RH199 - ch05s03

Preface A: Introduction

Section A.1: Orientation to the Classroom Lab Environment

Chapter 1: Local and Remote Logins

Section 1.1: Accessing the Command Line Using the Local Console

Section 1.2: Quiz: Local Console Access Terms

Section 1.3: Configuring SSH Key-based Authentication

Section 1.4: Guided Exercise: Using SSH Key-based Authentication

Section 1.5: Getting Help From Red Hat

Section 1.6: Guided Exercise: Creating and Viewing an SoS Report

Chapter 2: File System Navigation

Section 2.1: The Linux File System Hierarchy

Section 2.2: Quiz: File System Hierarchy

Section 2.3: Managing Files Using Command-Line Tools

Section 2.4: Guided Exercise: Command-Line File Management

Section 2.5: Making Links Between Files

Section 2.6: Guided Exercise: Making Links Between Files

Chapter 3: Users and Groups

Section 3.1: Users and Groups

Section 3.2: Quiz: User and Group Concepts

Section 3.3: Gaining Superuser Access

Section 3.4: Guided Exercise: Running Commands as root

Section 3.5: Managing Local User Accounts

Section 3.6: Guided Exercise: Creating Users Using Command-line Tools

Section 3.7: Managing Local Group Accounts

Section 3.8: Guided Exercise: Managing Groups Using Command-line Tools

Section 3.9: Managing User Passwords

Section 3.10: Guided Exercise: Managing User Password Aging

Section 3.11: Using Identity Management Services

Section 3.12: Guided Exercise: Connecting to a Central LDAP and Kerberos Server

Section 3.13: Lab: Managing Linux Users and Groups

Chapter 4: File Permissions

Section 4.1: Managing File System Permissions from the Command Line

Section 4.2: Guided Exercise: Managing File Security from the Command Line

Section 4.3: Managing Default Permissions and File Access

Section 4.4: Guided Exercise: Controlling New File Permissions and Ownership

Section 4.5: POSIX Access Control Lists (ACLs)

Section 4.6: Quiz: Interpret ACLs

Section 4.7: Securing Files with ACLs

Section 4.8: Guided Exercise: Using ACLs to Grant and Limit Access

Chapter 5: SELinux Permissions

Section 5.1: Enabling and Monitoring Security Enhanced Linux (SELinux)

Section 5.2: Quiz: SELinux Concepts

SectionSection 5.3: Changing SELinux Modes

Section 5.4: Guided Exercise: Changing SELinux Modes

Section 5.5: Changing SELinux Contexts

Section 5.6: Guided Exercise: Changing SELinux Contexts

Section 5.7: Changing SELinux Booleans

Section 5.8: Guided Exercise: Changing SELinux Booleans

Section 5.9: Troubleshooting SELinux

Section 5.10: Guided Exercise: Troubleshooting SELinux

Section 5.11: Lab: Managing SELinux Security

Chapter 6: Process Management

Section 6.1: Killing Processes

Section 6.2: Guided Exercise: Killing Processes

Section 6.3: Monitoring Process Activity

Section 6.4: Guided Exercise: Monitoring Process Activity

Section 6.5: Using nice and renice to Influence Process Priority

Section 6.6: Guided Exercise: Discovering Process Priorities

Section 6.7: Lab: Managing Priority of Linux Processes

Chapter 7: Updating Software Packages

Section 7.1: Attaching Systems to Subscriptions for Software Updates

Section 7.2: Quiz: Red Hat Subscription Management

Section 7.3: Managing Software Updates with yum

Section 7.4: Guided Exercise: Installing and Updating Software with yum

Section 7.5: Enabling yum Software Repositories

Section 7.6: Guided Exercise: Enabling Software Repositories

Section 7.7: Lab: Installing and Updating Software Packages

Chapter 8: Creating and Mounting File Systems

Section 8.1: Mounting and Unmounting File Systems

Section 8.2: Guided Exercise: Mounting and Unmounting File Systems

Section 8.3: Adding Partitions, File Systems, and Persistent Mounts

Section 8.4: Guided Exercise: Adding Partitions, File Systems, and Persistent Mounts

