Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
but i do not know what to press to disable SELINUX, and when it is already disabled, does it need a reboot for it to be recognized as already disabled?
Last edited by SimpleTricks; 08-09-2013 at 02:08 AM.
vi is a text editor, if you don't know how to use it I recommend using nano.
To disable selinux you will need to make sure SELINUX=disabled is in /etc/selinux/config. You will need to reboot for changes to take effect
vi is a text editor, if you don't know how to use it I recommend using nano.
To disable selinux you will need to make sure SELINUX=disabled is in /etc/selinux/config. You will need to reboot for changes to take effect
Im not that good w linux can you help me know what are the steps i should do ti disable this using nano?
Here's a CentOS 6 oriented link: Disable SELinux CentOS 6 (basically the same as the earlier provided answer).
BTW: The editor (nano or vi) is your choice and not of any influence of the outcome.
EDIT: I've asked a moderator to move this to a more appropriate location to give it the exposure it deserves.
Thanks druna, yes it was that guide ive read a while ago that made me to use vi, however it does not say what specific controls to do on how to change the targeted from disabled.
... however it does not say what specific controls to do on how to change the targeted from disabled.
I'm not sure what you mean by the above.
Once you have changed SELINUX=enforcing to SELINUX=disabled in the /etc/selinux/config file and rebooted, you should be set.
Selinux is still installed, but will not bother you any more with its restrictions.
Quote:
Originally Posted by SimpleTricks
Sorry im really not that good with ssh.
I'm failing to see what ssh has got to do with this. ssh is a program that makes it possible to remotely log into machines and selinux is a security enhancement.
Please elaborate.
EDIT: I'm starting to wonder what your initial problem is and why you decided that disabling selinux would be the solution.
Distribution: Debian, Red Hat, AIX, Ubuntu, Fedora
Posts: 27
Rep:
Quote:
Originally Posted by SimpleTricks
Thanks druna, yes it was that guide ive read a while ago that made me to use vi, however it does not say what specific controls to do on how to change the targeted from disabled.
Sorry im really not that good with ssh.
The sestatus command should tell you if its enforcing or not.
You can then run setenforce 0 to turn it off and setenforce 1 to turn it back on. This is temporary so you can do this to see if it has any effect on the problem before turning it off permanently as detailed above.
I wouldn't recommend turning it off though. Why do you want to? Unless its an isolated/testing machine, really you should try to make it work, it has a purpose.
Once you have changed SELINUX=enforcing to SELINUX=disabled in the /etc/selinux/config file and rebooted, you should be set.
Selinux is still installed, but will not bother you any more with its restrictions.
I'm failing to see what ssh has got to do with this. ssh is a program that makes it possible to remotely log into machines and selinux is a security enhancement.
Please elaborate.
EDIT: I'm starting to wonder what your initial problem is and why you decided that disabling selinux would be the solution.
Im doing it on my putty, or areyou referring to another platform where this should be done? By SSH, i meant linux, sorry.
The guide says: Change SELINUX=enforcing to Change SELINUX=disabled and layed out some codes below it however it does not say how you will actually change it, i mean should you just type a command, or edit the code and then what?
Distribution: Debian, Red Hat, AIX, Ubuntu, Fedora
Posts: 27
Rep:
Quote:
Originally Posted by SimpleTricks
The guide says: Change SELINUX=disabled to Change SELINUX=disabled and layed out some codes below it however it does not say how you will actually change it, i mean should you just type a command, or edit the code and then what?
Change it to say SELINUX=disabled instead of SELINUX=disabled, then save that. That is what will change it. SELinux reads that file for its configuration.
Run the command sestatus as this will actually tell you if SELinux is enabled and what state is is in.
The guide says: Change SELINUX=enforcing to Change SELINUX=disabled and layed out some codes below it however it does not say how you will actually change it, i mean should you just type a command, or edit the code and then what?
Ok, it seems your Linux knowledge is limited.
Before I answer the above question I do have to ask one myself: Why do you need to change the selinux setting? Are you running into a specific problem and decided that disabling it would be the best choice? We might come up with a better solution if you tell us what the actual problem was that made you (or someone else) think that selinux should be disabled.
About changing the /etc/selinux/config file:
1) Using putty log into the machine that needs to be changed.
2) Make sure you are the root user (id -un <- should show root)
2a) If you are not the root user use the following to do so: su - You will be asked the root password.
I could explain how to do this using vi, but I'm going to use sed instead (less chance of something going wrong):
3) Use the following to change enforcing into disabled:
Code:
sed -i.bak 's/^SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
The above sed command makes a backup of the original file (just in case).
You can check /etc/selinux/config, using vi or cat, to see if the entry is changed. If that is the case: Reboot.
Distribution: Red Hat, Fedora Core, Linux Mint, CentOS
Posts: 12
Rep:
Permissive setting
I just want to add, albeit 5 years later, that there is also a 'permissive' setting that can be used instead of 'disabled'. Using the permissive setting resolved the problem I was having with Drupal telling me that a directory was not writable.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.