RHEL7 SELinux Enable Enforcing.

Written by Mike Olsen on the 19th Aug 2021

Exported on 19-Aug-2021 10:17:01

Enable SELinux Enforcing - Any actions contrary to policy are blocked and a corresponding event is logged in the audit log.

Parameters

Name Type Script Reference Default Value Comment
App Server Linux / Unix Server appServer
Linux: Root User Linux OS Credential linuxRootUser
Target Server: Lin Linux / Unix Server targetServerLin The target server is a generic placeholder, usually used for the server a script will run on. For example, the server being built if the procedure is building a server.

1 - R7 SELinux Set Enforcing

If enforcing not enahled in /etc/selinux/config then update the file to enable it.

The connection details have changed from the last step.

Login as user on node

Connect via SSH 
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session 
# Changes take effect after reboot

F='/etc/selinux/config'

if grep -q 'SELINUX=enforcing' $F; then
    echo "SELINUX already enforcing"
else
    echo "Enabling SELINUX in enforcing mode"
    sed -i 's/SELINUX=.*/SELINUX=enforcing/' $F
fi

2 - RHEL7 SELinux Enable Reboot

Reboot the APP server for changes to take effect.

The connection details have changed from the last step.

Login as user on node

Connect via SSH 
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session 
nohup shutdown -r now &

3 - RHEL7 SELinux Enable Enforcing Reboot Wait

Pause and wait for the server to finish rebooting.

The connection details have changed from the last step.

on node

Check if tcp port 22 is listening make sure it goes down for 1 seconds, once its up, wait 20 seconds .

Use Telnet to check if the TCP service is accepting connections.