Fri. Aug 7th, 2020

What is Secure Enhanced Linux (SELinux)?

1 min read
SELinux (Secure Enhanced Linux) is a new Linux security policy mechanism developed by the National Security Agency for the security of computer infrastructure. SELinux allows system administrators more flexibility in defining security policies. SELinux is a kernel-level security mechanism. SELinux has been integrated into the kernel since the Linux2.6 kernel. Because SELinux is kernel-level, we need to restart the operating system to modify its configuration files to take effect.
Now the mainstream Linux versions have integrated the SELinux mechanism, and CentOS/RHEL will turn on the SELinux mechanism by default.
SELinux working level:
  • strict: each process is controlled by SELinux
  • targeted: only limited processes are controlled by SELinux; only monitor processes that are vulnerable to intrusion

SELinux working mode status

  • enforcing: mandatory, any action that violates the policy will be banned and recorded as kernel information
  • permissive: enabled, actions that violate policies will not be banned, but warning messages will be prompted and recorded in the audit log;
  • disabled: disables SELinux. When you do not know much about SELinux, set the mode to disabled, and there will be no problems when accessing some network applications.
How to view and configure SELinux 
  • View SELinux status
  • Configure SELinux status: This configuration takes effect temporarily. Restart has no effect. To change to permissive¬†mode, you can use a command
    getenforce 0
  • Configure the SELinux config file (/etc/selinux/config): This configuration takes effect permanently. You need to restart the system after the configuration takes effect.