12-10-2019, 09:11 AM
OK, so I've now fired up my VPS 9 Phoenix again. I thought I'd be smart and go for an older version of CentOS - CentOS 6.5. And guess what, I couldn't get access to the network with SSH with CentOS 6.5. I then re-installed CentOS 7 and I was able to get access to the network again. So guess Virmach has the upgraded VPS 9 Phoenix configured in such a way that it can't work with CentOS 6.5. Or who knows, maybe it was a fluke.
OK - we're now ready to disable SELinux. But before I do it I'd like to understand why I need to do it and what the consequences are going to be for the VPS.
Like why is it not needed in the case of VPS 9 Seattle, which as we know was one of the first VPSs to go through the Virmach KVM upgrade process. Like what happened in the later upgrades to cause the need for disabling SELinux?
Also, if disabled, exactly what will the consequences be for the VPS?
I tried to Google this, but can't completely wrap my brain cells around it. What I do understand now is that SELinux stands for security enhanced Linux. So immediately when it is disabled, the VPS has less protection than before it was enabled. So why would Virmach recommend this on a massive scale for all of the upgraded VPSs? Like we can't use Ubuntu, basically we are limited to CentOS, and now it would seem a CentOS that doesn't come with the protection that it has been designed for with SELinux?
Also, it would be nice if someone could create a simplified fool-proof tutorial for disabling SELinux that all of the VPS 9 users with issues can use. The tutorial below is what I sourced with Google, but I'd like our experts here to have a look at it before I start down this road.
First challenge I may have is that when I last used my VPS Phoenix after the KVM upgrade - loaded with CentOS 7.0, it had yum issues. Should I ignore all of that first, and then just go straight in disabling SELinux as follows?
It should come with an output like this one:
There is a temporary and permanent way that SELinux can be disabled. Which is the better one - temporary or permanent?
Temporary Disabling of SELinux
Permanent Disabling of SELinux
Change SELINUX to disabled. Output should be:
Save the file and reboot with:
Then check the status of SELinux again:
Output should then look like this:
OK now if the above is successful, what should our next steps be to get CentOS 7.0 to operate perfectly? I.e. to take care of all of the shortcomings that caused the need for SELinux to be disabled in the first place?
OK - we're now ready to disable SELinux. But before I do it I'd like to understand why I need to do it and what the consequences are going to be for the VPS.
Like why is it not needed in the case of VPS 9 Seattle, which as we know was one of the first VPSs to go through the Virmach KVM upgrade process. Like what happened in the later upgrades to cause the need for disabling SELinux?
Also, if disabled, exactly what will the consequences be for the VPS?
I tried to Google this, but can't completely wrap my brain cells around it. What I do understand now is that SELinux stands for security enhanced Linux. So immediately when it is disabled, the VPS has less protection than before it was enabled. So why would Virmach recommend this on a massive scale for all of the upgraded VPSs? Like we can't use Ubuntu, basically we are limited to CentOS, and now it would seem a CentOS that doesn't come with the protection that it has been designed for with SELinux?
Also, it would be nice if someone could create a simplified fool-proof tutorial for disabling SELinux that all of the VPS 9 users with issues can use. The tutorial below is what I sourced with Google, but I'd like our experts here to have a look at it before I start down this road.
First challenge I may have is that when I last used my VPS Phoenix after the KVM upgrade - loaded with CentOS 7.0, it had yum issues. Should I ignore all of that first, and then just go straight in disabling SELinux as follows?
Code: (Select All)
sestatusIt should come with an output like this one:
Code: (Select All)
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31There is a temporary and permanent way that SELinux can be disabled. Which is the better one - temporary or permanent?
Temporary Disabling of SELinux
Code: (Select All)
setenforce 0Permanent Disabling of SELinux
Code: (Select All)
/etc/selinux/configChange SELINUX to disabled. Output should be:
Code: (Select All)
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targetedSave the file and reboot with:
Code: (Select All)
shutdown -r nowThen check the status of SELinux again:
Code: (Select All)
sestatusOutput should then look like this:
Code: (Select All)
SELinux status: disabledOK now if the above is successful, what should our next steps be to get CentOS 7.0 to operate perfectly? I.e. to take care of all of the shortcomings that caused the need for SELinux to be disabled in the first place?