Security-Enhanced Linux (SELinux) is a Linux kernel feature that provides a mechanism for supporting access control security policies which provides great protection. It can stop many attacks before your system rooted.

SELinux enforces the idea that programs should be limited in what files they can access and what actions they can take.

SELinux is a kernel security extension, which can be used to guard against misconfigured or compromised programs. It comes with Mandatory Access Control (MAC) system that improves the traditional UNIX/Linux DAC (Discretionary Access Control) model.

SELinux can be any one of the following state:

• enforcing – SELinux security policy is enforced.
• permissive – SELinux prints warnings instead of enforcing.
• disabled – SELinux is fully disabled.

Allow access to an HTTP network port

Change the SELinux mode

Check if SELinux is running

Check that SELinux is not denying actions

Check that SELinux is Properly Enabled

Check SELinux Status

Configuring SELinux to log warnings instead of block

Confine users

Display SELinux Lables

Do Boolean Lockdown

Find Unprotected Services

Get List Of Allowed Network Ports

Install SELinux

Run SELinux in enforcing mode

Run SELinux in permissive mode

Temporarily Switch Off SELinux Enforcement

Temporarily Switch On SELinux Enforcement

Troubleshooting SELinux Policy Errors

Turn off SELinux

Understanding SELinux Configuration