How Do I Disable the SELinux Firewall?

Security-Enhanced Linux (SELinux) is a kernel module and security subsystem of Linux.

SELinux minimizes the resources that can be accessed by service processes in the system (the principle of least privilege).

Closure Description

  • After the SELinux is disabled, services are not affected.

  • SELinux can be disabled temporarily or permanently as required.

Scenario

To use the two-factor authentication function of HSS, you need to permanently disable the SELinux firewall.

Procedure

  1. Remotely log in to the destination server.

    You can log in to the ECS management console and click Remote Login in the ECS list.

    If your server has an EIP bound, you can also use a remote management tool, such as PuTTY or Xshell, to log in to the server and install the agent on the server as user root.

  2. Run the shutdown command in the command window.

    • Temporarily disable SELinux

      Run the following command in the CLI to temporarily disable SELinux:

      setenforce 0
      

      Note

      After the system is restarted, the SELinux will be enabled again.

    • Permanently disable SELinux

      1. Run the following command in the directory window to edit the config file of SELinux:

        vi /etc/selinux/config
        
      2. Locate SELINUX=enforcing, press i to enter the editing mode, and change the parameter to SELINUX=disabled.

        **Figure 1** Editing the SELinux status

        Figure 1 Editing the SELinux status

      3. After the modification, press Esc and run the following command to save the file and exit:

        :wq
        
  3. Run the permanent shutdown command, save the settings, and exit. Run the following command to restart the server immediately:

    shutdown -r now
    

    Note

    The permanent shutdown command takes effect only after the server is restarted.

  4. After the restart, run the following command to verify that SELinux is disabled:

    getenforce