Security-Enhanced Linux, also know as SELinux, implements various security policies on Linux and additional levels of access crontrol. It was originally developed by the U.S. National Security Agency to adhere to the "Orange Book" guidelines. On CentOS 5 it is enabled by default, but there may be circumstances where you don’t need SELinux’s additional security and may want to disable it.
The SELinux configuration file on CentOS is located at /etc/selinux/config and after a default install looks like this:
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=enforcing # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted
To disable SELinux you need to change "SELINUX=enforcing" to "SELINUX=disabled" so that the configuration file now looks like this:
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=disabled # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted
This would then disable SELinux on your next reboot. To change the SELinux setting right now, without having to reboot, you can use the setenforce command like so:
setenforce 0
However this will only put SELinux into permissive mode until the next reboot, meaning that SELinux is running and logging but not actually controlling permissions. To make the change permanant, and to disable SELinux completely, you need to modify the configuration file as detailed above and reboot.
It’s also possible to change the SELinux setting without editing the configuration file manually, by running the following command:
/usr/bin/system-config-securitylevel-tui
This displays a dialog like so, which allows you to change the SELinux settings, and make some very basic firewall settings changes:
Firewall Configuration
A firewall protects against unauthorized
network intrusions. Enabling a firewall blocks
all incoming connections. Disabling a firewall
allows all connections and is not recommended.
Security Level: (*) Enabled ( ) Disabled
SELinux: Enforcing
Permissive
Disabled
OK Customize Cancel
Normally you wouldn’t want or need to change or disable SELinux; this is just a guide in case you do need to for some reason or other.