case of Linux distributions, many of them already have strong security policies in place. In particular, CentOS 7 and RHEL are emerging as the most reliable security options in the entire Linux environment thanks to SELinux multi-level security protection.
However, sometimes too many security policies can make some everyday and community tasks difficult. That is why it is sometimes necessary to disable certain measures. In this post, we will teach you how to disable SELinux on CentOS 7 (disable SELinux).
What is SELinux?
SELinux on the system you installed is a security control feature that restricts access to specific kernel modules. CentOS 7 and RHEL implement it by default to provide an additional layer of security for the system. However, it can be implemented on other Linux distributions like Debian.
SELinux is managed through certain rules called “policies” that restrict or allow the use of certain applications for essential parts of the system. The problem is that making these policies is very difficult.
SELinux currently has three states:
- Enforcing: The compliance state denies all unauthorized access. In this state, we refer to it as SELinux enabled.
- Permissive: In Permissive, SELinux prints warnings. Unlike the first state, this state allows unauthorized access but displays a warning.
- Disable: SELinux’s Disable state means that the feature is disabled and allows access without warning.
Now that we know how SELinux works, we know if it’s worth disabling it.
Disable SELinux (Disable SELinux)
It is possible to disable SELinux temporarily or permanently; each option has its own advantages. Doing so temporarily will allow us to test without sacrificing system security. Once the system is rebooted, SELinux will be enabled again.
On the other hand, if we disable SELinux permanently, we will be able to work faster, especially if it is a personal or medium-sized project. We should keep in mind that, at this point, most Linux distributions have very good security policies so we can risk continuing without SELinux.
In this post, we will teach you how to disable it with both methods.
Temporarily disable SELinux on CentOS 7
First, we need to access the server using SSH. If you have any questions on how to do it, check out our ! Run the following command:
ssh your-user@your-server
On the other hand, if we are using CentOS on our personal computer, we just need to open the terminal.
After that, we have to check the status of SELinux. It is quite simple and we can do it with the following command:
status
In the output we will be notified that SELinux is enabled with the state of compliance (enforcing).
To temporarily disable it, we only execute the following command:
its setenforce 0
Now, we need to check the SELinux status again.
The output will show that SELinux is now in permissive mode, which means we can easily use the system.
Since it is temporarily disabled, the changes will be made automatically, at reboot time, when SELinux is restarted. The main advantage of this method is that there is no need to reboot the system.
Disable SELinux permanently on CentOS 7
To permanently disable SELinux, we will need to edit a configuration file.
First, let’s install the nano text editor:
yum install nano
After that we need to edit the selinux configuration file.
nano /etc/sysconfig/selinux
We will edit the value of SELINUX. The file is very descriptive and shows the different values that we can assign. In other words, the different states that SELinux can take.
In this case, to disable it completely, we must define the value in disabled.
SELINUX=disabled
So, we have to save the file by pressing CTRL + O and close it with CTRL + X. For all of this to work, we need to reboot the system, and then we can check if the update worked by running this command on the command line:
status
This will disable SELinux on CentOS 7.
conclusion
SELinux is a great security tool for CentOS 7. However, for some people, it can be a bit annoying and inconvenient. When you’re thinking about disabling a security layer, always think about whether it’s a risk you’re willing to take.
In this tutorial, we present an overview of how to disable SELinux (disable SELinux) temporarily and permanently, according to the needs we may have. We hope this tutorial has been useful to you!
Gustavo is passionate about creating websites. He focuses on the application of SEO strategies at for Spain and Latin America, as well as the creation of high-level content. When he is not applying new WordPress tricks you can find him playing the guitar, traveling or taking an online course.
Facebook Comments
Disqus