Hi,

I'm new to unix administration. Please don't blame me asking anything stupid.

I'm trying to enable selinux on CentOS7 server.

I've tried to edit /etc/selinux/config

SELINUX=permissive
SELINUXTYPE=targeted

I've tried enforcing too. Nothing works. When I type getenforce I get
Disabled

I've looked into similar topics but I can't move forward. Some topics suggest to check grub file. But I don't have it. Everytime I try to fix something I need another fix which requires another fix, etc.

I'll appreciate any help.

I don't think Linode builds SELINUX into their kernels - with a default install, no matter what distro, you're actually running on top of a Ubuntu kernel.

Not sure if the solution is as simple as using pv-grub to install your own CentOS kernel.

_________________
Either provide enough details for people to help, or sit back and listen to the crickets chirp.
Security thru obscurity is a myth - and really really annoying.

Honestly it's not simple for me.

My goal is to install a mail server and I use this instruction:

https://z0z0.me/2014/10/26/install-postfix-dovecot-auth-tls-mysql-postfixadmin-spamassassin-and-clamav-on-centos7/

I followed the instruction (didn't use nginx and used apache). I reached the line where I need to do
systemctl restart firewalld

The problem is that when I start firewalld my website becomes unavailable. I thought it can be related with SElinux.

What I'm doing wrong? Maybe I can find some logs?

The firewall-cmd --zone=public --list-all output is:

interfaces:
sources:
services: dhcpv6-client http ssh
ports: 80/tcp
masquerade: no
forward-ports:
icmp-blocks:
rich rules:

And I run firewall-cmd --reload but that doesn't help

Firewall and SELinux are two different things.

Very simply put - Firewall controls traffic access, SELinux controls Application access

The link you posted gives me "502 Bad Gateway - nginx"

_________________
Either provide enough details for people to help, or sit back and listen to the crickets chirp.
Security thru obscurity is a myth - and really really annoying.

Thanks for clarification. Now it's clear the Firewall is the issue.

The website just went down. Hopefully it will get back soon.

Anyway I opened port 80 but it keeps blocking my requests. Don't know what else I can try.

The problem is fixed. Not sure how I've fixed it. I was playing around, disabled and re-enabled port 80, couple of restarts. Not sure what solved the issue but it works now. Thanks

Could you explain, what problem was fixed: do you turn on selinux or fix firewall problem?

It seams that you don't have interface assigned to the zone. Therefore it won't apply the rule.

You can add the interface by using:

#firewall-cmd --zone=public --add-interface=eth0 --permanent

the run the reload command.

_________________
https://z0z0.me