LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 06-21-2012, 12:32 PM   #1
arun5002
Member
 
Registered: Aug 2011
Location: Chennai,India
Distribution: Redhat,Centos,Ubuntu,Dedian
Posts: 549
Blog Entries: 5

Rep: Reputation: Disabled
How to disable selinux at centos 6.2 aftermounting in ubuntu inrecovery mode:Vps


Hi
I have been running our server in centos 6.2 ,Since selinux had enabled in my centos 6.2 made my server to unreachable.I just made the server to mount in recovery mode in ubuntu .My server harddrive is /dev/sda1 .pls help us how can i disable selinux after mounting .I had hosted the server in vps

root@sw:~# fdisk -l

Disk /dev/sda: 500.0 GB, 499999834112 bytes
255 heads, 63 sectors/track, 60788 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x000ab69f

Device Boot Start End Blocks Id System
/dev/sda1 * 1 65 522081 83 Linux
/dev/sda2 66 60657 486705240 83 Linux
/dev/sda3 60658 60788 1052257+ 82 Linux swap / Solaris



Last login: Thu Jun 21 16:58:04 2012 from 58.68.21.67
root@:~# clear


root@sw:~# mount /dev/sda1 /mnt
root@sw:~# cd /mnt/
root@sw:/mnt# ls
config-2.6.18-238.9.1.el5PAE symvers-2.6.18-238.9.1.el5PAE.gz
config-2.6.18-238.el5PAE symvers-2.6.18-238.el5PAE.gz
grub System.map-2.6.18-238.9.1.el5PAE
initrd-2.6.18-238.9.1.el5PAE.img System.map-2.6.18-238.el5PAE
initrd-2.6.18-238.el5PAE.img vmlinuz-2.6.18-238.9.1.el5PAE
lost+found vmlinuz-2.6.18-238.el5PAE
message
root@sw:/mnt# cd grub/
root@sw:/mnt/grub# ls
device.map grub.conf minix_stage1_5 stage2
e2fs_stage1_5 iso9660_stage1_5 reiserfs_stage1_5 ufs2_stage1_5
fat_stage1_5 jfs_stage1_5 splash.xpm.gz vstafs_stage1_5
ffs_stage1_5 menu.lst stage1 xfs_stage1_5
root@sw:/mnt/grub#


Where i have to disable selinux in grub.conf.I had mounted the file system ,But i could not know how to disable selinux in grub.conf file after mounting
Quote:


cat grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg. console=ttyS0,57600 console=tty0
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/sda2 console=ttyS0,57600 console=tty0
# initrd /initrd-version.img
#boot=/dev/sda
serial --unit=0 --speed=57600

terminal --timeout=2 serial console

default=0
timeout=5

hiddenmenu
title CentOS (2.6.18-238.9.1.el5PAE)
root (hd0,0)
kernel /vmlinuz-2.6.18-238.9.1.el5PAE ro root=LABEL=/ nodmraid console=ttyS0,57600 console=tty0
initrd /initrd-2.6.18-238.9.1.el5PAE.img
title CentOS (2.6.18-238.el5PAE)
root (hd0,0)
kernel /vmlinuz-2.6.18-238.el5PAE ro root=LABEL=/ nodmraid console=ttyS0,57600 console=tty0
initrd /initrd-2.6.18-238.el5PAE.img
root@sw:~# fdisk -l

Disk /dev/sda: 500.0 GB, 499999834112 bytes
255 heads, 63 sectors/track, 60788 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x000ab69f

Device Boot Start End Blocks Id System
/dev/sda1 * 1 65 522081 83 Linux
/dev/sda2 66 60657 486705240 83 Linux
/dev/sda3 60658 60788 1052257+ 82 Linux swap / Solaris

Last edited by arun5002; 06-21-2012 at 02:10 PM.
 
Old 06-21-2012, 12:51 PM   #2
maccas17
Member
 
Registered: May 2010
Location: UK
Distribution: RHEL6
Posts: 70

Rep: Reputation: 10
Hi,

Now quite sure what your issue is exactly, but if you don't want to fix SELinux (which is NOT a good idea) then why don't you just disable using:

Code:
setenforce 0
To make this persist across reboots just edit /etc/sysconfig/selinx and set SELINUX=disabled.

If you want to disable it at boot just add the following to the kernel line:

Code:
enforcing=0
Hope this helps.

Last edited by maccas17; 06-21-2012 at 02:49 PM. Reason: Typo spotted by unSpawn
 
Old 06-21-2012, 12:55 PM   #3
arun5002
Member
 
Registered: Aug 2011
Location: Chennai,India
Distribution: Redhat,Centos,Ubuntu,Dedian
Posts: 549
Blog Entries: 5

Original Poster
Rep: Reputation: Disabled
Hi

since server had been mounted in ubuntu 10.04 .I never seems the command be working .It seems to disable the selinux at grub.conf file to disable permanently .Im currently looking for how to disable selinux at grub.conf file
 
Old 06-21-2012, 01:04 PM   #4
maccas17
Member
 
Registered: May 2010
Location: UK
Distribution: RHEL6
Posts: 70

Rep: Reputation: 10
When you boot the system add it to your kernel line as I mentioned above.

Then when the system is up edit your grub.conf file and add selinux=0 to the end.
 
Old 06-21-2012, 01:22 PM   #5
arun5002
Member
 
Registered: Aug 2011
Location: Chennai,India
Distribution: Redhat,Centos,Ubuntu,Dedian
Posts: 549
Blog Entries: 5

Original Poster
Rep: Reputation: Disabled
Solved the problem


cat grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg. console=ttyS0,57600 console=tty0
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/sda2 console=ttyS0,57600 console=tty0
# initrd /initrd-version.img
#boot=/dev/sda
serial --unit=0 --speed=57600

terminal --timeout=2 serial console

default=0
timeout=5

hiddenmenu
title CentOS (2.6.18-238.9.1.el5PAE)
root (hd0,0)
Quote:
kernel /vmlinuz-2.6.18-238.9.1.el5PAE ro root=LABEL=/ nodmraid console=ttyS0,57600 console=tty0 selinux=0
initrd /initrd-2.6.18-238.9.1.el5PAE.img
title CentOS (2.6.18-238.el5PAE)
root (hd0,0)
Quote:
kernel /vmlinuz-2.6.18-238.el5PAE ro root=LABEL=/ nodmraid console=ttyS0,57600 console=tty0 selinux=0
initrd /initrd-2.6.18-238.el5PAE.img


umount /mnt
reboot solved the issue

Thanks for ur reply
 
Old 06-21-2012, 01:47 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,485
Blog Entries: 54

Rep: Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902
Quote:
Originally Posted by maccas17 View Post
if you don't want to fix SELinux (which is a good idea)
I hope that was a typo. If it's not then you should realize that SELinux does not fix everything but is has proved its worth documented stopping certain attacks. It's always good to fix policy errors, especially on servers.
 
Old 06-21-2012, 02:09 PM   #7
arun5002
Member
 
Registered: Aug 2011
Location: Chennai,India
Distribution: Redhat,Centos,Ubuntu,Dedian
Posts: 549
Blog Entries: 5

Original Poster
Rep: Reputation: Disabled
Hi unspawn,

Im not very good expect of selinux .Whether iptables works without selinux .I got a very big headache today because of selinux .I have not turn on selinux .when i reboot the server it selinux automatically turned on in centos 6.2. whether its a default configuration in centos 6.2
 
Old 06-21-2012, 02:48 PM   #8
maccas17
Member
 
Registered: May 2010
Location: UK
Distribution: RHEL6
Posts: 70

Rep: Reputation: 10
Quote:
Originally Posted by unSpawn View Post
I hope that was a typo. If it's not then you should realize that SELinux does not fix everything but is has proved its worth documented stopping certain attacks. It's always good to fix policy errors, especially on servers.
Yes that was a TYPO!!! Well spotted, my brain was filling in words I hadn't typed!
 
Old 06-21-2012, 06:10 PM   #9
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,485
Blog Entries: 54

Rep: Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902
Quote:
Originally Posted by maccas17 View Post
my brain was filling in words I hadn't typed!
Better read twice then ;-p


Quote:
Originally Posted by arun5002 View Post
Im not very good expect of selinux .Whether iptables works without selinux .I got a very big headache today because of selinux .I have not turn on selinux .when i reboot the server it selinux automatically turned on in centos 6.2. whether its a default configuration in centos 6.2
The setting is configured in /etc/selinux/config. If you set it to "SELINUX=permissive" you have the opportunity to enter a "learning phase", meaning SELinux, the audit and setroubleshootd service will log rule violations without actually blocking. Logged AVC messages then can be run through 'audit2allow' to adjust a local policy if necessary. If you would like help adjusting your policy post the result of running your syslogs through audit2allow.
 
Old 06-22-2012, 06:43 AM   #10
maccas17
Member
 
Registered: May 2010
Location: UK
Distribution: RHEL6
Posts: 70

Rep: Reputation: 10
Quote:
Originally Posted by unSpawn View Post
Better read twice then ;-p
I did and I still thought it read correctly! - its a bit like the jumbled letters thing:

"Aoccdrnig to a rscheearch at Cmabrigde Uinervtisy, it deosn't mttaer in waht oredr the ltteers in a wrod are, the olny iprmoatnt tihng is taht the frist and lsat ltteers be at the rghit pclae. The rset can be a toatl mses and you can sitll raed it wouthit porbelm. Tihs is bcuseae the huamn mnid deos not raed ervey lteter by istlef, but the wrod as a wlohe."

Amusing the way we (or some of us) tick..
 
Old 06-22-2012, 08:15 AM   #11
arun5002
Member
 
Registered: Aug 2011
Location: Chennai,India
Distribution: Redhat,Centos,Ubuntu,Dedian
Posts: 549
Blog Entries: 5

Original Poster
Rep: Reputation: Disabled
I had disabled my selinux but it shows that selinux is enabled after checking out the selinux status by sestatus .Whether i can reboot my server at these condition .



[root@ ~]# cat /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
[root@ ~]# system-config-securitylevel
-bash: system-config-securitylevel: command not found
[root@ ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: permissive
Mode from config file: disabled
Policy version: 24
Policy from config file: targeted
[root@ ~]#
 
Old 06-22-2012, 09:42 AM   #12
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,485
Blog Entries: 54

Rep: Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902Reputation: 2902
The "-bash: system-config-securitylevel: command not found" message means you should prefix the command with the full path (kind of odd considering if you're running Centos 6.2 and being logged in as root). There's a few ways to check if SELinux is enabled. Stringing them all together: 'grep -Hi selinux=0 /boot/grub/grub.conf; grep -Hi ^selinux= /etc/selinux/config; /usr/sbin/sestatus; /usr/sbin/getenforce; /usr/sbin/selinuxenabled && echo Enabled || echo Disabled;' (GRUB2 might use a different configuration file). If you switch the system to permissive mode running 'echo 0 >/selinux/enforce' as root, and if you have set the "selinux=0" kernel line (mostly for Linuxes that don't have /etc/selinux/config) and if you have set "SELINUX=disabled" in /etc/sysconfig/selinux then if you reboot SELinux should be disabled, yes.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
enabling Execute Disable mode in bios on Acer Aspire 5741(Ubuntu 10.10 upgrade) headmower Linux - Newbie 3 01-06-2011 04:04 AM
Kernel Panic -- Selinux Strict mode rather than targeted mode Peter_APIIT Fedora 2 07-06-2007 02:23 AM
how to disable selinux? xpucto Fedora 2 06-08-2007 06:16 AM
disable selinux mrlucio79 Fedora 3 08-28-2006 01:49 PM
disable selinux on ubuntu linuxmandrake Ubuntu 2 01-11-2006 05:10 AM


All times are GMT -5. The time now is 12:33 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration