How to disable SELinux temporarily or permanently in Centos 6/7 and RHEL 6/7

SELinux is described as a mandatory access control (MAC) security structure executed in the kernel. SELinux offers a means of enforcing some security policies which would otherwise not be effectively implemented by a System Administrator.

The SELinux feature or service is enabled by default, due to this some applications on your system may not actually support this security mechanism. Therefore, to make such applications function normally, you have to disable or turn off SELinux.

# sestatus

Disable SELinux Temporarily

To disable SELinux temporarily, issue the command below as root:

# echo 0 > /selinux/enforce

Alternatively, you can use the setenforce tool:

# setenforce 0

Else, use the Permissive option instead of 0:

# setenforce Permissive

Disable SELinux Permanently

To permanently disable SELinux, use your favorite text editor to open the file /etc/sysconfig/selinux

# nano /etc/sysconfig/selinux

Then change the directive SELinux=enforcing to SELinux=disabled

SELINUX=disabled

Then, save and exit the file, for the changes to take effect, you need to reboot your system and then check the status of SELinux using sestatus:

# sestatus

Enable HTTPS 443 on Apache 2

Capture

Generate you SSL cert

mkdir crt
mkdir key
openssl req -new -x509 -days 365 -keyout key/TomSchaefer.key -out crt/TomSchaefer.crt -nodes -subj  ‘/O=TomSchaefer.org/OU=TomSchaefer.org/CN=www.TomSchaefer.org’

This operation will create two files, crt/TomSchaefer.crt and key/TomSchaefer.key, that you will use in your VirtualHost definition to enable SSL encryption using that key.

 

Change your virtualhost config

Open your VirtualHost config file. You should have something along the lines of:

<VirtualHost *>
ServerAdmin webmaster@yourdomain.com
DocumentRoot /var/www/vhost1
ServerName vhost1.yourdomain.com
DirectoryIndex index.php
ErrorLog /var/log/apache2/vhost1-error.log
CustomLog /var/log/apache2/vhost1-access.log combined
<Location />
Options Indexes FollowSymLinks
AllowOverride All
</Location>

</VirtualHost>

Together with the new config, this should look like that:

<VirtualHost *:80>
ServerAdmin webmaster@yourdomain.com
DocumentRoot /var/www/vhost1
ServerName vhost1.yourdomain.com
DirectoryIndex index.php
ErrorLog /var/log/apache2/vhost1-error.log
<Location />
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R]
</Location>
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster@yourdomain.com
DocumentRoot /var/www/vhost1
ServerName vhost1.yourdomain.com
DirectoryIndex index.php
ErrorLog /var/log/apache2/vhost1-error.log
CustomLog /var/log/apache2/vhost1-access.log combined
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/crt/TomSchaefer.crt
SSLCertificateKeyFile /etc/apache2/ssl/key/TomSchaefer.key
<Location />
SSLRequireSSL On
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars +StrictRequire
</Location>

</VirtualHost>

 

sudo a2enmod rewrite

sudo a2enmod ssl

sudo /etc/init.d/apache2 restart

 

You may also have to configure apache to listen on 443 by changing your config

listen 443

Debian will have this set by default! Enjoy!