RHEL BasedRocky Linux

How To Install SELinux on Rocky Linux 9

Install SELinux on Rocky Linux 9

In this tutorial, we will show you how to install SELinux on Rocky Linux 9. Are you worried about the security of your system resources? Do you want to add an extra layer of protection to your system? Look no further than SELinux! SELinux is a robust security feature that provides a mandatory access control mechanism, allowing you to have greater control over who can access your system resources. In this tutorial, we’ll show you how to easily install and configure SELinux on your Rocky Linux 9 system, giving you the peace of mind you need to keep your system secure. Let’s dive in!

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the SELinux on Rocky Linux. 9.

Prerequisites

  • A server running one of the following operating systems: Rocky Linux 9.
  • It’s recommended that you use a fresh OS install to prevent any potential issues.
  • SSH access to the server (or just open Terminal if you’re on a desktop).
  • An active internet connection. You’ll need an internet connection to download the necessary packages and dependencies for SELinux.
  • A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install SELinux on Rocky Linux 9

Step 1. First, update the system packages by running the following command:

sudo dnf update

Step 2. Installing the SELinux on Rocky Linux 9.

SELinux is installed by default on Rocky Linux 9, but it may not be enabled. You can check the status of SELinux by running the following command in the terminal:

sestatus

If SELinux is disabled, you can enable it by installing the necessary packages and configuring the system. To install SELinux, run the following command:

sudo dnf install selinux-policy-targeted selinux-policy-devel

After the installation is complete, reboot your system to apply the changes:

reboot

Step 3. Configuring SELinux.

SELinux is configured using policy files, which define the security policies enforced by the system. By default, SELinux is set to enforcing mode, which means that it enforces the policies defined in the policy file.

To check the current SELinux mode, run the following command:

sestatus

Output:

SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 34

To change the SELinux mode, edit the /etc/selinux/config file and change the SELinux value to either enforcing, permissive, or disabled:

sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config

Then, reboot your system to apply the changes:

reboot

Step 4. SELinux Troubleshooting.

If you encounter issues with SELinux, you can troubleshoot them by examining the audit logs. The logs are located in the /var/log/audit/audit.log file.

To view the logs in real-time, run the following command:

tail -f /var/log/audit/audit.log

You can also install the setroubleshoot package, which provides a GUI tool for troubleshooting SELinux issues:

sudo dnf install setroubleshoot

Congratulations! You have successfully installed SELinux. Thanks for using this tutorial for installing SELinux on your Rocky Linux 9 system. For additional help or useful information, we recommend you check the official SELinux website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Back to top button