April 19, 2014

CentOS 5 Disable SELinux

NSA Security-Enhanced Linux (SELinux) is an implementation of a flexible mandatory access control architecture in the Linux operating system. The SELinux architecture provides general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement(R), Role Based Access Control, and Multi-Level Security. Background information and technical documentation about SELinux can be found at http://www.nsa.gov/research/selinux/index.shtml

# man selinux

If you really need to disable SELinux on your system please consider the following:

or you’re considering one of the alternates:

AppArmor http://www.novell.com/linux/security/apparmor/
Bastille Linux http://bastille-linux.sourceforge.net/
grsecurity http://grsecurity.net/

# vi /etc/selinux/config

Change SELINUX=enforcing

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - SELinux is fully disabled.
SELINUX=enforcing
# SELINUXTYPE= type of policy in use. Possible values are:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.
SELINUXTYPE=targeted

to SELINUX=disabled

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - SELinux is fully disabled.
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.
SELINUXTYPE=targeted

This will disable SELinux on your next reboot.

  • John R. Dennison

    Why would you EVER either recommend that SELinux be disabled or provide information on how to do so? That’s like giving someone a loaded gun so they can shoot themselves in the face with it.

    SELinux is provide with, and enabled by default, for a reason. It allows security issues to be fully compartmentalized so that a single incident can be isolated so that it may not adversely affect the entire system.

    Providing this information on a site the purports to provide “HowTo” articles for the good of the CentOS community is doing so with extremely poor judgement on your part.

  • http://www.gotaclick.com/search-engine-optimization/ Search Engine Optimization

    Thanks for the info, yes it could be very dangerous, but nice to know there are alternatives out there and you are not forced to use SELinux if you dont want to. Glad you actually show how to do it :)

  • Sade_in

    This is a silly How2. You should actually be showing how selinux works and how to configure it for a webserver, mailserver and so on…

  • Dezertol

    no… it should be how to disable it on every system in the world… selinux is garbage…. it stops people that know what they’re doing from getting it done and it’s a false sense of security for everyone else.. ..

    learn how to harden your linux box and selinux is both pointless and useless..
    if you can’t harden a linux box you should not be using it.