====== Ubuntu - SELinux - Understanding SELinux Configuration ======

The SELinux configuration file is **/etc/selinux/config file**.

The following are the possible values for the SELINUX variable in the **/etc/selinux/config** file:

  * enforcing – The Security Policy is always Enforced
  * permissive – This just simulates the enforcing policy by only printing warning messages and not really enforcing the SELinux.  This is good to first see how SELinux works and later figure out what policies should be enforced.
  * disabled – Completely disable SELinux
 
The following are the possible values for SELINUXTYPE variable in the /etc/selinux/config file.  This indicates the type of policies that can be used for the SELinux.

  * targeted – This policy will protected only specific targeted network daemons (such as DNS, Apache and others).
  * mls - Multi Level Security (MLS) allows further categorization of data privilege levels, such as “confidential, secret” etc and would be applied to files on the filesystem, restricting users to only those articles they are entitled to interact with.
  * strict – This is for maximum SELinux protection.


SELinux is also often configured in the Grub boot loader.  Search **/boot/grub/grub.conf** file using grep for the words **selinux** or **enforcing**:

<code bash>
egrep -i 'selinux=0|enforcing=0' /boot/grub/grub.conf
</code>

If you found lines with selinux=0 or enforcing=0, remove them and save the changes.

----

Reboot the server:

<code bash>
reboot
</code>