Skip to main content

Red Hat SELinux–How to Enable/Disable

Here is the quick how-to for enabling and disabling SELinux on a Red Hat Enterprise Linux server temporarily and permanently. 

There are 3 modes available with the SELinux-

Enforcing – SELinux policy is enforced and access is denied based on the SELinux policy rules.

Permissive – SELinux policy is not enforced.  Access is is not denied, but what would have been denied if it were enforced will be logged.

Disabled – SELinux is disabled completely.  only DAC rules are used. 

To permanently disable SELinux on the system, update ‘SELINUX=disabled’ in /etc/selinux/config file and reboot the system for the change to take effect

To change between the modes temporarily during run time, use the /usr/sbin/setenforce command with the appropriate mode

/usr/sbin/setenforce 1 will set the mode to Enforced

/usr/sbin/setenforce 0 will set the mode to Permissive

/usr/sbin/getenforce to display the current mode

Refer RHEL 6 SELinux guide for more detailed information

http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/pdf/Security-Enhanced_Linux/Red_Hat_Enterprise_Linux-6-Security-Enhanced_Linux-en-US.pdf

Labels:

Popular posts from this blog

Commands to restart RMC connection (t...

Commands to restart RMC connection (to HMC from LPAR) It has become very common with the IBM HMC to LPAR (logical/micro partition) communication to drop for unknown reasons.  Most of the time this is not a problem unless there is a need to do a dynamic logical partition operation (or DLAPR operation to add/remove resources on the fly).  This will become evident during the DLPAR operation when HMC complains about having no RMC connection to LPAR in operation.  When this happens run the following commands on the LPAR in question before reattemping the operation.  The DLPAR operation will still work with out this connection, but the LPAR needs a restart to see the change in the resources.  Restart the RMC connection on the LPAR: # /usr/sbin/rsct/install/bin/recfgct # /usr/sbin/rsct/bin/rmcctrl -p Verify the connection by running: lsrsrc IBM.ManagementServer This will show the HMC IP/hostname and the LPAR information.
Read more

Network throughput test between 2 AIX servers

The easiest way to test throughput between 2 AIX servers is to do a FTP test, generating data transfer with ‘dd’ command.  This will provide the throughput/speed for the specified amount of data transfer: #src-system> ftp dst-system … … ftp>  put "|dd if=/dev/zero bs=32k count=10000" /dev/null 200 PORT command successful. 150 Opening data connection for /dev/null. 10000+0 records in 10000+0 records out 226 Transfer complete. 327680000 bytes sent in 1.406 seconds (2.277e+05 Kbytes/s) local: |dd if=/dev/zero bs=32k count=10000 remote: /dev/null ftp>bye   This is the same test IBM recommends in the redbook and also during a support call
Read more

HP-UX tape configuration

Here are few commands to configure tape drives in HP-UX 1.  Scan for new devices: # ioscan –fnC tape 2.  List tape drives currently recognized by the OS (without performing an actual hardware scan) # ioscan –fnkC tape 3.  remove all the special files used by the tape drives # rmsf  /dev/rmt/* 4.  Recreate the specil files for the tape drives # insf –C tape –e 5.  Remove a tape drive (that has a NO_HW state) # rmsf –H 0/7/1/0.1.24.255.5.5.0 Find the WWN for the HBAs: # ioscan –fnkC fc # fcmsutil /dev/fcd0 Find the WWN for the tape drives connected to the HBA: # fcmsutil /dev/fcd0 get remote all   **These are just a handful of commands to deal with the tape drives.  Not to be used as a procedure
Read more