My hosting company disabled SELinux protection. How do I turn on SELinux over remote ssh session without distributing existing networking services?
You can enable SELinux it by typing the following commands:
#genhomedircon
# touch /.autorelabel
# reboot
After reboot turn it on:
# setenforce 1
You need to modify /etc/grub.conf or /etc/selinux/config to enable SELinux after each reboot. Edit /etc/selinux/config, enter:
# vi /etc/selinux/config
Edit/add as follows:
SELINUX=enforcing SELINUXTYPE=targeted
See also:
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- My 10 UNIX Command Line Mistakes
- Linux: 20 Iptables Examples For New SysAdmins
- 25 PHP Security Best Practices For Sys Admins
- The Novice Guide To Buying A Linux Laptop
- 10 Greatest Open Source Software Of 2009
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Linux Video Editor Software
Facebook it - Tweet it - Print it -
{ 4 comments… read them below or add one }
Another way is by running system-config-securitylevel-tui.
The question in the article was:
How do I turn on SELinux over remote ssh session without distributing existing networking services?
Pay attention to the last part: “without distributing existing networking services”
Then as a solution is posted:
#genhomedircon
# touch /.autorelabel
# reboot
Yes I have read i correct. The last command is reboot….
hmm . reboot without “distributing existing networking services”
Nice article by the way…
@Michael,
Without reboot you cannot activate SELinux. However, if you do not follow these instructions many files and services such as ssh will not activate after the reboot. In that case you need to login over console and fix the issue. So once system comes online you run the ‘setenforce 1′ command to turn it on. Nevertheless, you cannot get it activated without rebooting the system. May be you need to use ksplice [ksplice.com] service based patch which allows:
I never tried it out, but this may be the solution…
HTH
ok. got it! Thanks….
(at this moment I have another weird situation: The CAPS lock function of my keyboard is reversed :-)… When the LED on the keyboard is ON the letters appear in lower case and visa versa… I Googled a bit but found not yet a simple solution yet… (distrubution=Fedora 12))
Keep up the good work.