SELinux (Security-Enhanced Linux)
When we install a new RHEL OS on any machine then by default SELinux feature becomes Enforcing. You can disable it at the time of installation of RHEL OS but if you forget to change it then you can change it later but you need to reboot the server. Status of SELinux can be checked using the command getenforce.
[root@RHEL6.8 ~]# getenforce Enforcing
It can be set to any of the below three levels as shown below:
enforcing – SELinux security policy is enforced.
permissive – SELinux prints warnings instead of enforcing.
disabled – No SELinux policy is loaded.
Disable SELinux
To run some software or application on RHEL you need to disable the SELinux feature. To disable the SELinux feature you need to edit the /etc/selinux/config file. Change the value of SELINUX from enforcing to disabled. After changing the value you need to reboot the server.
[root@RHEL6.8 ~]# vi /etc/selinux/config . . # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=disabled # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted . .
Once the server is rebooted these changes will come into effect which can be verified using the command getenforce and its output should be disabled.
[root@RHEL6.8 ~]# getenforce Disabled
Note: I need to disable the SELinux on RHEL 6.8 for the installation of IBM Bigfix Agent as per their prerequisite.
No Responses