» GUIDED EXERCISE CHANGING THE SELINUX ENFORCEMENT MODE In this lab, you will manage SELinux modes, both temporarily and persistently. OUTCOMES You should be able to view and set the current SELinux mode. BEFORE YOU BEGIN Log in as the student user on workstation using student as the password. Onworkstation, run the lab selinux-opsmode start command. This command runs a start script that determines if the servera machine is reachable on the network [student@workstation ~]$ lab selinux-opsmode start > 1. Use the ssh command to log in to Servera as the student user. The systems are configured to use SSH keys for authentication, so a password is not required. [student@workstation ~]$ ssh student@servera ++ -output omitted... [student@servera ~]$ > 2. Use the sudo -i command to switch to the root user. The password for the student user is student. [student@servera ~]$ sudo -i [sudo] password for student: student [root@servera ~]# » 3. Change the default SELinux mode to permissive and reboot. 31. Use the getenforce command to verify that serveraiis in enforcing mode. [root@servera ~]# getenforce Enforcing 32. Use the vim command to open the /ete/selinux/confiig configuration file. Change the SELINUX parameter from enforcing to permissive [root@servera ~]# vim /etc/selinux/config4 33 34, Use the grep command to confirm that the SELINUX parameter is set to permissive [root@servera ~]# grep 'ASELINUX' /etc/selinux/config SELINUX=permissive SELINUXTYPE=targeted Use the systemet1 reboot command to reboot servera [root@servera ~]# systemct] reboot Connection to servera closed by remote host. Connection to servera closed [student@workstation ~]$ servera takes a few minutes to reboot, After a few minutes, log in to servera as the student user. Use the sudo. -i. command to become root. Display the current SELinux mode using the getenforce command 4) 42 43, rom workstation using the ssh command log in to servera as the student user. [student@workstation ~]$ ssh student@servera ‘output omitted, [student@servera ~]$ Use the sudo -i command to become root. [student@servera ~]$ sudo -i [sudo] password for student: student [root@servera ~]# Display the current SELinux mode using the getenforce command. [root@servera ~]# getenforce Permissive5. rs. 7 In the /ete/selinux/config file, change the default SELinux mode to enforcing, This change only takes effect on next reboot, 51. Use the vim command to open the /ete/selinux/config configuration file. Change the SELINUX back to enforcing [root@servera ~]# vim /etc/selinux/contig 5.2. Use the grep command to confirm that the SELINUX parameter is set to enforcing [root@servera ~]# grep 'ASELINUX' /etc/selinux/config SELINUX=enforcing SELINUXTYPE=targeted Use the setenforce commanc to set the current SELinux mode to enforcing without rebooting. Confirm that the mode has been set to enforcing using the getenforce command [root@servera ~]# setenforce 1 [root@servera ~]# getenforce Enforcing Exit from servera. [root@servera ~]# exit Logout [student@servera ~]s exit Jogout Connection to servera closed. [student@workstation ~]$ Finish On workstation, run the lab selinux-opsmode finish script to complete this exercise, [student@vorkstation ~]$ lab selinux-opsmode finish This concludes the guided exercise.