1. Enabling SELinux
Security-Enhanced Linux (SELinux) is a security module in Linux that provides a mechanism for enforcing mandatory access control (MAC) policies. Enabling SELinux ensures your system has a more robust security posture.
Check the Current SELinux Status
To see if SELinux is currently enabled and its mode (Enforcing, Permissive, or Disabled), run:
getenforce
This command returns one of the following:
-
Enforcing: SELinux is active and enforcing its policies. -
Permissive: SELinux is active but not enforcing (only logs violations). -
Disabled: SELinux is not active.
Enable SELinux
To enable SELinux and set it to "Enforcing" mode:
i) Open the SELinux configuration file in a text editor:
vi /etc/selinux/config
ii) Locate the line that starts with SELINUX= and change its value to:
SELINUX=enforcing
iii) Save and close the file.
Note: This change takes effect after a system reboot. You must reboot the system for SELinux to fully switch to enforcing mode.
2. Enabling Firewalld
Firewalld is a firewall management tool that provides a dynamically managed firewall with support for network/firewall zones.
Check the Firewalld Status
To verify if Firewalld is currently running:
systemctl status firewalld
This command shows whether the service is active and if it's enabled to start on boot.
Start Firewalld
If Firewalld is not running, you can start it with:
Enable Firewalld at Boot
To ensure Firewalld starts automatically when the system boots:
3. Starting and Stopping the FAS Service
Once both SELinux and Firewalld are properly configured and running, you can proceed with starting the FAS Service.
This service is managed by a script, typically located at /usr/lib/fas/service.sh.
Start the FAS Service:
/usr/lib/fas/service.sh start
Stop the FAS Service:
Comments
0 comments
Please sign in to leave a comment.