In this guide, we’ll be focusing on setting up SSH keys-based authentication for a CentOS 8 server. SSH keys offer a straightforward, steady technique of communicating with remote servers and are encouraged for all users.

Creating SSH Keys in Linux

To generate a new 2048-bit RSA key pair, open up the terminal and execute the below-given command:

ssh-keygen 

After pressing the enter, you will see the following output:

If you press Enter, by default, it will save the key pair in the .ssh subdirectory of your_home folder. You can also provide the alternate path of where you want to save the key pair but it is recommended to use the default directory to save the key pair:

If you have created a key pair before on your client machine then you will be prompted to overwrite it. It’s totally up to you to choose yes or no but be careful to choose the ‘y’ option. If you choose the ‘y’ option, you will not be able to use the previous key pair to log in to the server.

Now you will be asked to provide a passphrase to add an extra layer of security that prevents unauthorized users from accessing the server. Just press Enter if you do not want to provide any passphrase:

After providing the passphrase, you will see the following output:

Now you have successfully generated an SSH key pair, to verify this run the below-given command:

ls -l ~/.ssh/id_*.pub 

The command given above will output the path to the file which contains the SSH key pair. If it outputs an error like “No such file or directory found” then that means that the key pair was not successfully created and you will have to repeat the process again.

Adding the SSH Key to Remote System

Once you have created the key pair you need to add the SSH key to the CentOS server. The fastest way is to use the ssh-copy-id method. In some cases, you might not have the ssh-copy-id method available on your local machine. In this case, you can use an alternate method to add the SSH key to the CentOS Server.

Adding SSH Key via ssh-copy-id Command

Your local machine will most probably have the ssh-copy-id method by default. This method will only work in case you have password-based SSH access to the server:

ssh-copy-id username@server_host

For my server I will use:

ssh-copy-id Rahul@192.168.18.76 

The IP address is your system’s IP, type yes and press Enter, you will be prompted to enter the remote user’s password:

Once the user completes all steps, the public key will be copied to the server:

Adding the SSH Key Without ssh-copy-id

In case your local machine doesn’t have the ssh-copy-id method installed, which is highly unlikely, then you will have to run this command to add the ssh keys to the server.

For my local server I will use:

cat ~/.ssh/id_rsa.pub | ssh Rahul@192.168.18.76 "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys" 

How to Login to the Server using SSH keys

Now that you have successfully added the key to the server, you should be able to login into the server without the user’s password:

$ ssh username@server_ip_address

For my server I will use the following command:

ssh Rahul@192.168.18.76 

If you didn’t set the passphrase then you can log in without authentication. It is the fastest way to log in to the server otherwise you have to pass through the authentication stage.

Step 3 – How to Disable SSH Password Authentication

You can add an extra security layer by disabling the password authentication for SSH. Before the beginning process, ensure that you are able to access your server without the password as a root user or as a non-root user with sudo privileges.

To disable SSH password Authentication, the first log in to the server:

ssh Rahul@192.168.18.76 

Now we will open and modify the SSH configuration file located at /etc/ssh/sshd_config:

sudo nano /etc/ssh/sshd_config 

After opening the configuration file make the following changes:

PasswordAuthentication no

Uncomment the above-given lines if they are commented by removing the # sign and set their value to no.

After modification of the SSH file you need to save and close the file by pressing Ctrl + X and restart SSH service using the following command:

sudo systemctl restart sshd 

By doing all steps, password-based authentication is disabled successfully.

Conclusion

SSH is a secure network protocol that is used for communication between a remote server and a client; It is more secure than FTP for file transfers between a client and a server. In this article, we learned to generate SSH key pairs and set up SSH-based authentication for CentOS 8 based servers, we also learned to disable the SSH password authentication.

The post How To Set Up SSH Keys in Linux appeared first on TecAdmin.

With advancements in the technology world, hackers are becoming more sophisticated every day. Even your SSH connection is not secure if you are using the traditional or default installation settings. Therefore, it has become necessary to secure your SSH server from unwanted data breaches and malicious attacks by taking some crucial precautions.

In this article, we will introduce you to some important security practices which will help you in considerably increasing the level of SSH server security.

1. Use Strong Usernames and Passwords

If you are using an SSH exposed to the outside world then there are chances that you will face some login attempts from hackers. They use different advanced techniques to crack your SSH username and password. A strong password and username combination will help you in securing your server.

You can use a password generator to create a strong and random password. Also, do not use any common password sequence like asdf, 12345678, etc.

2. Avoid Using Port 22

Port 22 is a default port for SSH connections and every hacker trying to access your SSH server will first attack this port. Therefore changing the port will add an extra security layer to your SSH Connection and it will prevent automated attacks on the SSH server. Changing the port will also keep you off from hacking radars.

