» GUIDED EXERCISE
CHANGING THE SELINUX
ENFORCEMENT MODE
In this lab, you will manage SELinux modes, both temporarily and persistently.
OUTCOMES
You should be able to view and set the current SELinux mode.
BEFORE YOU BEGIN
Log in as the student user on workstation using student as the password.
Onworkstation, run the lab selinux-opsmode start command. This command runs
a start script that determines if the servera machine is reachable on the network
[student@workstation ~]$ lab selinux-opsmode start
> 1. Use the ssh command to log in to Servera as the student user. The systems are
configured to use SSH keys for authentication, so a password is not required.
[student@workstation ~]$ ssh student@servera
++ -output omitted...
[student@servera ~]$
> 2. Use the sudo -i command to switch to the root user. The password for the student
user is student.
[student@servera ~]$ sudo -i
[sudo] password for student: student
[root@servera ~]#
» 3. Change the default SELinux mode to permissive and reboot.
31. Use the getenforce command to verify that serveraiis in enforcing mode.
[root@servera ~]# getenforce
Enforcing
32. Use the vim command to open the /ete/selinux/confiig configuration file.
Change the SELINUX parameter from enforcing to permissive
[root@servera ~]# vim /etc/selinux/config4
33
34,
Use the grep command to confirm that the SELINUX parameter is set to
permissive
[root@servera ~]# grep 'ASELINUX' /etc/selinux/config
SELINUX=permissive
SELINUXTYPE=targeted
Use the systemet1 reboot command to reboot servera
[root@servera ~]# systemct] reboot
Connection to servera closed by remote host.
Connection to servera closed
[student@workstation ~]$
servera takes a few minutes to reboot, After a few minutes, log in to servera as the
student user. Use the sudo. -i. command to become root. Display the current SELinux
mode using the getenforce command
4)
42
43,
rom workstation using the ssh command log in to servera as the student
user.
[student@workstation ~]$ ssh student@servera
‘output omitted,
[student@servera ~]$
Use the sudo -i command to become root.
[student@servera ~]$ sudo -i
[sudo] password for student: student
[root@servera ~]#
Display the current SELinux mode using the getenforce command.
[root@servera ~]# getenforce
Permissive5.
rs.
7
In the /ete/selinux/config file, change the default SELinux mode to enforcing, This
change only takes effect on next reboot,
51. Use the vim command to open the /ete/selinux/config configuration file.
Change the SELINUX back to enforcing
[root@servera ~]# vim /etc/selinux/contig
5.2. Use the grep command to confirm that the SELINUX parameter is set to
enforcing
[root@servera ~]# grep 'ASELINUX' /etc/selinux/config
SELINUX=enforcing
SELINUXTYPE=targeted
Use the setenforce commanc to set the current SELinux mode to enforcing without
rebooting. Confirm that the mode has been set to enforcing using the getenforce
command
[root@servera ~]# setenforce 1
[root@servera ~]# getenforce
Enforcing
Exit from servera.
[root@servera ~]# exit
Logout
[student@servera ~]s exit
Jogout
Connection to servera closed.
[student@workstation ~]$
Finish
On workstation, run the lab selinux-opsmode finish script to complete this exercise,
[student@vorkstation ~]$ lab selinux-opsmode finish
This concludes the guided exercise.