Configure SELinux – Part 2

Ensure the SELinux state is enforcing


Set SELinux to enable when the system is booted.


SELinux must be enabled at boot time in to ensure that the controls it provides are in effect at all times.


Run the following commands and ensure output matches:

# grep SELINUX=enforcing /etc/selinux/config SELINUX=enforcing
# sestatus
SELinux status: enabled
Current mode: enforcing
Mode from config file: enforcing

Run the following command and verify that all linux lines include the parameter enforcing=1

grep "^\s*linux" /boot/grub/grub.cfg 


Edit the /etc/selinux/config file to set the SELINUX parameter:


Edit /etc/default/grub and add the following parameters to the GRUB_CMDLINE_LINUX= line:



GRUB_CMDLINE_LINUX="selinux=1 security=selinux enforcing=1 audit=1"

Run the following command to update the grub2 configuration:

# update-grub 

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

A Website.

Up ↑

%d bloggers like this: