If u want to make selinux enforcing than change the file /etc/selinux/config as shown below and system need to restart to make it effective. Restart make take 30 minutes or so. cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=enforcing # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted On Wed, Jun 13, 2012 at 6:59 PM, <<a href="mailto:rhelv6-list-request@redhat.com">rhelv6-list-request@redhat.com</a>> wrote: > Send rhelv6-list mailing list submissions to > <a href="mailto:rhelv6-list@redhat.com">rhelv6-list@redhat.com</a> > > To subscribe or unsubscribe via the World Wide Web, visit > <a href="https://www.redhat.com/mailman/listinfo/rhelv6-list">https://www.redhat.com/mailman/listinfo/rhelv6-list</a> > or, via email, send a message with subject or body 'help' to > <a href="mailto:rhelv6-list-request@redhat.com">rhelv6-list-request@redhat.com</a> > > You can reach the person managing the list at > <a href="mailto:rhelv6-list-owner@redhat.com">rhelv6-list-owner@redhat.com</a> > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of rhelv6-list digest..." > > > Today's Topics: > > 1. Unable to activate SELinux (Simon Reber) > 2. Re: Unable to activate SELinux (Stephen Smalley) > 3. Re: Unable to activate SELinux (Tris Hoar) > 4. Re: Unable to activate SELinux (Simon Reber) > 5. Re: Unable to activate SELinux (Gabriel S. Craciun) > 6. Re: Unable to activate SELinux (Stephen Smalley) > 7. Re: Unable to activate SELinux (Simon Reber) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 13 Jun 2012 14:05:35 +0200 > From: "Simon Reber" <<a href="mailto:S.Reber@lcsys.ch">S.Reber@lcsys.ch</a>> > To: <<a href="mailto:rhelv6-list@redhat.com">rhelv6-list@redhat.com</a>> > Subject: [rhelv6-list] Unable to activate SELinux > Message-ID: > <<a href="mailto:1209832B38DC214CB373A59426B91DFE010D6BA7@chbsex01.lcsys.ch">1209832B38DC214CB373A59426B91DFE010D6BA7@chbsex01.lcsys.ch</a>> > Content-Type: text/plain; charset="us-ascii" > > Hi all, > > I'm having trouble to active SELinux on our RHEL 6 Linux system. > We have some sort of special installation framework (cobbler and puppet) > and initially disabled SELinux (which is fine) > > [output from Kickstart] > ... > selinux --disabled > ... > %packages --excludedocs --nobase > kernel > yum > openssh-server > openssh-clients > audit > logrotate > tmpwatch > vixie-cron > crontabs > ksh > ntp > perl > bind-utils > sudo > which > sendmail > wget > redhat-lsb > rsync > authconfig > lsof > unzip > sharutils > logwatch > libacl > nfs-utils > lcsetup > -firstboot > -tftp-server > -system-config-soundcard > -libselinux-python > -selinux-policy > -libselinux-utils > -selinux-policy-targeted > ... > > But for some high Security Risk systems, it's required to turn it on > anyway. > So I followed the guidance on: > <a href="http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Securi">http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Securi</a> > ty-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enab > ling_and_Disabling_SELinux.html to enable SELinux again on these systems > > Unfortunately does the system not initiate SELinux correctly nor do I > see any hint where the problem is: > > tgl90a-8401 root:/etc/init $ sestatus > SELinux status: disabled > tgl90a-8401 root:/etc/init $ cat /etc/selinux/config > # This file controls the state of SELinux on the system. > # SELINUX= can take one of these three values: > # enforcing - SELinux security policy is enforced. > # permissive - SELinux prints warnings instead of enforcing. > # disabled - No SELinux policy is loaded. > SELINUX=permissive > # SELINUXTYPE= can take one of these two values: > # targeted - Targeted processes are protected, > # mls - Multi Level Security protection. > SELINUXTYPE=targeted > > > The only thing I can see is: > tgl90a-8401 root:/etc/init $ cat /var/log/messages > Jun 13 13:41:30 tgl90a-8401 kernel: SELinux: Initializing. > > > Does anybody know if I need additional packages on the system or any > special setting set? > If tried "permissive" mode with /.autorelable - which didn't > work either > I also installed @Base Group to ensure nothing is missing - but > still the same result > > I've tried it with the same setup on RHEL 5 which perfectly worked - but > not on RHEL 6! > So I'm really looking forward to get some hints/tips > > Thanks and all the best, > Si > > > > > ------------------------------ > > Message: 2 > Date: Wed, 13 Jun 2012 08:23:34 -0400 > From: Stephen Smalley <<a href="mailto:sds@tycho.nsa.gov">sds@tycho.nsa.gov</a>> > To: <a href="mailto:rhelv6-list@redhat.com">rhelv6-list@redhat.com</a> > Subject: Re: [rhelv6-list] Unable to activate SELinux > Message-ID: <<a href="mailto:1339590214.13501.1.camel@moss-pluto.epoch.ncsc.mil">1339590214.13501.1.camel@moss-pluto.epoch.ncsc.mil</a>> > Content-Type: text/plain; charset="UTF-8" > > On Wed, 2012-06-13 at 14:05 +0200, Simon Reber wrote: >> -libselinux-python >> -selinux-policy >> -libselinux-utils >> -selinux-policy-targeted >> ... > > Did you install selinux-policy-targeted and the other packages above > that were originally excluded from your install? > > -- > Stephen Smalley > National Security Agency > > > > ------------------------------ > > Message: 3 > Date: Wed, 13 Jun 2012 13:36:03 +0100 > From: Tris Hoar <<a href="mailto:trishoar@bgfl.org">trishoar@bgfl.org</a>> > To: <a href="mailto:rhelv6-list@redhat.com">rhelv6-list@redhat.com</a> > Subject: Re: [rhelv6-list] Unable to activate SELinux > Message-ID: <<a href="mailto:4FD88933.5000403@bgfl.org">4FD88933.5000403@bgfl.org</a>> > Content-Type: text/plain; charset="ISO-8859-1"; format="flowed" > > On 13/06/2012 13:05, Simon Reber wrote: >> Hi all, >> >> I'm having trouble to active SELinux on our RHEL 6 Linux system. >> We have some sort of special installation framework (cobbler and puppet) >> and initially disabled SELinux (which is fine) >> >> [output from Kickstart] >> ... >> selinux --disabled >> ... >> %packages --excludedocs --nobase >> kernel >> yum >> openssh-server >> openssh-clients >> audit >> logrotate >> tmpwatch >> vixie-cron >> crontabs >> ksh >> ntp >> perl >> bind-utils >> sudo >> which >> sendmail >> wget >> redhat-lsb >> rsync >> authconfig >> lsof >> unzip >> sharutils >> logwatch >> libacl >> nfs-utils >> lcsetup >> -firstboot >> -tftp-server >> -system-config-soundcard >> -libselinux-python >> -selinux-policy >> -libselinux-utils >> -selinux-policy-targeted >> ... >> >> But for some high Security Risk systems, it's required to turn it on >> anyway. >> So I followed the guidance on: >> <a href="http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Securi">http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Securi</a> >> ty-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enab >> ling_and_Disabling_SELinux.html to enable SELinux again on these systems >> >> Unfortunately does the system not initiate SELinux correctly nor do I >> see any hint where the problem is: >> >> tgl90a-8401 root:/etc/init $ sestatus >> SELinux status: disabled >> tgl90a-8401 root:/etc/init $ cat /etc/selinux/config >> # This file controls the state of SELinux on the system. >> # SELINUX= can take one of these three values: >> # enforcing - SELinux security policy is enforced. >> # permissive - SELinux prints warnings instead of enforcing. >> # disabled - No SELinux policy is loaded. >> SELINUX=permissive >> # SELINUXTYPE= can take one of these two values: >> # targeted - Targeted processes are protected, >> # mls - Multi Level Security protection. >> SELINUXTYPE=targeted >> >> >> The only thing I can see is: >> tgl90a-8401 root:/etc/init $ cat /var/log/messages >> Jun 13 13:41:30 tgl90a-8401 kernel: SELinux: Initializing. >> >> >> Does anybody know if I need additional packages on the system or any >> special setting set? >> If tried "permissive" mode with /.autorelable - which didn't >> work either >> I also installed @Base Group to ensure nothing is missing - but >> still the same result >> >> I've tried it with the same setup on RHEL 5 which perfectly worked - but >> not on RHEL 6! >> So I'm really looking forward to get some hints/tips >> >> Thanks and all the best, >> Si >> >> > > Are you sure you are installing the packages needed for SE? > > @Base does not include any SE packages. I think you will want > selinux-policy and selinux-policy-targeted as this gives the default SE > policy for the system. > > Regards, > > Tris > > > > ************************************************************* > This email and any files transmitted with it are confidential > and intended solely for the use of the individual or entity > to whom they are addressed. If you have received this email > in error please notify <a href="mailto:postmaster@bgfl.org">postmaster@bgfl.org</a> > > The views expressed within this email are those of the > individual, and not necessarily those of the organisation > ************************************************************* > > > > ------------------------------ > > Message: 4 > Date: Wed, 13 Jun 2012 14:56:04 +0200 > From: "Simon Reber" <<a href="mailto:S.Reber@lcsys.ch">S.Reber@lcsys.ch</a>> > To: "Red Hat Enterprise Linux 6 (Santiago) discussion mailing-list" > <<a href="mailto:rhelv6-list@redhat.com">rhelv6-list@redhat.com</a>> > Subject: Re: [rhelv6-list] Unable to activate SELinux > Message-ID: > <<a href="mailto:1209832B38DC214CB373A59426B91DFE010D6BA9@chbsex01.lcsys.ch">1209832B38DC214CB373A59426B91DFE010D6BA9@chbsex01.lcsys.ch</a>> > Content-Type: text/plain; charset="us-ascii" > >> On Wed, 2012-06-13 at 14:05 +0200, Simon Reber wrote: >> > -libselinux-python >> > -selinux-policy >> > -libselinux-utils >> > -selinux-policy-targeted >> > ... >> >> Did you install selinux-policy-targeted and the other packages above >> that were originally excluded from your install? > Yes, both packages have been installed: > > tgl90a-8401 root:/etc/init $ rpm -qa | grep selinux-policy > selinux-policy-targeted-3.7.19-126.el6_2.10.noarch > selinux-policy-3.7.19-126.el6_2.10.noarch > > Like I said, I strictly followed the instruction on > <a href="http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Securi">http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Securi</a> > ty-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enab > ling_and_Disabling_SELinux.html > -> In section 5.4.1.1 the packages are stated and all of them > have been installed > > tgl90a-8401 root:/etc/init $ rpm -qa | grep sel > libselinux-2.0.94-5.2.el6.x86_64 > libselinux-ruby-2.0.94-5.2.el6.x86_64 > libselinux-python-2.0.94-5.2.el6.x86_64 > selinux-policy-targeted-3.7.19-126.el6_2.10.noarch > libselinux-utils-2.0.94-5.2.el6.x86_64 > selinux-policy-3.7.19-126.el6_2.10.noarch > > tgl90a-8401 root:/etc/init $ rpm -qa | grep set > setserial-2.17-25.el6.x86_64 > setools-libs-python-3.3.7-4.el6.x86_64 > setuptool-1.19.9-3.el6.x86_64 > setools-libs-3.3.7-4.el6.x86_64 > setroubleshoot-plugins-3.0.16-1.el6.noarch > setroubleshoot-3.0.38-2.1.el6.x86_64 > setroubleshoot-server-3.0.38-2.1.el6.x86_64 > > Thanks and all the best, > Simon Reber > > > > ------------------------------ > > Message: 5 > Date: Wed, 13 Jun 2012 13:16:34 +0000 > From: "Gabriel S. Craciun" <<a href="mailto:gcraciun@transfond.ro">gcraciun@transfond.ro</a>> > To: "Red Hat Enterprise Linux 6 (Santiago) discussion mailing-list" > <<a href="mailto:rhelv6-list@redhat.com">rhelv6-list@redhat.com</a>> > Subject: Re: [rhelv6-list] Unable to activate SELinux > Message-ID: > <<a href="mailto:18ACE6C30FF1454D93B4C039FB62EA7627DE79FD@SPO-MAIL.stfd.ro">18ACE6C30FF1454D93B4C039FB62EA7627DE79FD@SPO-MAIL.stfd.ro</a>> > Content-Type: text/plain; charset="us-ascii" > > Did you check /etc/sysconfig/selinux ???? > > -----Original Message----- > From: <a href="mailto:rhelv6-list-bounces@redhat.com">rhelv6-list-bounces@redhat.com</a> [mailto:<a href="mailto:rhelv6-list-bounces@redhat.com">rhelv6-list-bounces@redhat.com</a>] On Behalf Of Simon Reber > Sent: Wednesday, June 13, 2012 3:56 PM > To: Red Hat Enterprise Linux 6 (Santiago) discussion mailing-list > Subject: Re: [rhelv6-list] Unable to activate SELinux > >> On Wed, 2012-06-13 at 14:05 +0200, Simon Reber wrote: >> > -libselinux-python >> > -selinux-policy >> > -libselinux-utils >> > -selinux-policy-targeted >> > ... >> >> Did you install selinux-policy-targeted and the other packages above >> that were originally excluded from your install? > Yes, both packages have been installed: > > tgl90a-8401 root:/etc/init $ rpm -qa | grep selinux-policy selinux-policy-targeted-3.7.19-126.el6_2.10.noarch > selinux-policy-3.7.19-126.el6_2.10.noarch > > Like I said, I strictly followed the instruction on <a href="http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Securi">http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Securi</a> > ty-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enab > ling_and_Disabling_SELinux.html > -> In section 5.4.1.1 the packages are stated and all of them have been installed > > tgl90a-8401 root:/etc/init $ rpm -qa | grep sel > libselinux-2.0.94-5.2.el6.x86_64 > libselinux-ruby-2.0.94-5.2.el6.x86_64 > libselinux-python-2.0.94-5.2.el6.x86_64 > selinux-policy-targeted-3.7.19-126.el6_2.10.noarch > libselinux-utils-2.0.94-5.2.el6.x86_64 > selinux-policy-3.7.19-126.el6_2.10.noarch > > tgl90a-8401 root:/etc/init $ rpm -qa | grep set > setserial-2.17-25.el6.x86_64 > setools-libs-python-3.3.7-4.el6.x86_64 > setuptool-1.19.9-3.el6.x86_64 > setools-libs-3.3.7-4.el6.x86_64 > setroubleshoot-plugins-3.0.16-1.el6.noarch > setroubleshoot-3.0.38-2.1.el6.x86_64 > setroubleshoot-server-3.0.38-2.1.el6.x86_64 > > Thanks and all the best, > Simon Reber > > _______________________________________________ > rhelv6-list mailing list > <a href="mailto:rhelv6-list@redhat.com">rhelv6-list@redhat.com</a> > <a href="https://www.redhat.com/mailman/listinfo/rhelv6-list">https://www.redhat.com/mailman/listinfo/rhelv6-list</a> > -------------------------------- NOTICE OF CONFIDENTIALITY This E-mail message and its attachments (if any) are intended solely for the use of the addressees hereof. In addition, this message and the attachments (if any) may contain information that is confidential, privileged and exempt from disclosure under applicable law. If you are not the intended recipient of this message, you are prohibited from reading, disclosing, reproducing, distributing, disseminating or otherwise using this transmission. Delivery of this message to any person other than the intended recipient is not intended to waive any right or privilege. If you have received this message in error, please promptly notify the sender by reply E-mail and immediately delete this message from your system. > > > > ------------------------------ > > Message: 6 > Date: Wed, 13 Jun 2012 09:20:17 -0400 > From: Stephen Smalley <<a href="mailto:sds@tycho.nsa.gov">sds@tycho.nsa.gov</a>> > To: "Red Hat Enterprise Linux 6 (Santiago) discussion mailing-list" > <<a href="mailto:rhelv6-list@redhat.com">rhelv6-list@redhat.com</a>> > Subject: Re: [rhelv6-list] Unable to activate SELinux > Message-ID: <<a href="mailto:1339593617.13501.6.camel@moss-pluto.epoch.ncsc.mil">1339593617.13501.6.camel@moss-pluto.epoch.ncsc.mil</a>> > Content-Type: text/plain; charset="UTF-8" > > On Wed, 2012-06-13 at 14:56 +0200, Simon Reber wrote: >> Yes, both packages have been installed: >> >> tgl90a-8401 root:/etc/init $ rpm -qa | grep selinux-policy >> selinux-policy-targeted-3.7.19-126.el6_2.10.noarch >> selinux-policy-3.7.19-126.el6_2.10.noarch > > What happens if you try to manually load the policy now? > load_policy -i > > -- > Stephen Smalley > National Security Agency > > > > ------------------------------ > > Message: 7 > Date: Wed, 13 Jun 2012 15:29:07 +0200 > From: "Simon Reber" <<a href="mailto:S.Reber@lcsys.ch">S.Reber@lcsys.ch</a>> > To: "Red Hat Enterprise Linux 6 (Santiago) discussion mailing-list" > <<a href="mailto:rhelv6-list@redhat.com">rhelv6-list@redhat.com</a>> > Subject: Re: [rhelv6-list] Unable to activate SELinux > Message-ID: > <<a href="mailto:1209832B38DC214CB373A59426B91DFE010D6BAB@chbsex01.lcsys.ch">1209832B38DC214CB373A59426B91DFE010D6BAB@chbsex01.lcsys.ch</a>> > Content-Type: text/plain; charset="us-ascii" > >> Did you check /etc/sysconfig/selinux ???? > File is there and from my point of view correctly configured: > > tgl90a-8401 root:/etc/init $ ls -al /etc/sysconfig/selinux > lrwxrwxrwx 1 root root 17 Jun 13 12:58 /etc/sysconfig/selinux -> > ../selinux/config > tgl90a-8401 root:/etc/init $ cat /etc/sysconfig/selinux > # This file controls the state of SELinux on the system. > # SELINUX= can take one of these three values: > # enforcing - SELinux security policy is enforced. > # permissive - SELinux prints warnings instead of enforcing. > # disabled - No SELinux policy is loaded. > SELINUX=permissive > # SELINUXTYPE= can take one of these two values: > # targeted - Targeted processes are protected, > # mls - Multi Level Security protection. > SELINUXTYPE=targeted > > > Cheers, > Si > > > > ------------------------------ > > _______________________________________________ > rhelv6-list mailing list > <a href="mailto:rhelv6-list@redhat.com">rhelv6-list@redhat.com</a> > <a href="https://www.redhat.com/mailman/listinfo/rhelv6-list">https://www.redhat.com/mailman/listinfo/rhelv6-list</a> > > > End of rhelv6-list Digest, Vol 20, Issue 6 > ****************************************** -- MANOJ KUMAR SUBROTO PARK NEW DELHI Mob No 09911130165