Security Enhanced Linux (SELinux)

Introduction

SELinux stands for?Security?Enhanced?Linux, which is an additional layer of system security. The primary goal of SELinux is to protect user data from system services that have been compromised.

For example, If you use SSH for remote login, then you can access the whole system and resources with the standard user/group/other permission security model which known as discretionary access control. SELinux provides an additional layer of security that is object-based, known as mandatory access control. So if you login, you only have a specific domain to access with sophisticated rules.

SELinux is a set of security rules that determine which process can access which files, directories, and ports. Every file, process, directory, and port has a special security label called an SELinux context. A context is a name used by the SELinux policy to determine whether a process can access a file, directory, or port. By default, the policy does not allow any interaction unless an explicit rule grants access. If there is no allow rule, no access is allowed.

How to enable SELinux?

SELinux has three modes:

1. Disabled: it's the offline mode, and we refer to it as 0.
2. Permissive: it's working in the background and giving only alerts and logs without interfering.
3. Enabled: When it's active, and we refer to this mode as 1 or “Enforcing”.

To know the current SELinux mode:

[user@host ~]# getenforce

To set different mode, enter "setenforce 0" to disable it and "setenforce 1" or "setenforce Enforcing" to enable:

[user@host ~]# setenforce 1

then reboot.