Configuring SELinux

In this lab we will edit SELinux settings, using booleans to allow communications between services. Then we will place SELinux into *enforcing* mode and ensure that setting is persistent.

*This course is not approved or sponsored by Red Hat.*

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Permit `httpd` to Communicate with Zabbix

Find the necessary boolean to permit httpd to communicate with Zabbix.
```
[root@host]# getsebool -a | grep zabbix
```
- We’ll see the boolean is off

Set the boolean to "on"

[root@host]# setsebool -P httpd_can_connect_zabbix on

Verify that change took effect
```
[root@host]# getsebool -a | grep zabbix
```
- Now we’ll see that the boolean is on.

Put SELinux into *enforcing* Mode and Ensure That the Setting Is Persistent

Check the SELinux state
```
[root@host]# getenforce
```
This will show that it is in permissive mode, so we need to change it to enforcing mode.
Put SELinux into enforcing mode
```
[root@host]# setenforce 1
```
Check to make sure SELinux is now in enforcing mode
```
[root@host]# getenforce
```
We can see our change worked and SELinux is now in enforcing mode.
Ensure SELinux boots into enforcing mode
Edit the SELinux configuration file:
```
[root@host]# vi /etc/selinux/config
```
Type i to enter Insert mode, arrow down to the SELINUX line, and set it to enforcing:
```
SELINUX=enforcing
```
Type Esc, then :wq to exit. When the server boots again, SELinux will remain in enforcing mode.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Configuring SELinux

About this Hands-on Lab

Learning Objectives

Additional Resources

What are Hands-on Labs

Newsletter