Selinux is the highest level of security in a linux system. Selinux in a system has three basic modes- enforcing, permissive and disabled mode. A system in selinux enforcing mode assures high security to the system. Permissive mode also ensures security by logging all activities to the log files and providing warning messages but it is not as secure as the enforcing mode where every suspected activity is simply rejected and system is ensured complete security. Selinux facility can also be made inactive by switching it into the disabled mode thereby making the system security fragile. There is not any particular reason as to why one has to disable the selinux but there are certain applications that require the system to be in disabled mode to function at ease. This is simply because these applications are not created to work in compact with selinux.
The 'getenforce' command allows us to know the current selinux mode.
To change to a different mode we use the command 'setenforce'.
For eg: setenforce 0 (disabled mode)
setenforce 1 (enforcing mode)
No comments:
Post a Comment