Install SELinux on Rocky Linux 9

Everything Linux, A.I, IT News, DataOps, Open Source and more delivered right to you.
Subscribe
"The best Linux newsletter on the web"

Hello, friends. There are many questions about SELinux in Rocky Linux 9, but today we will talk a little about this tool and clarify some basic points to move forward with it.

Security-Enhanced Linux (SELinux) is a security architecture for Linux systems that gives administrators more control over who can access the system. Thus, SELinux helps Linux become a more secure system without losing configurability.

In short, SELinux defines access controls for applications, processes, and files within a system. This means that it uses security policies, which consist of a set of rules, to tell SELinux which elements can be accessed.

So, it is the task of a sysadmin to know his system and the applications and services it serves, to define the rules on which these accesses are provided. Probably, at the beginning, it is something annoying or uncomfortable, but later it becomes usual and necessary.

Install SELinux on Rocky Linux 9

RHEL-based distributions include SELinux by default in their installations, so you don’t have to install anything. However, what can happen is that SELinux is disabled by default.

To find out if this is the case, open a terminal and run

sestatus

You will get an output screen similar to this one

SElinux status on Rocky Linux 9
SElinux status on Rocky Linux 9

There you can quickly check if SELinux is enabled.

SELinux has 3 working modes that you can play with according to the circumstances.

  • Enforcing: Deny access according to the policy rules. This is the mode you should be in.
  • Permissive: Allow unauthorized access, but show alerts about them,
  • Disabled: Disables Selinux completely.

In addition to this, SELinux incorporates two policies on how to apply the rules:

  • Targeted: is the default policy and affects services that SELinux handles, such as protocols and base applications.
  • (MLS/MCS): Enables multi-level or multicategory security.

If you want to change mode temporarily, then you can run with root permissions.

To enter permissive mode:

setenforce 0

Or for Enforcing mode

setenforce 1

But if you would like to disable it or make the changes permanent, then you can edit the file /etc/selinux/config.

vi /etc/selinux/config

And search for SELinux and give it the value you want. In that same file, you will know the options to set. To disable it:

SELINUX = Disabled
Configuring SELinux on Rocky Linux 9
Configuring SELinux on Rocky Linux 9

Save the changes and restart the system.

This way, you already have a general idea of how SELinux works, now it remains to know the rules.

Conclusion

SELinux is important on many RHEL-based systems, so it is good to have a general idea of how it works and how it behaves.

Everything Linux, A.I, IT News, DataOps, Open Source and more delivered right to you.
Subscribe
"The best Linux newsletter on the web"
Angelo
Angelo
I am Angelo. A systems engineer passionate about Linux and all open-source software. Although here I'm just another member of the family.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest articles

Join us on Facebook