Lab 019: SELinux installation
Lab 019: SELinux installation
Requirements
The xFusionCorp Industries security team recently did a security audit of their infrastructure and came up with ideas to improve the application and server security. They decided to use SElinux for an additional security layer. They are still planning how they will implement it; however, they have decided to start testing with app servers, so based on the recommendations they have the following requirements:
Install the required packages of SElinux on App server 2 in Stratos Datacenter and disable it permanently for now; it will be enabled after making some required configuration changes on this host. Don't worry about rebooting the server as there is already a reboot scheduled for tonight's maintenance window. Also ignore the status of SElinux command line right now; the final status after reboot should be disabled.
This lab focuses on SELinux Installation configuration and management.
Prerequisites
- SSH access to the target server with root or sudo privileges.
- Required utilities and packages available.
Steps
Login to the App server 2 and switch to root. For the server credentials, check out the Project Nautilus documentation.
sshpass -p '******' ssh -o StrictHostKeyChecking=no steve@172.16.238.11
sudo su -
******
[root@stapp02 ~]# yum -y install selinux*
Edit the config file and change enforcing to disabled.
[root@stapp02 ~]# vi /etc/selinux/config
..........
SELINUX=disabled
..........
[root@stapp02 ~]# getenforce
Disabled
Verification
- Confirm changes applied successfully.
- Verify configuration with appropriate show/list commands.
- Test functionality if applicable.