Turn on SELinux in Redhat or CentOS Linux Over Remote SSH Session

My hosting company disabled SELinux protection. How do I turn on SELinux over remote ssh session without distributing existing networking services?

You can enable SELinux it by typing the following commands:
#genhomedircon
# touch /.autorelabel
# reboot

After reboot turn it on:
# setenforce 1
You need to modify /etc/grub.conf or /etc/selinux/config to enable SELinux after each reboot. Edit /etc/selinux/config, enter:
# vi /etc/selinux/config
Edit/add as follows:

ADVERTISEMENTS

SELINUX=enforcing
SELINUXTYPE=targeted

See also:

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
5 comments… add one
  • od Feb 16, 2010 @ 11:51

    Another way is by running system-config-securitylevel-tui.

  • Michael Feb 18, 2010 @ 19:02

    The question in the article was:
    How do I turn on SELinux over remote ssh session without distributing existing networking services?

    Pay attention to the last part: “without distributing existing networking services”

    Then as a solution is posted:
    #genhomedircon
    # touch /.autorelabel
    # reboot

    Yes I have read i correct. The last command is reboot….
    hmm . reboot without “distributing existing networking services”

    Nice article by the way…

    • 🐧 nixCraft Feb 18, 2010 @ 20:09

      @Michael,

      Without reboot you cannot activate SELinux. However, if you do not follow these instructions many files and services such as ssh will not activate after the reboot. In that case you need to login over console and fix the issue. So once system comes online you run the ‘setenforce 1’ command to turn it on. Nevertheless, you cannot get it activated without rebooting the system. May be you need to use ksplice [ksplice.com] service based patch which allows:

      you apply 100% of the important kernel security updates released by your Linux vendor without rebooting.

      I never tried it out, but this may be the solution…

      HTH

  • Michael Feb 18, 2010 @ 20:15

    ok. got it! Thanks….

    (at this moment I have another weird situation: The CAPS lock function of my keyboard is reversed :-)… When the LED on the keyboard is ON the letters appear in lower case and visa versa… I Googled a bit but found not yet a simple solution yet… (distrubution=Fedora 12))

    Keep up the good work.

  • Dhan Aug 13, 2012 @ 16:05

    Hi Guys,

    Im using VPS with kloxo panel.
    /usr/sbin/sestatus
    SELinux status: disabled

    I tried to edit config file as well

    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    # enforcing – SELinux security policy is enforced.
    # permissive – SELinux prints warnings instead of enforcing.
    # disabled – No SELinux policy is loaded.
    SELINUX=enforcing
    # SELINUXTYPE= can take one of these two values:
    # targeted – Only targeted network daemons are protected.
    # strict – Full SELinux protection.
    # mls – Multi Level Security protection.
    SELINUXTYPE=targeted
    # SETLOCALDEFS= Check local definition changes
    SETLOCALDEFS=0

    rebooting successful but still it doesn’t work,

    setenforce 1
    setenforce: SELinux is disabled

    many Thanks

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.