Follow the below directions to turn off selinux on a CentOS server. SeLinux can cause many issues and if your server is behind a properly configured firewall as well as the systems administrator only opens necessary ports that are configured properly your risks should be minimal.
- Modify selinux Configuration:Modify the selinux config file by issuing the command below and changing the SELINUX option to disabled as shown below.
- [root@server ~]#vi /etc/selinux/config
- # This file controls the state of SELinux on the system.
- # SELINUX= can take one of these three values:
- # enforcing - SELinux security policy is enforced.
- # permissive - SELinux prints warnings instead of enforcing.
- # disabled - No SELinux policy is loaded.
- # SELINUXTYPE= can take one of these two values:
- # targeted - Only targeted network daemons are protected.
- # strict - Full SELinux protection.
- # mls - Multi Level Security protection.
- # SETLOCALDEFS= Check local definition changes
- Reboot Server: Now issue a reboot command to the server for the changes to take affect.
- [root@server ~]#reboot
- Broadcast message from root (pts/1) (Wed Dec 3 06:08:17 2008):
- The system is going down for reboot NOW!
- Verify SELinux is Disabled:Use the below command to verify that selinux is disabled. You should see results similar to the below. We will check part of the boot log with the dmesg command to verify selinux is disabled.
- [root@server ~]#dmesg | grep -i selinux
- [ 0.094022] SELinux: Disabled at boot.
The file contents should look similar to the below. The primary option to worry about is SELINUX=disabled.
You should see a message similar to the below message broadcast to all shells.
Which should return results similar to the following.
SELinux or Security Enhanced Linux has been known to cause various issues for systems administrators and many sysadmins will turn it off before even beginning configuration on a server. I believe the idea behind selinux is great since someone who does not know how to turn it off should not be doing so though more experienced admins can disable it as long as they are taking every other security precaution necessary.