18.SElinux Installation and Configuration

Lab Information

Following a security audit, the xFusionCorp Industries security team has opted to enhance application and server security with SELinux. To initiate testing, the following requirements have been established for App server 1 in the Stratos Datacenter:

Install the required SELinux packages.

Permanently disable SELinux for the time being; it will be re-enabled after necessary configuration changes.

No need to reboot the server, as a scheduled maintenance reboot is already planned for tonight.

Disregard the current status of SELinux via the command line; the final status after the reboot should be disabled.

Lab Solutions

🧭 Part 1: Lab Step-by-Step Guidelines

🔹 Step 1: Log in to Jump Host

ssh thor@jump_host.stratos.xfusioncorp.com

Password:

mjolnir123

🔹 Step 2: SSH into App Server 1

ssh tony@stapp01.stratos.xfusioncorp.com

Password:

Ir0nM@n

🔹 Step 3: Switch to root

sudo -i

🔐 Install Required SELinux Packages

On RHEL/CentOS-based systems, install:

yum install -y selinux-policy selinux-policy-targeted policycoreutils

🔧 Permanently Disable SELinux

🔹 Step 4: Edit SELinux config file

Open:

vi /etc/selinux/config

Find:

SELINUX=enforcing

Change it to:

SELINUX=disabled

Save and exit.

🔹 Step 5: Verify configuration file

grep ^SELINUX= /etc/selinux/config

Expected output:

SELINUX=disabled

⚠ Important

Do NOT reboot.

Lab explicitly states:

No reboot required

Ignore current runtime status

Only final state after reboot must be disabled

✅ Final Checklist

✔ SELinux packages installed
✔ /etc/selinux/config modified
✔ SELINUX=disabled set
✔ No reboot performed
✔ Completed on App Server 1 only

🧠 Part 2: Simple Step-by-Step Explanation (Beginner Friendly)

🔹 What is SELinux?

SELinux (Security-Enhanced Linux) adds:

Mandatory Access Control (MAC)

Fine-grained permission enforcement

Additional security layer beyond standard Unix permissions

🔹 Why install packages first?

Some systems may not have full SELinux utilities installed.

Installing ensures:

Configuration files exist

Required policies are present

Future re-enablement works correctly

🔹 What does SELINUX=disabled do?

This tells the system:

After next reboot, do not load SELinux.

Current runtime state does not matter.

Only config file matters for the lab.

🔹 Why no reboot?

Because:

Maintenance reboot is scheduled later

Lab checker reads configuration file, not runtime state

🔐 Real-World Context

In production:

SELinux is usually set to enforcing

During migrations/testing, it may be temporarily disabled

Permanent disable requires reboot to take effect

---

Resources & Next Steps

📦 Full Code Repository: KodeKloud Learning Labs

📖 More Deep Dives: Whispering Cloud Insights - Read other technical articles

💬 Join Discussion: DEV Community - Share your thoughts and questions

💼 Let's Connect: LinkedIn - I'd love to connect with you

---

Credits

• All labs are from: KodeKloud

• I sincerely appreciate your provision of these valuable resources.

---