Tag Archives: disable selinux

CentOS 6.8 – Disable Firewall and SELinux Security

Introduction

Please see the article “Build a Linux-based Infrastructure Solution Demonstration Series” (http://blogs.czapski.id.au/2016/10/build-a-linux-based-infrastructure-solution-demonstration-series) for rationale, introduction and links to articles in this series.

In this article I am disabling the Linux firewall and SELinux-based security in the CentOS 6.8 – this is a demo image, run only sporadically, for short periods of time and typically with no connection to any network, and is typically restored to a snapshot before each execution.

Pre-Requisites

This article assumes that

  1. The work is done in the Virtual Box Machine Image created in accordance with the instructions in the blog article to be found at http://blogs.czapski.id.au/2016/10/configure-virtual-box-virtual-machine-and-install-centos-6-8-base-image.
  2. The user “demo” has sudo access without a password. If this is not the case use the command “su -” and provide the password instead of saying “sudo -i” in the set of commands below

The instructions should work in other RedHat 6-like OS’ and OS versions.

Disable SELinux Security

Since it is a demo environment disable Firewall and SELinux.

Remember that all this can be done manually but my objective is to create configuration scripts which I can execute and have the demo image configured without having to tediously manipulate various UIs.

mkdir -p /media/sf_distros/scripts
cat <<-'EODECK' > /media/sf_distros/scripts/003_disable_firewall_and_selinux.sh

# disable firewall and selinux
sudo chkconfig iptables off
sudo chkconfig ip6tables off
sudo service iptables stop
sudo service ip6tables stop

# change SELINUX=enforcing to SELINUX=disabled
sudo cp /etc/selinux/config /etc/selinux/config_orig
sudo sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

EODECK
chmod ug+x /media/sf_distros/scripts/003_disable_firewall_and_selinux.sh

Execute the commands

/media/sf_distros/scripts/003_disable_firewall_and_selinux.sh

Append “disable firewall and SELinux” script execution commands to the initial bulk configuration script. This script is intended to collect all automated configuration commands and scripts so that they can be all executed in one go on a brand new image if one gets to do this the second and subsequent times.

Don’t actually execute this script while you are building the first image.

cat <<-'EODECK' >> /media/sf_distros/scripts/000_initial_bulk_configuration.sh
# disable firewall and selinux
/media/sf_distros/scripts/003_disable_firewall_and_selinux.sh

EODECK
chmod ug+x /media/sf_distros/scripts/000_initial_bulk_configuration.sh