100-Days-Of-DevOps-Challenge-KodeKloud

Install and Configuration Selinux

Following a security audit, the xFusionCorp Industries security team has opted to enhance application and server security with SELinux. To initiate testing, the following requirements have been established for App server 2 in the Stratos Datacenter:

• Install the required SELinux packages.
• Permanently disable SELinux for the time being; it will be re-enabled after necessary configuration changes.
• No need to reboot the server, as a scheduled maintenance reboot is already planned for tonight.
• Disregard the current status of SELinux via the command line; the final status after the reboot should be disabled.

Steps

1. Install selinux packages:

    sudo dnf install selinux-policy selinux-policy-targeted policycoreutils policycoreutils-python-utils
   

2. Modify file in `/etc/selinux/config:

    vi /etc/selinux/config
   

   add this line:

    SELINUX=disabled
   

Good to Know?

SELinux (Security-Enhanced Linux)

• Purpose: Mandatory Access Control (MAC) security framework
• Modes: Enforcing, Permissive, Disabled
• Policies: Targeted (default), Strict, MLS (Multi-Level Security)
• Context: Every file/process has security context (user:role:type:level)

SELinux States

• Enforcing: Policies actively enforced, violations blocked
• Permissive: Policies logged but not enforced (audit mode)
• Disabled: SELinux completely turned off

Key Commands

• getenforce: Check current SELinux mode
• setenforce 0/1: Temporarily set permissive/enforcing
• sestatus: Detailed SELinux status
• sealert: Analyze SELinux denials

Configuration Files

• /etc/selinux/config: Main configuration
• /var/log/audit/audit.log: SELinux violations
• /etc/selinux/targeted/: Policy files

This site is open source. Improve this page.