---
title: "SELinux"
date: 2018-011-11T16:01:15+01:00
draft: true
---

# SELinux

Security Enhanced Linux is a build in security feature that mostly known to block what you as a sysadmin are trying to do.  
Therefore, most online how-to's include a line saying something like:  
_"Perform `sed -i s/enforcing/permisive/ /etc/selinux/config` to set the correct SELinux permissions"_  
It doesn't, let us introduce how it should be done.

### SELinux states
SELinux knows 3 states:  

State 					| Explanation
		---				| 			---
Enforcing (default)	| Logs and block all actions not allowed by current contexts
Permissive  			| Only logs all actions not allowed by current contexts
Disabled				| Does nothing (disabled), requires a reboot to (un)set


### SELinux commands
Command 				| Explanation
		---				| 			---
`getenforce`			| Get current SELinux mode
`setenforce`			| Set new SELinux mode (0 for off, 1 for on).  _(Will be overwritten by reboot)_
`sestatus`			| Get current status, default config and more basic info
`chcon`				| Change the SELinux context for a file
`restorecon`			| Reset the SELinux context for a file to match context database
`semanage`			| Extansion in Python to manage the SELinux contexts