How to Disable or Turn Off SELinux on CentOS 7

Introduction

Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies. It is enabled by default on CentOS 7, and it can be used to restrict access to certain files and directories, as well as to limit the capabilities of certain applications. In some cases, it may be necessary to disable or turn off SELinux in order to allow certain applications to run properly. This tutorial will explain how to disable or turn off SELinux on CentOS 7.

How to Disable or Turn Off SELinux on CentOS 7

1. Open the /etc/selinux/config file:

sudo vi /etc/selinux/config

2. Change the SELINUX value from enforcing to disabled:

SELINUX=disabled

3. Save and close the file.

4. Reboot the system for the changes to take effect:

sudo reboot

Introduction

SELinux is a mandatory access control (MAC) enforcer built into the Linux kernel. It limits the privileges of individual services whose vulnerabilities might be a threat to the system.

CentOS systems without SELinux rely on the configuration of all its privileged software applications. A single misconfiguration may compromise the entire system. By following this guide, you will learn how to disable SELinux on CentOS 7.

Why Disable SELinux?

Not all applications support SELinux. Therefore, SELinux can terminate necessary processes during the regular use and installation of software packages. In those cases, we advise you to turn off this service.

how to disable selinux on centos7

Prerequisites

  • Access to a user account with sudo privileges
  • Access to a terminal/command line
  • An RHEL-based system, such as CentOS 7
  • A text editor, such as nano or vim

Steps for Disabling SELinux on CentOS

Step 1: Check SELinux Status

The SELinux service is enabled by default on CentOS and most other RHEL-based systems. However, this might not be the case for your system.

Start by checking the status of SELinux on your system with the command:

sestatus 

The example output below indicates that SELinux is enabled. The status shows the service is in the enforcing mode.

output example of the status of SELinux

SELinux may prevent the normal functioning of applications. The service denies access if:

  • A file is mislabeled.
  • An incompatible application attempts to access a forbidden file.
  • A service is running under the incorrect security policy.
  • An intrusion is detected.

If you notice that services are not running correctly, check SELinux log files. The logs are in /var/log/audit/audit.log. Most common log messages are labeled with “AVC.” If you can’t find any logs, try looking in /var/log/messages. The system writes logs in that file if the auditd daemon is not running.

Step 2: Disable SELinux

Option 1: Disable SELinux Temporarily

To disable SELinux temporarily, type in the following command in the terminal:

sudo setenforce 0

In sudo setenforce 0, you can use permissive instead of 0.

This command changes SELinux mode from targeted to permissive.

changing from targeted to permissive mode

In permissive mode, the service is active and audits all actions. However, it does not enforce any security policies. The system logs AVC messages.

The change is only active until the next reboot. To turn off SELinux permanently, refer to the next section of the article.

Option 2: Disable SELinux Permanently

To disable the service permanently, use a text editor (e.g., vim or nano) and edit the /etc/sysconfig/selinux file as instructed below.

1. Open the /etc/sysconfig/selinux file. We will be using vim. If you are unfamiliar with text editors, refer to our instructional guide on how to save and exit a file vim.

Enter the following command to open the file:

sudo vi /etc/sysconfig/selinux

2. Change the SELINUX=enforcing directive to SELINUX=disabled.

Editing the SELINUX directive to disable

3. Save the edited file.

Reboot CentOS to Save Changes

For the change to take effect, you need to reboot the system with the command:

sudo shutdown -r now

After you reboot, check the service status to confirm SELinux is disabled. Use the command:

sestatus
Editing the SELINUX directive to disable

The status should be disabled, as seen in the image above. The system will not load any SELinux policies or write any AVC logs.

Conclusion

By following this article, you should be able to check SELinux status and disable the service on CentOS 7. Be cautious when permanently disabling SELinux. In general, the advised option is to switch to permissive mode.

To read more about SELinux, please refer to the official CentOS Wiki.

Jaspreet Singh Ghuman

Jaspreet Singh Ghuman

Jassweb.com/

Passionate Professional Blogger, Freelancer, WordPress Enthusiast, Digital Marketer, Web Developer, Server Operator, Networking Expert. Empowering online presence with diverse skills.

jassweb logo

Jassweb always keeps its services up-to-date with the latest trends in the market, providing its customers all over the world with high-end and easily extensible internet, intranet, and extranet products.

Contact
San Vito Al Tagliamento 33078
Pordenone Italy
Item added to cart.
0 items - 0.00
Open chat
Scan the code
Hello 👋
Can we help you?