Skip to main content

CentOS Webpanel(CWP) Installation Perquisite : Disable SeLinux

SELinux is an acronym for Security-enhanced Linux. It is a security feature of the Linux kernel. It is designed to protect the server against misconfigurations and/or compromised daemons.

In the Linux kernel, SELinux relies on mandatory access controls (MAC) that restrict users to rules and policies set by the system administrator. MAC is a higher level of access control than the standard discretionary access control (DAC), and prevents security breaches in the system by only processing necessary files that the administrator pre-approves.

SELinux was initially released as a collaborative between Red Hat and the National Security Agency. SELinux receives periodic updates and additions as new Linux distributions are released.

SELinux modes
There are three modes of SELinux: Enforcing, Permissive and Disabled.
Enforcing mode is the default mode at installation of SELinux. It will enforce the policies on the system, deny access and log actions.

Permissive mode is the most commonly used mode for troubleshooting SELinux. In this mode, SELinux enables but does not enforce security policies. Also, this means that actions will result in a warning and log for the system administrator.

Disabled mode means that SELinux is turned off and the security policies do not protect the server.

To run CWP/VestaCP on your server, SELinux must remain disabled. SELinux in enforcing mode does not allow CWP/VestaCP to function properly. For more information about SELinux modes, read the SELinux Mode documentation.

While CWP/VestaCP can function with SELinux in permissive mode, we recommend that you do not use it. Permissive mode generates a large number of log entries.To check the status of SELinux on your server, run the sestatus command.

Environment Details:
CPU Model: Intel(R) Xeon(R) CPU X3440 @ 2.53GHz
CPU Details: 2 Core (2527 MHz)
Distro Name: CentOS Linux release 7.6.1810 (Core)
Kernel Version: 3.10.0-957.1.3.el7.x86_64
CentOS-Web Panel version: CWP7.admin
CWP version: 0.9.8.757
RAM: 8 GB
Type: VPS (VmWare)

At first we will disable the selinux then reboot the machine .
# sestatus
# vi /etc/selinux/config 

OR 

# vi /etc/sysconfig/selinux 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

:x  (save & quit) 
Reboot your server
# reboot 
# sestatus
selinux status

Comments

Most Popular

CWP DNS Part 1 : How to Configure DNS properly for CentOS WebPanel on CentOS 7.6

After hosting my parent domain on CWP7.admin, I am getting dns error and i'm not able access my server using my server FQDN but i can access using my server IP.
So what can i do for that problem ?

Yes, you have to fix the error .

Environment Details:
Distro Name: CentOS Linux release 7.6.1810 (Core)
CentOS-Web Panel version: CWP7.admin
CWP version: 0.9.8.757
WebServer: Apache Only
FQDN: host.datahead.biz
IP: 192.120.10.3

1.Change Hostname Permanently:
# hostnamectl set-hostname host.datahead.biz# hostnamectl Static hostname: host.datahead.biz Icon name: computer-vm Chassis: vm Machine ID: 7400071490ea4f7d931374824ad4b52c Boot ID: 6e1f2d76495d4b318c25c4a1195aa130 Virtualization: vmware Operating System: CentOS Linux 7 (Core) CPE OS Name: cpe:/o:centos:centos:7 Kernel: Linux 3.10.0-862.14.4.el7.x86_64 Architecture: x86-64 It also writes this information to the /etc/hostname file as well.
# cat /etc/hostname host.d…

CWP DNS Part 2 : How to Configure DNS properly for CentOS WebPanel on CentOS 7.6

7.Open Main Configuration file
# vi /etc/named.conf 12 options { 13 listen-on port 53 { any; }; 14 listen-on-v6 port 53 { ::1; }; 15 directory "/var/named"; 16 dump-file "/var/named/data/cache_dump.db"; 17 statistics-file "/var/named/data/named_stats.txt"; 18 memstatistics-file "/var/named/data/named_mem_stats.txt"; 19 recursing-file "/var/named/data/named.recursing"; 20 secroots-file "/var/named/data/named.secroots"; 21 allow-query { any; }; 33 recursion no; 34 35 dnssec-enable yes; 36 dnssec-validation yes; 54 zone "." IN { 55 type hint; 56 file "named.ca"; 57 }; 58 59 include "/etc/named.rfc1912.zones"; 60 include "/etc/named.root.key"; 61 …