Centos - SELINUX=DISABLEd

General support questions
Eamonn_Feehan
Posts: 4
Joined: 2018/01/02 16:13:59

Centos - SELINUX=DISABLEd

Postby Eamonn_Feehan » 2018/01/02 21:55:02

Hi

I will start off with " I am new to Linux (Centos)" version I am running is 6.5

Anyway I am currently completing a course in Hadoop and of course I have the challenge of teaching my self Centos @ the same time :)



As part of my installation of Java & Hadoop I have been advised to set SELINUX=disabled with in the /etc/selinux/config

previously I had done this and then I could not restart the server it threw up an error after I had set SELINUX=disable. I tried fixing this and after about 40 mins I restored my VM from a previous state.

my question is as follows.
If I have been recommended to set SELINUX=disable and I proceed on with the installs - what happens if I reboot the server as at no point in time in the documents I have from tutor does it tell me to restate SELINUX to "targeted"

Any help would be much appreciated


Eamonn

Chirpychirps77
Posts: 12
Joined: 2018/01/12 01:36:06

Re: Centos - SELINUX=DISABLEd

Postby Chirpychirps77 » 2018/01/13 01:43:36

Hi,

I've never set the system policy from there, leave that config file alone. Go to /etc/sysconfig/ and edit file selinux there.

Can also set a kernel parameter selinux=0.

Let me know if that helps.

Chirpychirps77
Posts: 12
Joined: 2018/01/12 01:36:06

Re: Centos - SELINUX=DISABLEd

Postby Chirpychirps77 » 2018/01/13 01:52:12

Also, make sure it reads like your title, "disabled", not like body of message "disable" (singular).

To remove context from filesystem if not using SELinux:
cd /
find . -print0 |xargs -0 -n 1 setfattr -h -x security.selinux

owl102
Posts: 286
Joined: 2014/06/10 19:13:41

Re: Centos - SELINUX=DISABLEd

Postby owl102 » 2018/01/13 08:54:24


User avatar
TrevorH
Forum Moderator
Posts: 21481
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Centos - SELINUX=DISABLEd

Postby TrevorH » 2018/01/13 10:40:58

I will start off with " I am new to Linux (Centos)" version I am running is 6.5


Please run yum update ASAP. CentOS 6.5 is old, unpatched and extremely insecure. Update to 6.9 as soon as possible.

It's also not necessary to disable it, if you MUST run without it, then set it to permissive. That has the advantage that it will do all the checks required and log the problems so that they can be solved but then it will allow the access anyway. It also maintains all the file labels and contexts and you can flip it back to enforcing mode with a single command - setenforce 0 - without needing a reboot.
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

Chirpychirps77
Posts: 12
Joined: 2018/01/12 01:36:06

Re: Centos - SELINUX=DISABLEd

Postby Chirpychirps77 » 2018/01/13 13:48:32

Last two posts are absolutely correct. Selinux should be running when possible. My answer was based on what I assumed were course specific setup - which would be intended to allow complete focus on learning the hadoop configuration, after which your rulesets for Selinux would be implemented in a production system.
There are few instances where Selinux cannot be deployed (usually conflicts with certain IPS deployments). I will keep in mind best practice when posting. Good luck in your learning endeavors!