How to change the SSH port?

Follow the below steps to change the default 22 port:

1. Open your /etc/ssh/sshd_config file.
2. Add the following line to your file. Set any non standard port.

   Port 20125
   

3. Restart your SSHD service with the following command:

   sudo systemctl restart sshd 
   

Now the SSH server is listening on a new port.

3. Disable the Root Logins

Allowing direct login to root through SSH is one of the most common and dangerous security breaches. Hackers, with access to your root password, can damage your machine. Therefore it is recommended to disable root user login and use non-root user access instead for security purposes. You can use the ‘su-’ command to access the root privileges after disabling root logins.

How to disable the root user login?

Again you need to edit the sshd_config file or /etc/ssh/sshd_config file as all of your server settings are stored therein that file.

1. Login as a root and open the sshd_config file.
2. Look for #PermitRootLogin or PermitRootLogin yes in that file and change it to:

   PermitRootLogin no
   

3. Then add a user account that you’re gonna use to log in by writing ‘AllowUsers your_username’.
4. Save the changes.
5. Restart your SSHD without closing the current root session.

   sudo systemctl restart sshd 
   

6. Then open a new terminal and check whether you can log in as the new user you added or not.
7. After that, you can close the root session.
8. You can now login as the user you added to have all the root privileges or you can use the ‘su’ command.

4. Use SSH Keys Instead of Passwords

You will use a strong password to secure your server but in some cases, passwords can be cracked or brute-forced. Therefore using an SSH Key login will add an extra layer to your server security.

In SSH key login, you create two keys one public and one private. The private key is associated with your main machine and the public key is installed on the server that you want to access remotely. You can make a connection between the source and destination server with the SSH key pair without using passwords. Once the SSH key pair is configured, you can disable the password login.

Use another tutorial to configure Key-based SSH on Linux.

How does SSH key login work?

Once you initiate a connection request, the server will create an encrypted message by using the public key stored on it. This message will be transmitted to your primary device and the private key will unencrypt the message. Once the message is unencrypted, the primary device will send a confirmation message to the remote server to establish the connection.

5. Disable Empty Passwords

Linux allows users to create empty passwords and allowing empty password login to the server will expose your server to vulnerable cyber attacks. So make sure you disable empty passwords.

How to disable Empty Passwords?

1. Open the sshd_config file.
2. Find PermitEmptyPasswords and replace the ‘no’ value with ‘yes’.

PermitEmptyPasswords  no

3. Restart the sshd.

This will disable Empty Password login to your server.

Conclusion

Cyber attacks are increasing at an alarming rate and it is a strong security practice to add security layers to your IT environment no matter you are working on a virtual machine or building a server. Implementing the above practices will robust your working environment and it will help you in preventing potential cyberthreats.

The post How To Secure SSH Server appeared first on TecAdmin.

File management is a complicated process in Linux as it is a multi-user operating system. The administrators can change the attributes of a file using the “chattr” command so it cannot be accessed and changed by anyone except the superuser. This saves the important files from accidental deletion.

In this write-up, we will focus on how to modify the attributes of a file by using the “chattr” command. We will also learn about different flags that can be used along with the “chattr” command. But first, let’s discuss the syntax of the “chattr” command:

chattr [OPERATOR][Flags] FILE

Flags

Here is a list of the most common flags and attributes:

• 'a' With this attribute a file can only be opened in append mode.
• 'i' To make a file immutable
• 'S' Files with this attribute are synchronously updated on the disk
• 'u' To save contents of a file when it is deleted
• 't' To restrict tail merging
• 'j' The data of files with this attribute is updated to ext3 journal before the file itself

Operators

• '+' This operator is used to add additional attributes.
• '-' This operator is used to remove attributes of a file.
• '=' This operator is used to make the specified attributes, the only attributes of the file.

How to use ‘i’ attribute to make a file immutable

The “chattr” command is often used to make files immutable. Immutable means that the file cannot be moved, renamed, or deleted.

Here we will give the ‘i’ flag to a file named “test-file.txt” as an example:

sudo chattr +i test-file.txt 

You can use the “lsattr” to check the file’s attributes.

As you can see in the screenshot above the ‘i’ attribute has been set and the file has become immutable.

The ‘i’ attribute can also be used to make directories immutable.

How to remove the ‘i’ attribute from the file

Once the ‘i’ attribute has been set the file can only be changed or deleted once the attribute is removed by the root user. Use the ‘-’ operator with the option to remove the attribute:

sudo chattr -i test-file.txt 

How to use the ‘a’ attribute to open file in append mode

We can use the ‘a’ attribute to open the file in the append mode. In append mode, users can only append Data on a file without changing the data that is already present in the file.

sudo chattr +a test-file.txt 

Now, as you can see in the screenshot below when I try to add more data into the text file by using the echo command the terminal gives me an error:

But we can append data into the file by using “>>” instead of “>” operator:

How to add ‘j’ attribute to update data of the file to ext3 journal

By using the ‘j’ attribute, the data of the files attribute will be updated to the ext3 journal before the file itself:

sudo chattr +j test-file.txt 

Conclusion

The “chattr” command is a very useful tool for administrators. It enables them to modify file permissions which helps in the protection of important files and prevents them from being altered.

In this write-up, we discussed what the ‘chattr’ command is and how to use it. Moreover, we also discussed some important flags that are used along with the ‘chattr’ command.

The post Chattr Command in Linux with Examples appeared first on TecAdmin.

We never recommend disabling SELinux on your system, especially on production servers. For developer systems, you can disable it only if hampering your work due to its policies.

SELinux Modes:

SELinux has three modes to run as described below. The default SELinux runs in Enforcing mode on a Fedora Linux system.

• Enforcing – SELinux security policy is enforced.
• Permissive – SELinux allows access but prints warnings on rules violations.
• Disabled – No SELinux policy is loaded.

In this article, we will discuss how to change SELinux mode to permissive or disable it completely on a Fedora Linux system.

Check SELinux Status

You can use getenforce command to view the status of SELinux. Another command sestatus gives you more details about SELinux status.

Open a terminal on your Fedora systems and type:

sestatus 

You will see the ouptut as:

SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      33

The above status shows that SELinux is enabled and enforced.

Set SELinux in Permissive Mode (Temporary)

The permissive mode means the SELinux policy is not enforced. SELinux does not deny any operations even if they do policy violations. It only creates logs, which is helpful for debugging.

You can set the SELinux in permissive mode temporarily by using one of the below commands.

sudo setenforce 0 

sudo setenforce Permissive 

Once the system is rebooted, the temporary mode will be disabled and SELinux will again in enforcing. Use the next method to apply changes permanently.

Set SELinux in Permissive Mode (Permanent)

You can also Configure SELinux Permissive Mode Permanently by editing the configuration file. Edit the configuration in in your favorite text edit:

sudo nano /etc/selinux/config 

Set the SELINUX value to permissive.

SELINUX=permissive

File changes will reflect after the system reboot.

Permanently Disable SELinux on Fedora

Update the SELinux configuration file and set SELINUX=disabled to permanently disable the SELinux on your system. This will completely disable all the SELinux contexts.

sudo nano /etc/selinux/config 

Set SELINUX value to disabled:

SELINUX=disabled

Reboot your instance after making changes.

Note – You can again activate the SELinux by setting SELINUX=enforcing in configuration file.

Concusion

In this tutorial, you have learned about configuring SELinux in permissive mode or disabling it completely on a Fedora Linux system. This tutorial can be followed on other Redhat-based distributions like CentOS, RHEL, etc.

The post How to Disable SELinux on Fedora appeared first on TecAdmin.

It also provides you option to create SSH tunnel to provide access to resource within the trusted internal network. With the help of SSH tunnel you can access resources available on other ports, which is not directly accessible from your system. Once you forwarded your localhost port to the port listening on remote network, you can directly access the the remote service by accessing configured port with localhost.

The Tunnel provides you port forwarding from both sides. The first option shows you option to forward your local port to remote network to access there resources. You can also reverse the process and access resources of your local system from remote machine.

Local Port Forwarding with PuTTY

You can configure local SSH tunneling using the following steps:

1. Start the PuTTY application on your desktop. In the Session windows, enter the hostname or IP address and port number of the destination SSH server. Make sure the connection type is set to SSH.

   

   Add hostname of the SSH server you want to access remotely.

2. In the left sidebar under the Category options. Navigate to the Connection >> SSH >> Tunnels.

   

3. Select Local to define the type of SSH port forward.
4. In the Source port field, enter the port number to use on your local system. (For example Source port: 5050)
5. Next, In the Destination field, enter the destination address followed by the port number. (For example Destination: 127.0.0.1:5432).
6. Verify the details you added and press Add button. You can add multiple entries here.
7. All done. Connect the SSH session to make the tunnel. The tunnel will work until the SSH session is active

Remote Port Forwarding with PuTTY

The Remote forwarding allows a remote system to access resources from your local machine. Remote forwarding represents an inversion of the local forwarding process as described above.

1. Start the PuTTY application on your desktop. In the Session windows, enter the hostname or IP address and port number of the destination SSH server. Make sure the connection type is set to SSH.

   Add hostname of the SSH server you want to access remotely.

