Q. How do I disable SELinux protection for only Apache web server in Linux? I'm using CentOS Linux server.
A. You can disable Apache SELinux protection easily. Please keep in mind that by disabling SELinux for apache you are inviting more security related problems.
Disable Apache SELinux Protection
Open /etc/selinux/targeted/booleans file using a text editor:
# vi /etc/selinux/targeted/booleans
Append or modify value for httpd_disable_trans as follows:
httpd_disable_trans=1
Save and close the file. Type the following two commands:
# setsebool httpd_disable_trans 1
# /etc/init.d/httpd restart
GUI tool to disable SELinux for Apache
Open a shell prompt
Type the command system-config-securitylevel
system-config-securitylevel &
Next select SELinux tab > click on Disable SELinux protection for httpd daemon checkbox > Save the changes
Finally restart httpd service:
# /etc/init.d/httpd restart
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
{ 5 comments… read them below or add one }
setsebool httpd_disable_trans 1
Could not change active booleans: Invalid boolean
Did you edit the file and put the whole string in? I have done the above and it works fine if the file just contains 1.
Sure, disabling core security features. What could possibly go wrong? Great advice there.
It *is* great advice, when you’re doing an engineering environment intranet server that already runs with mostly wide-open permissions, and 30-40 TB of NetApp disk that doesn’t support chcon(). :-)
Even if the filers did have the appropriate extended attribute support, it would be a waste of time maintaining it for that application.
Jay
JayBat : In this case, don’t ever bother activating SELinux.
put
“SELINUX=disabled”
into /etc/selinux/config