Skip to main content

Installation Perquisite for EFA/Cpanel/CWP7/VestaCP: Part 1 Disable SeLinux

SELinux is an acronym for Security-enhanced Linux. It is a security feature of the Linux kernel. It is designed to protect the server against misconfigurations and/or compromised daemons.

In the Linux kernel, SELinux relies on mandatory access controls (MAC) that restrict users to rules and policies set by the system administrator. MAC is a higher level of access control than the standard discretionary access control (DAC), and prevents security breaches in the system by only processing necessary files that the administrator pre-approves.

SELinux was initially released as a collaborative between Red Hat and the National Security Agency. SELinux receives periodic updates and additions as new Linux distributions are released.

SELinux modes
There are three modes of SELinux: Enforcing, Permissive and Disabled.
Enforcing mode is the default mode at installation of SELinux. It will enforce the policies on the system, deny access and log actions.

Permissive mode is the most commonly used mode for troubleshooting SELinux. In this mode, SELinux enables but does not enforce security policies. Also, this means that actions will result in a warning and log for the system administrator.

Disabled mode means that SELinux is turned off and the security policies do not protect the server.

To run Cpanel/CWP/VestaCP on your server, SELinux must remain disabled. SELinux in enforcing mode does not allow Cpanel/CWP/VestaCP to function properly. For more information about SELinux modes, read the SELinux Mode documentation.

While Cpanel/CWP/VestaCP can function with SELinux in permissive mode, we recommend that you do not use it. Permissive mode generates a large number of log entries. To check the status of SELinux on your server, run the sestatus command.

My Server Details:
CPU Model: Intel(R) Xeon(R) CPU X3440 @ 2.53GHz
CPU Details: 2 Core (2527 MHz)
Distro Name: CentOS Linux release 7.6.1810 (Core)
Kernel Version: 3.10.0-957.1.3.el7.x86_64
CentOS-Web Panel version: CWP7.admin
CWP version: 0.9.8.757
RAM: 8 GB
Type: VPS (VmWare)

At first we will disable the selinux then reboot the machine .
# sestatus
# vi /etc/selinux/config 

OR 

# vi /etc/sysconfig/selinux 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

:x  (save & quit) 
Reboot your server
# reboot 
# sestatus
selinux status

If you are planning to use Email Filter appliance, Don't disable SELINUX. It's suggested to use SELINUX in enforcing mode.

Comments