Process to run the FAS service when both Selinux and Firewall are enabled

1. Enabling SELinux

Security-Enhanced Linux (SELinux) is a security module in Linux that provides a mechanism for enforcing mandatory access control (MAC) policies. Enabling SELinux ensures your system has a more robust security posture.

Check the Current SELinux Status
To see if SELinux is currently enabled and its mode (Enforcing, Permissive, or Disabled), run:

getenforce

This command returns one of the following:

• Enforcing: SELinux is active and enforcing its policies.

• Permissive: SELinux is active but not enforcing (only logs violations).

• Disabled: SELinux is not active.

Enable SELinux

To enable SELinux and set it to "Enforcing" mode:

i) Open the SELinux configuration file in a text editor:
vi /etc/selinux/config
ii) Locate the line that starts with SELINUX= and change its value to:
SELINUX=enforcing
iii) Save and close the file.

Note: This change takes effect after a system reboot. You must reboot the system for SELinux to fully switch to enforcing mode.

2. Enabling Firewalld

Firewalld is a firewall management tool that provides a dynamically managed firewall with support for network/firewall zones. 

Check the Firewalld Status

To verify if Firewalld is currently running:

systemctl status firewalld

This command shows whether the service is active and if it's enabled to start on boot.

Start Firewalld

If Firewalld is not running, you can start it with:

systemctl start firewalld

Enable Firewalld at Boot

To ensure Firewalld starts automatically when the system boots:

systemctl enable firewalld

3. Starting and Stopping the FAS Service

Once both SELinux and Firewalld are properly configured and running, you can proceed with starting the FAS Service.

This service is managed by a script, typically located at /usr/lib/fas/service.sh.

Start the FAS Service:

/usr/lib/fas/service.sh start

Stop the FAS Service:

/usr/lib/fas/service.sh stop