Pre-requisites:
A system with CentOS Stream 9 installed and running
Access to a terminal or command line
Root or sudo privileges
SELinux is a Mandatory Access Control (MAC) system, developed by the NSA.
When SELinux is enabled, it can run in either enforcing or permissive modes.
When SELinux is installed on your system, it can be either enabled or disabled. By default, your hosting provider might have SELinux in an enabled state on your Linux machine.
If you want to disable SELinux, update your SELinux configuration file using the text editor of your choice. Set the SELinux directive to disabled.
vim /etc/selinux/config
Verify which SELinux packages are installed on your system:
rpm -aq | grep selinux
SELinux can take one of these three values: enforcing, permissive, or disabled.
Reboot your server for the changes to take effect:
reboot
Verify your SELinux installation’s status:
sestatus
You can check which mode your system is running by issuing the following command:
getenforce
Use the following command to view SELinux policy modules currently loaded into memory
semodule -l
To get the list of ports of SELinux
semanage port -l
If you encounter the following error:
-bash: semanage: command not found
You can use dnf provides to search the repository for packages that provide a particular file
You need to use the following command to find out the package that provides the queried file /usr/sbin/semanage
dnf provides /usr/sbin/semanage
From the output, you can see that we need to install policycoreutils-python-utils package to use the semanage command
The policycoreutils-python-utils package contains the management tools used to manage an SELinux environment. Install the package if not already installed.
dnf install policycoreutils-python-utils
Some optional, but useful packages to install for advanced SELinux management:
– setools: provides command line tools to analyze and compare SELinux policies
– setools-console: a graphical interface for the “setools” package
By default, SELinux log messages are written to /var/log/audit/audit.log
For more information:
https://selinuxproject.org/page/User_Resources