SELinux is available in all major distros by default. During the installation of Linux [RedHat/Fedora], you will be prompted to enable or disable SELinux along with the firewall option.
In Fedora/Redhat, SELinux can be enabled or disabled by editing the file “/etc/selinux/config “. There are 3 modes for the parameter SELINUX. They are:
SELINUX = disabled
SELINUX = permissive
SELINUX = enforcing
The values ‘disabled‘ and ‘permissive‘ are mainly used to disable SELinux in a server.
The value “disabled” will completely switch off SELinux. All operations will be allowed to work normally and the policies of security attributes will not have any effect on the services or files.
The value “permissive” will allow all operations, but logs those which can be denied using the policy. All warnings get logged, thereby allowing the audit of each process interaction for creating corresponding policy rules.
No comments:
Post a Comment