Help Center/ Host Security Service/ FAQs/ Security Configurations/ How Do I Disable the SELinux Firewall?
Updated on 2024-11-15 GMT+08:00

How Do I Disable the SELinux Firewall?

Security-Enhanced Linux (SELinux) is a kernel module and security subsystem of Linux.

SELinux minimizes the resources that can be accessed by service processes in the system (the principle of least privilege).

Closure Description

  • After the SELinux is disabled, services are not affected.
  • SELinux can be disabled temporarily or permanently as required.

Scenario

To use the two-factor authentication function of HSS, you need to permanently disable the SELinux firewall.

Procedure

  1. Remotely log in to the destination server.

    • Huawei Cloud server
      • Log in to the ECS console, locate the target server, and click Remote Login in the Operation column to log in to the server. For details, see Login Using VNC.
    • Non-Huawei Cloud server

      Use a remote management tool (such as PuTTY or Xshell) to connect to the EIP of your server and remotely log in to your server.

  2. Run the shutdown command in the command window.

    • Temporarily disable SELinux
      Run the following command in the CLI to temporarily disable SELinux:
      setenforce 0

      After the system is restarted, the SELinux will be enabled again.

    • Permanently disable SELinux
      1. Run the following command in the directory window to edit the config file of SELinux:
        vi /etc/selinux/config
      2. Locate SELINUX=enforcing, press i to enter the editing mode, and change the parameter to SELINUX=disabled.
        Figure 1 Editing the SELinux status
      3. After the modification, press Esc and run the following command to save the file and exit:
        :wq

  3. Run the permanent shutdown command, save the settings, and exit. Run the following command to restart the server immediately:

    shutdown -r now

    The permanent shutdown command takes effect only after the server is restarted.

  4. After the restart, run the following command to verify that SELinux is disabled:

    getenforce