Last Updated: February 25, 2016
·
707
· bendihossan

Control Your SELinux

SELinux can be incredible powerful when used correctly. Out of the box though it's a bit too totalitarian.

Temporarily set mode to permissive (log and warn but not interrupt)

setenforce 0 

Make the change permanent by opening /etc/selinux/config and editing the line SELINUX line:

SELINUX=permissive

By default SELinux log messages are written to /var/log/audit/audit.log via the Linux Auditing System auditd, which is started by default. If the auditd daemon is not running, then messages are written to /var/log/messages . SELinux log messages are labeled with the "AVC" keyword so that they might be easily filtered from other messages, as with grep.

Much, much more on how to configure and create custom audit logs: http://wiki.centos.org/HowTos/SELinux