Configure SELinux – Part 2

Ensure the SELinux state is enforcing

Overview:

Set SELinux to enable when the system is booted.

Why:

SELinux must be enabled at boot time in to ensure that the controls it provides are in effect at all times.

Audit:

Run the following commands and ensure output matches:

# grep SELINUX=enforcing /etc/selinux/config SELINUX=enforcing
# sestatus
SELinux status: enabled
Current mode: enforcing
Mode from config file: enforcing

Run the following command and verify that all linux lines include the parameter enforcing=1

grep "^\s*linux" /boot/grub/grub.cfg 

Fix:

Edit the /etc/selinux/config file to set the SELINUX parameter:

SELINUX=enforcing 

Edit /etc/default/grub and add the following parameters to the GRUB_CMDLINE_LINUX= line:

enforcing=1 

Example:

GRUB_CMDLINE_LINUX_DEFAULT="quiet"
GRUB_CMDLINE_LINUX="selinux=1 security=selinux enforcing=1 audit=1"

Run the following command to update the grub2 configuration:

# update-grub 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

A WordPress.com Website.

Up ↑

%d bloggers like this: