How to install SELinux on Linux Cloud Servers

2021-02-19 By Ryan 45 Views linux selinux security
0 reviews

The Security-enhanced Linux (SELinux) is a security feature of the Linux kernel comprises of security implementation which enhances Linux system security. This kernel module also defines access controls and security policies. SELinux works in the Permissive, Enforcing and Disabled modes. The default mode of SELinux is disabled. In permissive mode, SELinux will only monitor the interaction and in enforcing mode, SELinux will also filter the interaction with monitoring.


The following is a tutorial on how to enable/install SElinux in different Linux distributions.


CentOS


  1. The below command will install SELinux components in CentOS.

    # yum install policycoreutils policycoreutils-python selinux-policy selinux-policy-targeted libselinux-utils setroubleshoot-server setools setools-console mcstrans
    

    selinux1

  2. By default SELinux status will be disabled. To check the SELinux status, run the below command.

    # sestatus
    

    selinux2

  3. To configure in enforcing/permissive mode, edit the SELinux configuration file /etc/sysconfig/selinux.

    # vi /etc/sysconfig/selinux
    


    There will be a number of variables in the configuration file, the following variables need to be modified. You can add whether enforcing or permissive.

    SELINUX=permissive
    OR
    SELINUX=enforcing
    

    selinux3


    Once the changes made, reboot the server to reflect the changes. The reboot process will see all the files in the server labelled with an SELinux context. Once rebooted, the SELinux changes will be reflecting and the implementation will be fine.


Ubuntu/Debian


  1. Apparmor is to be disabled and purged when it comes to installation of SELinux in Ubuntu Cloud servers. Run the below commands to do the same.

    # systemctl stop apparmor.service
    
    # apt purge apparmor
    

    selinux4


    Apparmor will be completely removed from Ubuntu VPS.

  2. Now the repository needs to be updated, for that, the following commands are being used. This will update the OS components thereby performing a repo level upgradation.

    # sudo apt update && sudo apt upgrade -yuf
    

    selinux5


    During the process of installation it will prompt for the rebooting the system, this can be done by choosing OK.

    selinux6

    selinux7

  3. To configure in enforcing/permissive mode after reboot, edit the SELinux configuration file in /etc/selinux/config.

    # vi /etc/selinux/config
    


    There will be a number of variables in the configuration file, the following variables need to be modified. You can add whether enforcing or permissive.

    SELINUX=permissive
    OR
    SELINUX=enforcing
    

    selinux8


    Once the changes made, reboot the server to reflect the changes. The reboot process will see all the files in the server labelled with an SELinux context. Once rebooted, the SELinux changes will be reflecting and the implementation will be fine.

What do you think about this article?

Rate this article