How to Install SELinux on Ubuntu 22.04

Strengthening Linux security is a task that must always be considered, especially when you are in the presence of servers. One of the measures is to use SELinux in Ubuntu 22.04 that although it is not the definitive solution, it is a good start.

What is SELinux?

SELinux is a Linux security module that works because of access control lists. It defines how different users can and cannot read, write, update, remove, or otherwise change different resources, and how administrators manage those differences.

Nowadays, many modern distributions such as Ubuntu 22.04 include AppArmor which is like an alternative to SELinux. The catch is that Linux only allows one of them to be active. However, both are very efficient.

One aspect to keep in mind for SELinux is that it modifies many parts of the system. The simplest SELinux installations are somewhat time-consuming, as they affect the entire file system. It is even recommended to start it in permissive mode, make configurations and backups, and then deploy it to its full potential.

Don’t panic, SELinux makes the system more robust, but you will lose some flexibility.

Install SELinux on Ubuntu 22.04

Before you start, it is advisable not to use applications during the installation and try not to have any active users on the system. Then, update the system completely

sudo apt update
sudo apt upgrade

Then, you can start with the work.

Check if AppArmor is working

As I explained above, only one between AppArmor and SELinux can be active on the system. So, the first step is to check if AppArmor is running with sysmtectl

To achieve this, open a terminal and run

systemctl status apparmor

If it is running, you will see a screen output like this

● apparmor.service - Load AppArmor profiles
     Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor pres>
     Active: active (exited) since Sat 2022-10-08 08:18:10 EDT; 2h 33min ago
       Docs: man:apparmor(7)
             https://gitlab.com/apparmor/apparmor/wikis/home/
    Process: 679 ExecStart=/lib/apparmor/apparmor.systemd reload (code=exited, >
   Main PID: 679 (code=exited, status=0/SUCCESS)

Oct 08 08:18:10 imaginelinux systemd[1]: Starting Load AppArmor profiles...
Oct 08 08:18:10 imaginelinux apparmor.systemd[679]: Restarting AppArmor
Oct 08 08:18:10 imaginelinux apparmor.systemd[679]: Reloading AppArmor profiles
Oct 08 08:18:10 imaginelinux apparmor.systemd[707]: Skipping profile in /etc/apparmo>
Oct 08 08:18:10 imaginelinux systemd[1]: Finished Load AppArmor profiles.

So, you will have to stop it

sudo systemctl stop apparmor

And disable it so that it does not start with the system

sudo systemctl disable apparmor

You can even remove it, but I think it is not necessary.

Install and activate SELinux

Now you can start with the installation. To do so, just run this command.

sudo apt install policycoreutils selinux-basics selinux-utils

The installation should not take long since they are fairly lightweight tools. Once it’s finished, you can then activate it.

sudo selinux-activate

You will see an output screen like the following

SELinux is activated. You may need to reboot now.

Do not reboot the system yet.

First, we need to check what state SELinux is in. To do this run.

getenforce

You will get an output screen like this

Disabled

Remember that SELinux has a permissive and enforcing mode whereby activating the latter, you will lose the SSH connection, until you reconfigure it.

Another option is to check the SELinux config file

cat /etc/selinux/config

Now just set the level you want and reboot the system to apply the changes.

Disable SELinux on Ubuntu 22.04

The best way to disable it is to change its status to permissive

sudo vim /etc/selinux/config

From:

SELINUX=enforcing

To:

SELINUX=permissive

Save the changes and close the editor.

Conclusion

SELinux stands as a kind of policy that helps to improve server security. It is a good way to protect the system using tools within the system itself.

I hope this post helps you, and you can share it with your friends.

Share This:

Leave a Comment

Your email address will not be published. Required fields are marked *