How To Install SELinux on Ubuntu 22.04 LTS
In this tutorial, we will show you how to install SELinux on Ubuntu 22.04 LTS. Are you looking to harden your Ubuntu system’s security with advanced access controls? Security-Enhanced Linux (SELinux) provides an extra layer of protection to keep your data and applications safe. In this step-by-step guide, learn how to easily install and configure SELinux on Ubuntu to lock down your Linux server.
While Ubuntu comes with its own Mandatory Access Control system called AppArmor, you can opt to use the more comprehensive SELinux instead for greater control and security. Originally developed by the NSA, SELinux enforces strict access control policies to limit the damage potential if a service or application is compromised. By installing SELinux on your Ubuntu system, you can:
- Confine applications and processes with granular permissions.
- Prevent privilege escalation attacks and unauthorized data access.
- Enforce least-privilege access for users and services.
- Protect against zero-day exploits by limiting what compromised applications can access.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation and configuration of the SELinux on Ubuntu 22.04 (Jammy Jellyfish). You can follow the same instructions for Ubuntu 22.04 and any other Debian-based distribution like Linux Mint, Elementary OS, Pop!_OS, and more as well.
Prerequisites
- A server running one of the following operating systems: Ubuntu 22.04, 20.04, and any other Debian-based distribution like Linux Mint.
- It’s recommended that you use a fresh OS install to prevent any potential issues.
- SSH access to the server (or just open Terminal if you’re on a desktop).
- An active internet connection.
- A
non-root sudo useror access to theroot user. We recommend acting as anon-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.
Install SELinux on Ubuntu 22.04 LTS Jammy Jellyfish
Step 1. First, Before we dive into the installation process, update your system, run the following command:
sudo apt update sudo apt upgrade sudo apt install wget apt-transport-https gnupg2 software-properties-common
Step 2. Check AppArmor.
Your Ubuntu 22.04 installation probably runs AppArmor by default. To verify its status run the following command:
sudo systemctl status apparmor
If it is running, you will see output like this:
apparmor.service - Load AppArmor profiles
Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor pres>
Active: active (exited) since Sat 2024-05-16 08:18:66 EDT; 1h 46min ago
Docs: man:apparmor(7)
https://gitlab.com/apparmor/apparmor/wikis/home/
Process: 679 ExecStart=/lib/apparmor/apparmor.systemd reload (code=exited, >
Main PID: 679 (code=exited, status=0/SUCCESS)
May 10 08:16:12 imaginelinux systemd[1]: Starting Load AppArmor profiles...
May 10 08:16:12 imaginelinux apparmor.systemd[679]: Restarting AppArmor
May 10 08:16:12 imaginelinux apparmor.systemd[679]: Reloading AppArmor profiles
May 10 08:16:12 imaginelinux apparmor.systemd[707]: Skipping profile in /etc/apparmo>
May 10 08:16:12 imaginelinux systemd[1]: Finished Load AppArmor profiles.
In the more common case, where AppArmor is running, stop it:
sudo systemctl stop apparmor sudo systemctl disable apparmor
Step 3. Installing SELinux on Ubuntu 22.04.
The first step in enabling SELinux on Ubuntu 22.04 is to install the necessary SELinux packages. These packages provide the core utilities, libraries, and policy files required for SELinux to function properly.
To install the SELinux packages, execute the following commands:
sudo apt install policycoreutils selinux-basics selinux-utils
Here’s a brief overview of each package:
- policycoreutils: Provides the core SELinux utilities and policy management tools.
- selinux-utils: Includes additional SELinux utilities for managing and analyzing SELinux policies.
- selinux-basics: Contains the basic SELinux policy files and configurations.
Once it’s finished, you can then activate it:
sudo selinux-activate
Output:
SELinux is activated. You may need to reboot now.
Do not reboot immediately! First, review the current state of your new SELinux host:
getenforce
This shows the one-word response:
Disabled
This means that your SELinux is ready to work. It’s “active” but not yet turned on.
Step 4. Enabling SELinux Modes on Ubuntu 22.04.
There are three different modes that you can use with SELinux. The first is disabled, which does the same as its name. It disables using the SELinux service. When SELinux is activated, you can set it to permissive or Enforcing modes. In the permissive mode, only the monitoring of the interaction is done. However, if you want to filter and monitor the interaction, use the enforcing mode.
By default, SELinux on Ubuntu runs in permissive mode. To enable SELinux, Open the /etc/selinux/config file and set SELINUX=enforcing.
Step 5. Disable SELinux on Ubuntu 22.04.
Disabling SELinux is easier as it’s enabled and installed. Basically, there are two ways of disabling it. Either temporarily or permanently. Disabling SELinux temporarily makes it disable for a while until the next boot, and as soon as the computer is turned on again the state is restarted.
The best way to disable it is to change its status to permissive:
nano /etc/selinux/config
Follow the configuration:
FROM: SELINUX=enforcing TO: SELINUX=permissive
Save and close the file, then reboot your system for the changes to take effect:
reboot
After a successful reboot, you can run the following command to check the SELinux status:
sestatus
Congratulations! You have successfully installed SELinux. Thanks for using this tutorial for installing the SELinux on Ubuntu 22.04 LTS Jammy Jellyfish system. For additional help or useful information, we recommend you check the official Ubuntu website.
