Configure SELinux - Part 2

Configure SELinux - Part 2

Ensure the SELinux state is enforcing

Overview:

Set SELinux to enable when the system is booted.

Why:

SELinux must be enabled at boot time in to ensure that the controls it provides are in effect at all times.

Audit:

Run the following commands and ensure output matches:

# grep SELINUX=enforcing /etc/selinux/config SELINUX=enforcing
# sestatus
SELinux status: enabled
Current mode: enforcing
Mode from config file: enforcing

Run the following command and verify that all linux lines include the parameter enforcing=1

grep "^\s*linux" /boot/grub/grub.cfg 

Fix:

Edit the /etc/selinux/config file to set the SELINUX parameter:

SELINUX=enforcing 

Edit /etc/default/grub and add the following parameters to the GRUB_CMDLINE_LINUX= line:

enforcing=1 

Example:

GRUB_CMDLINE_LINUX_DEFAULT="quiet"
GRUB_CMDLINE_LINUX="selinux=1 security=selinux enforcing=1 audit=1"

Run the following command to update the grub2 configuration:

# update-grub 

Share Tweet Send
0 Comments
Loading...

Related Articles

You've successfully subscribed to Songer Tech
Great! Next, complete checkout for full access to Songer Tech
Welcome back! You've successfully signed in
Success! Your account is fully activated, you now have access to all content.