Section 8.5: Managing Swap Space

Section 8.6: Guided Exercise: Adding and Enabling Swap Space

Section 8.7: Lab: Adding Disks, Partitions, and File Systems to a Linux System

Chapter 9: Service Management and Boot Troubleshooting

Section 9.1: Identifying Automatically Started System Processes

Section 9.2: Guided Exercise: Identify the Status of systemd Units

Section 9.3: Controlling System Services

Section 9.4: Guided Exercise: Using systemctl to Manage Services

Section 9.5: The Red Hat Enterprise Linux Boot Process

Section 9.6: Guided Exercise: Selecting a Boot Target

Section 9.7: Repairing Common Boot Issues

Section 9.8: Guided Exercise: Resetting a Lost root Password

Section 9.9: Repairing File System Issues at Boot

Section 9.10: Guided Exercise: Repairing Boot Problems

Section 9.11: Repairing Boot Loader Issues

Section 9.12: Guided Exercise: Repairing a Boot Loader Problem

Section 9.13: Lab: Controlling Services and Daemons

Chapter 10: Network Configuration

Section 10.1: Validating Network Configuration

Section 10.2: Guided Exercise: Examining Network Configuration

Section 10.3: Configuring Networking with nmcli

Section 10.4: Guided Exercise: Configuring Networking with nmcli

Section 10.5: Editing Network Configuration Files

Section 10.6: Guided Exercise: Editing Network Configuration Files

Section 10.7: Configuring Host Names and Name Resolution

Section 10.8: Guided Exercise: Configuring Host Names and Name Resolution

Section 10.9: Lab: Managing Red Hat Enterprise Linux Networking

Chapter 11: System Logging and NTP

Section 11.1: System Log Architecture

Section 11.2: Quiz: System Logging Components

Section 11.3: Reviewing Syslog Files

Section 11.4: Guided Exercise: Finding Log Entries

Section 11.5: Reviewing systemd Journal Entries

Section 11.6: Guided Exercise: Finding Events With journalctl

Section 11.7: Preserving the systemd Journal

Section 11.8: Guided Exercise: Configure a Persistent systemd Journal

Section 11.9: Maintaining Accurate Time

Section 11.10: Guided Exercise: Adjusting System Time

Section 11.11: Lab: Analyzing and Storing Logs

Chapter 12: Logical Volume Management

Section 12.1: Managing Logical Volumes

Section 12.2: Guided Exercise: Adding a Logical Volume

Section 12.3: Extending Logical Volumes

Section 12.4: Guided Exercise: Extending a Logical Volume

Section 12.5: Lab: Managing Logical Volume Management (LVM) Storage

Chapter 13: Scheduled Processes

Section 13.1: Scheduling System cron Jobs

Section 13.2: Guided Exercise: Scheduling System cron Jobs

Section 13.3: Managing Temporary Files

Section 13.4: Guided Exercise: Managing Temporary Files

Chapter 14: Mounting Network File Systems

Section 14.1: Mounting Network Storage with NFS

Section 14.2: Guided Exercise: Mounting and Unmounting NFS

Section 14.3: Automounting Network Storage with NFS

Section 14.4: Guided Exercise: Automounting NFS

Section 14.5: Accessing Network Storage with SMB

Section 14.6: Guided Exercise: Mounting a SMB File System

Section 14.7: Lab: Accessing Network Storage with Network File System (NFS)

Section 14.8: Lab: Accessing Network Storage with SMB

Chapter 15: Firewall Configuration

Section 15.1: Limiting Network Communication

Section 15.2: Guided Exercise: Limiting Network Communication

Section 15.3: Lab: Limiting Network Communication

Chapter 16: Virtualization and Kickstart

Section 16.1: Defining the Anaconda Kickstart System

Section 16.2: Quiz: Kickstart File Syntax and Modification

Section 16.3: Deploying a New Virtual System with Kickstart

Section 16.4: Guided Exercise: Installing a System Using Kickstart

Section 16.5: Managing a Local Virtualization Host

Section 16.6: Quiz: Managing a Local Virtualization Host

Bookmark this page

P 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

Changing SELinux Modes

setenforce changes the current SELinux mode of a system.
The default SELinux mode of a system is defined in the /etc/selinux/config file.

Objectives

After completing this section, students should be able to:

Change the current SELinux mode of a system.
Set the default SELinux mode of a system.

For troubleshooting purposes, SELinux protection can be temporarily disabled using SELinux modes. This section will look at how to change SELinux modes temporarily between enforcing and permissive mode. It will also look at how to set the default SELinux mode that is determined at boot time.

Changing the current SELinux mode

The setenforce command modifies the current SELinux mode:

[root@serverX ~]# getenforce
Enforcing
[root@serverX ~]# setenforce
usage:  setenforce [ Enforcing | Permissive | 1 | 0 ]
[root@serverX ~]# setenforce 0
[root@serverX ~]# getenforce
Permissive
[root@serverX ~]# setenforce Enforcing
[root@serverX ~]# getenforce
Enforcing

Another way to temporarily set the SELinux mode is to pass a parameter to the kernel at boot time. Passing a kernel argument of enforcing=0 causes the system to boot into permissive mode. A value of 1 would specify enforcing mode. SELinux can be disabled when the selinux=0 argument is specified. A value of 1 would enable SELinux.

Setting the default SELinux mode

The configuration file that determines what the SELinux mode is at boot time is /etc/selinux/config. Notice that it contains some useful comments:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes
#               are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

Use /etc/selinux/config to change the default SELinux mode at boot time. In the example shown, it is set to enforcing mode.

Passing the selinux= and/or the enforcing= kernel arguments overrides any of the default values specified in /etc/selinux/config.

References

getenforce(1), setenforce(1), and selinux_config(5) man pages

Revision: rh199-7-d0984a3