Table of Contents
SELinux (Security-Enhanced Linux) is a security feature included in many Linux distributions, including CentOS, to provide mandatory access controls. If SELinux is disabled or you want to reinstall it on CentOS, you can follow these steps:
1. Check SELinux Status:
Before making changes, check the current status of SELinux:
sestatus
This command will display whether SELinux is enabled, disabled, or in permissive mode.
2. Enable SELinux (if Disabled):
If SELinux is currently disabled, you can enable it by editing the /etc/selinux/config
file:
sudo nano /etc/selinux/config
Change the SELINUX
parameter to enforcing
:
SELINUX=enforcing
Save and close the file.
3. Reinstall SELinux (if Needed):
If SELinux is installed but you want to reinstall it, you can use the following commands:
sudo yum reinstall selinux-policy selinux-policy-targeted
This will reinstall the SELinux policy and targeted policy packages.
4. Reboot the System:
To apply the changes, reboot your system:
sudo reboot
5. Verify SELinux Status:
After the system reboots, check the SELinux status again:
sestatus
Make sure that SELinux is in enforcing mode.
6. Adjust SELinux Policies (Optional):
If you need to adjust SELinux policies for specific applications, you can use the semanage
and setsebool
commands. For example:
# Allow Apache to connect to the network sudo setsebool -P httpd_can_network_connect 1 # Allow Nginx to connect to the network sudo setsebool -P httpd_can_network_connect 1
7. Troubleshooting:
If you encounter issues with SELinux blocking certain operations, check the audit log for more details:
sudo ausearch -m avc
This command will display AVC (Access Vector Cache) denials from the audit log.
8. Restore Conventional File Labels (if Needed):
In some cases, you may need to restore conventional file labels if they have been modified. Run the following commands:
sudo restorecon -Rv / sudo touch /.autorelabel sudo reboot
This will restore SELinux file labels.
Remember that enabling or reinstalling SELinux may impact the behavior of applications and services. It’s essential to test and validate the configuration in a safe environment before applying changes to a production system.