Introduction
In this challenge, you will practice managing the runtime state of SELinux on a Red Hat Enterprise Linux (RHEL) system. SELinux is a critical security mechanism that provides Mandatory Access Control (MAC). Understanding how to switch between its primary modes, Enforcing and Permissive, is a fundamental skill for any RHEL system administrator.
Set SELinux to Enforcing Mode
Your first task is to switch SELinux from its current mode to Enforcing mode. In this mode, SELinux actively blocks any actions that violate the security policy.
Tasks
- Change the SELinux runtime mode to
Enforcing. - Verify that the current mode is
Enforcing.
Requirements
- The default user account for this challenge is
labexwith the passwordlabex. - All commands must be run from the
/home/labexdirectory. - Use the
setenforcecommand to change the SELinux mode. - Use the
getenforcecommand to check the current mode.
Example
After successfully changing the mode, the output of getenforce should be:
Enforcing
Set SELinux to Permissive Mode
Now, you will switch SELinux back to Permissive mode. In this mode, SELinux logs policy violations but does not block them, which is useful for troubleshooting security policies.
Tasks
- Change the SELinux runtime mode to
Permissive. - Verify that the current mode is
Permissive.
Requirements
- The default user account for this challenge is
labexwith the passwordlabex. - All commands must be run from the
/home/labexdirectory. - Use the
setenforcecommand to change the SELinux mode.
Example
After setting SELinux to permissive mode, the output of the getenforce command should be:
Permissive
Summary
In this challenge, you learned how to manage the runtime mode of SELinux. You used the getenforce command to check the current mode and the setenforce command to switch between Enforcing and Permissive modes. It is important to remember that these changes are temporary and will be reset upon a system reboot. For permanent changes that persist across reboots, you would need to edit the /etc/selinux/config file.
