Skip to main content

CentOS Webpanel(CWP) Installation Perquisite : Disable SeLinux

SELinux is an acronym for Security-enhanced Linux. It is a security feature of the Linux kernel. It is designed to protect the server against misconfigurations and/or compromised daemons.

In the Linux kernel, SELinux relies on mandatory access controls (MAC) that restrict users to rules and policies set by the system administrator. MAC is a higher level of access control than the standard discretionary access control (DAC), and prevents security breaches in the system by only processing necessary files that the administrator pre-approves.

SELinux was initially released as a collaborative between Red Hat and the National Security Agency. SELinux receives periodic updates and additions as new Linux distributions are released.

SELinux modes
There are three modes of SELinux: Enforcing, Permissive and Disabled.
Enforcing mode is the default mode at installation of SELinux. It will enforce the policies on the system, deny access and log actions.

Permissive mode is the most commonly used mode for troubleshooting SELinux. In this mode, SELinux enables but does not enforce security policies. Also, this means that actions will result in a warning and log for the system administrator.

Disabled mode means that SELinux is turned off and the security policies do not protect the server.

To run CWP/VestaCP on your server, SELinux must remain disabled. SELinux in enforcing mode does not allow CWP/VestaCP to function properly. For more information about SELinux modes, read the SELinux Mode documentation.

While CWP/VestaCP can function with SELinux in permissive mode, we recommend that you do not use it. Permissive mode generates a large number of log entries.To check the status of SELinux on your server, run the sestatus command.

Environment Details:
CPU Model: Intel(R) Xeon(R) CPU X3440 @ 2.53GHz
CPU Details: 2 Core (2527 MHz)
Distro Name: CentOS Linux release 7.6.1810 (Core)
Kernel Version: 3.10.0-957.1.3.el7.x86_64
CentOS-Web Panel version: CWP7.admin
CWP version:
Type: VPS (VmWare)

At first we will disable the selinux then reboot the machine .
# sestatus
# vi /etc/selinux/config 


# vi /etc/sysconfig/selinux 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.

:x  (save & quit) 
Reboot your server
# reboot 
# sestatus
selinux status


Most Popular

CWP DNS Part 1 : How to Configure DNS properly for CentOS WebPanel on CentOS 7.6

After hosting my parent domain on CWP7.admin, I am getting dns error and i'm not able access my server using my server FQDN but i can access using my server IP.
So what can i do for that problem ?

Yes, you have to fix the error .

Environment Details:
Distro Name: CentOS Linux release 7.6.1810 (Core)
CentOS-Web Panel version: CWP7.admin
CWP version:
WebServer: Apache Only

1.Change Hostname Permanently:
# hostnamectl set-hostname hostnamectl Static hostname: Icon name: computer-vm Chassis: vm Machine ID: 7400071490ea4f7d931374824ad4b52c Boot ID: 6e1f2d76495d4b318c25c4a1195aa130 Virtualization: vmware Operating System: CentOS Linux 7 (Core) CPE OS Name: cpe:/o:centos:centos:7 Kernel: Linux 3.10.0-862.14.4.el7.x86_64 Architecture: x86-64 It also writes this information to the /etc/hostname file as well.
# cat /etc/hostname host.d…

CWP: How to Configure Let's Encrypt SSL Certificate for your server Hostname/FQDN on CWP7.admin

I wrote a blog on regarding Let's Encrypt SSL Certificate for CentOS Web Panel when "Letsencrypt Manager"  option was exist under Apache Settings >> Letsencrypt Manager >> Install Letsencrypt .

At Present CWP Team has been removed "Letsencrypt Manager"  that's why it will not renew any cert automatic . They made Auto SSL by default but Auto SSL grade is B and I'm not satisfied with Auto SSL.

Previous Article Link Install Letsencrypt SSL Certificate for your Server Hostname/FQDN, 100% Working 

N.B: I am using the below cipherlist

So now I am writing this solution again for all of guys and I hope that it will be 100% working again on your CentOS-Webpanel as mine .

Environment Details:
CPU Model: Intel(R) Xeon(R) CPU X3440 @ 2.53GHz
CPU Details: 2 Core (2527 MHz)
Distro Name: Ce…