A hacked process can gain access to secret files which are not needed for its original purpose and might be misused. On disabling SELinux, each process will have access to files as in a normal Linux System. Be sure that you are doing this neither because of convenience nor speculated content in articles but a valid reason. Note that disabling SELinux in a server brings back a lot of threats to the system. Read more about labeling in here and here. So when a process with a label a:a:a needs to access the file (with label b:b:b) both should match (except for MLS configuration in which hierarchy will be followed as per the policy). Under the policy, each file or process is assigned a label. SELinux enforces the access policy that will be followed by the kernel whenever a process needs to access file or object. Its security rigidness can be understood by the fact that with SELinux, root owned process even if hacked can’t access the files that are not given access. This usage will not be useful for all individual users but essential for server systems. One can install SELinux in any existing Linux system. It is a labeling mechanism to provide high security to files and other objects in the system from unauthorized processes and also authorized processes that do not have or need such access to avoid misuse. SELinux stands for Security Enhanced Linux. Read this article for more detailed information on what is SELinux, how to disable SELinux and why it’s not always a good idea to disable SELinux. Restart the system or use setenforce 0 to invoke change immediately.Change the line from SELINUX=enforcing to SELINUX=disabled.Open the config file /etc/selinux/config or its symbolic link /etc/sysconfig/selinux.If you already know about SELinux and you are completely aware of the risks you would encounter on disabling it, here’s how to do it.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |