How Do I Disable the SELinux Firewall?

Security-Enhanced Linux (SELinux) is a kernel module and security subsystem of Linux.

SELinux minimizes the resources that can be accessed by service processes in the system (the principle of least privilege).

To use the two-factor authentication function of HSS, you need to permanently disable the SELinux firewall.

Remotely log in to the destination server.
- Huawei Cloud server
  - Log in to the ECS console, locate the target server, and click Remote Login in the Operation column to log in to the server. For details, see Login Using VNC.
- Non-Huawei Cloud server
  Use a remote management tool (such as PuTTY or Xshell) to connect to the EIP of your server and remotely log in to your server.
Run the shutdown command in the command window.
- Temporarily disable SELinux
  Run the following command in the CLI to temporarily disable SELinux:
```
setenforce 0
```
  After the system is restarted, the SELinux will be enabled again.
- Permanently disable SELinux
  1. Run the following command in the directory window to edit the config file of SELinux:
```
vi /etc/selinux/config
```
  2. Locate SELINUX=enforcing, press i to enter the editing mode, and change the parameter to SELINUX=disabled.
    Figure 1 Editing the SELinux status
  3. After the modification, press Esc and run the following command to save the file and exit:
```
:wq
```
Run the permanent shutdown command, save the settings, and exit. Run the following command to restart the server immediately:
```
shutdown -r now
```
The permanent shutdown command takes effect only after the server is restarted.
After the restart, run the following command to verify that SELinux is disabled:
```
getenforce
```