Configure SELinux in Fedora Linux Command Line

Configure SELinux in Fedora Linux Command Line - orcacore.com

In this guide, we want to show you how to Configure SELinux in Fedora Linux from the Command Line. You will learn the SELinux modes and how you can change your SELinux mode in Fedora Linux. Let’s get familiar with SELinux and start to configure it in Fedora Linux.

what you read in this post?

What are the 3 modes of SELinux?

Security Enhanced Linux also known as SELinux is a part of the Linux security kernel that acts as a protective agent on servers. It has three modes that you can set your SELinux to how it can act.

  • Enforcing mode is the default mode at the installation of SELinux. It will enforce the policies on the system, deny access, and log actions.
  • Permissive mode is the most commonly used mode for troubleshooting SELinux. In this mode, SELinux enables but does not enforce security policies. Also, this means that actions will result in a warning and log for the system administrator.
  • Disabled mode means that SELinux is turned off and the security policies do not protect the server.

Now proceed to the following steps to see how you can configure your Fedora SELinux.

Steps To Configure SELinux in Fedora Linux Command Line

Now you must have access to your Fedora server as a non-root user with sudo privileges and follow the steps below to complete this guide. In this guide, to show the guide steps, we use Fedora Linux 39.

The first step is to check your SELinux status. Let’s see how you can do this.

Step 1 – Check SELinux Status in the Fedora Command Line

In Fedora, enforcing mode is enabled by default. It means that you have enabled SELinux. To check your current status, you can use the following command:

sudo sestatus

Example Output:

Check SELinux status Fedora

As you can see, we have SELinux enforcing mode.

Step 2 – Set SELinux To Permissive Mode in Fedora

As you know, in permissive mode, SELinux enables but does not enforce security policies. It means that you temporarily disable SELinux and when you reboot your server, it will return to enforcing mode. To do this, you can easily run the following command:

sudo setenforce 0

Then, verify your SELinux status again:

sudo sestatus

In your output, you should see:

Set SELinux To Permissive Mode in Fedora

Step 3 – Disable SELinux in the Fedora Command Line

If you plan to disable SELinux completely on your server, means that when you reboot it will be in Disabling mode, you will need to edit the /etc/sysconfig/selinux file. To do this, open your file with your desired text editor like vi editor or nano editor:

sudo vi /etc/sysconfig/selinux

In the file, search for the SELinux directive. It should be in enforcing mode:

Edit /etc/sysconfig/selinux file for SELinux

Now you should change the value to disabled:

Disable SELinux in Fedora Linux

When you are done, save and close the file.

Then, you must reboot your Fedora server to apply the changes.

sudo reboot

Once you log in again, check your SELinux status:

sudo sestatus

You should see:

Check SELinux status disabled mode

Step 4 – Reason To Disable SELinux or Set To Permissive Mode

Some applications don’t support SELinux. So you need to disable it or put it in a permissive mode to avoid it from terminating any key process you require to install some particular application.

Step 5 – Enable SELinux in Fedora Command Line

At this point, if you plan to re-enable your SELinux you can easily open your /etc/sysconfig/selinux file and set the SELinux directive to enforcing mode.

sudo vi /etc/sysconfig/selinux 
SELinux=enforcing

When you are done, save and close the file.

Then, reboot your server to apply the changes. Verify your SELinux status, it must be enabled.

Where is the SELinux config file?

The /etc/sysconfig/selinux file is the main configuration file for enabling or disabling SELinux. As you saw, you can easily edit the file and change your SELinux settings.

How to know if SELinux is running in Fedora?

By default, Fedora has enabled SELinux. You can easily verify it by using the sestatus command to check your running SELinux in Linux.

Conclusion

At this point, you have learned to configure SELinux in Fedora Linux from the command line terminal. As you saw, you can easily change your SELinux mode settings and append your desired mode in SELinux. Hope you enjoy it.

Also, you may like to read:

Install Google Chrome in Fedora Linux 39 Using Terminal

Create RAM Disk on Linux Command Line Terminal

Squid Proxy Server Setup on Debian 12 Bookworm

Tags

Newsletter Updates

Enter your email address below and subscribe to our newsletter

Related Posts

Stay informed and not overwhelmed, subscribe now!