SELinux is a Linux security module that works because of access control lists. It defines how different users can and cannot read, write, update, remove, or otherwise change different resources, and how administrators manage those differences.
Nowadays, many modern distributions such as Ubuntu 22.04 include AppArmor which is like an alternative to SELinux. The catch is that Linux only allows one of them to be active. However, both are very efficient.
One aspect to keep in mind for SELinux is that it modifies many parts of the system. The simplest SELinux installations are somewhat time-consuming, as they affect the entire file system. It is even recommended to start it in permissive mode, make configurations and backups, and then deploy it to its full potential.
Don’t panic, SELinux makes the system more robust, but you will lose some flexibility.
Install SELinux on Ubuntu 22.04
Before you start, it is advisable not to use applications during the installation and try not to have any active users on the system. Then, update the system completely
sudo apt update
sudo apt upgradeThen, you can start with the work.
Check if AppArmor is working
As I explained above, only one between AppArmor and SELinux can be active on the system. So, the first step is to check if AppArmor is running with sysmtectl
To achieve this, open a terminal and run
systemctl status apparmorIf it is running, you will see a screen output like this
● apparmor.service - Load AppArmor profiles
Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor pres>
Active: active (exited) since Sat 2022-10-08 08:18:10 EDT; 2h 33min ago
Docs: man:apparmor(7)
https://gitlab.com/apparmor/apparmor/wikis/home/
Process: 679 ExecStart=/lib/apparmor/apparmor.systemd reload (code=exited, >
Main PID: 679 (code=exited, status=0/SUCCESS)
Oct 08 08:18:10 imaginelinux systemd[1]: Starting Load AppArmor profiles...
Oct 08 08:18:10 imaginelinux apparmor.systemd[679]: Restarting AppArmor
Oct 08 08:18:10 imaginelinux apparmor.systemd[679]: Reloading AppArmor profiles
Oct 08 08:18:10 imaginelinux apparmor.systemd[707]: Skipping profile in /etc/apparmo>
Oct 08 08:18:10 imaginelinux systemd[1]: Finished Load AppArmor profiles.So, you will have to stop it
sudo systemctl stop apparmorAnd disable it so that it does not start with the system
sudo systemctl disable apparmorYou can even remove it, but I think it is not necessary.
Install and activate SELinux
Now you can start with the installation. To do so, just run this command.
sudo apt install policycoreutils selinux-basics selinux-utilsThe installation should not take long since they are fairly lightweight tools. Once it’s finished, you can then activate it.
sudo selinux-activateYou will see an output screen like the following
SELinux is activated. You may need to reboot now.Do not reboot the system yet.
First, we need to check what state SELinux is in. To do this run.
getenforceYou will get an output screen like this
DisabledRemember that SELinux has a permissive and enforcing mode whereby activating the latter, you will lose the SSH connection, until you reconfigure it.
Another option is to check the SELinux config file
cat /etc/selinux/configNow just set the level you want and reboot the system to apply the changes.
Disable SELinux on Ubuntu 22.04
The best way to disable it is to change its status to permissive
sudo vim /etc/selinux/configFrom:
SELINUX=enforcingTo:
SELINUX=permissiveSave the changes and close the editor.
Conclusion
SELinux stands as a kind of policy that helps to improve server security. It is a good way to protect the system using tools within the system itself.
I hope this post helps you, and you can share it with your friends.