   

2. In the left sidebar under the Category options. Navigate to the Connection >> SSH >> Tunnels.

   

3. Select Remote to define the type of SSH port forward.
4. In the Source port field, enter the port number to use on your local system. (For example Source port: 8080)
5. Next, In the Destination field, enter the destination address followed by the port number. (For example Destination: 192.168.0.101:65001).
6. Verify the details you added and press Add button. You can add multiple entries here.
7. All done. Connect the SSH session to make the tunnel. The tunnel will work until the SSH session is active

Conclusion

This tutorial helped you to setup local and remote SSH tunnel via the Putty application on Windows server. Which allows to your access services running on remote system or network via SSH network, where you don’t have directly access via port.

The post How to Set Up SSH Tunnel with PuTTY appeared first on TecAdmin.

This tutorial will help you to secure Gitlab service with Let’s Encrypt SSL certificate with enabling the auto renew feature. If you are going with a fresh installation have a look at below guides.

• Install and Configure Gitlab on Ubuntu 20.04
• Install and Configure Gitlab on CentOS 8

Prerequisites

Login to your Gitlab system with a sudo privileged account.

Also make sure to create an A Record points your domain/subdomain to the public IP address of your Gitab server. It is recommended to complete the let’s encrypt validation for issuing a new certification. For example, You need to configure your Gitlab server to access with https://gitlab.tecadmin.net. So make A record in DNS for gitlab.tecadmin.net pointing to server ip address.

Configure Let’s Encrypt SSL with Gitlab

Gitlab keeps the configuration files under /etc/gitlab directory. You can edit the main configuration file /etc/gitlab/gitlab.rb in a text editor of your choice.

sudo vim /etc/gitlab/gitlab.rb 

Make the following changes:

• First change the external_url setting with domain start with https.

  external_url "https://gitlab.tecadmin.net"

• Add or update the following entries to the configuration file. Set letsencrypt[‘enable’] to true, this will request a SSL certificate and configure to the Gitlab instance. You can also provide an optional contact email used by lets encrypt authority to send alerts for the ssl certificates.

  # Enable the Let's encrypt SSL
  letsencrypt['enable'] = true
  
  # This is optional to get SSL related alerts
  letsencrypt['contact_emails'] = ['email@your-domain.com']

• Also configure Gitlab to renew SSL certificate automatically on a regular interval.

  # Enable the auto renew feature
  letsencrypt['auto_renew'] = true
  
  # This example renews every 7th day at 12:30
  letsencrypt['auto_renew_hour'] = "12"
  letsencrypt['auto_renew_minute'] = "30"
  letsencrypt['auto_renew_day_of_month'] = "*/7"

Save the configuration file and exit from editor.

Next, run the reconfigure command to apply changes to Gitlab server.

sudo gitlab-ctl reconfigure 

This will take some time to complete the installation. At the end, you will see a message “gitlab Reconfigured!” on your screen.

Verify SSL

Access the Gitlab web interface in a web browser. This will automatically redirects you to secure URL.

That’s it. You have successfully configured let’s encrypt SSL on Gitlab.

Conclusion

In this tutorial, you have learned to configure Let’s Encrypt SSL certificate on Gitlab instance. Also enable to auto renew certificate on a regular interval.

The post How to Secure GitLab Server with Let’s Encrypt SSL appeared first on TecAdmin.

Secure Apache from Cross-Site Scripting

You can set the X-XSS-Protection settings on your Apache web server to prevent cross-site scripting attacks.

To enable the X-XSS-Protection edit Apache configuration file (For eg: /etc/httpd/conf/httpd.conf or /etc/apache2/conf-enabled/security.conf) and add the below configuration.

Header always set X-XSS-Protection "1;  mode=block"

Save file and close it.

The above settings enables the XSS Filter. If the cross-site scripting attack is detected, the browser will sanitize the page and also prevent rendering of the page.

Next, Restart Apache service to apply changes

Text XSS Protection Settings

Open your website in a web browser. Press F11 to open browsers inspect element window. Then view the header values for the request, You will find the header value as shown in below image.

Conclusion

In this tutorial, you have learned basics about Cross-Site scripting attacks. Also, helped you to secure Apache server from XSS attacks.

The post X-XSS-Protection – Secure Apache from Cross-Site Scripting appeared first on TecAdmin.

In this tutorial, all the commands are written for MySQL port 3306. You can use the same command for any other ports as per your requirements.

Allow Port for All Traffic

Use the following commands to allow incoming traffic on port 3306 to all traffic coming from public network.

firewall-cmd --zone=public --add-port=3306/tcp

To add rule for permanent use --permanent option with command.

firewall-cmd --permanent --zone=public --add-port=3306/tcp

Allow Port for Specific IP

You can also restrict access on any port based on source address. To open port access based on source address needed to add firewall rich rule.

Run the below command to allow access for port 4567 to 192.168.0.0/24 network.

firewall-cmd --permanent --zone=public --add-rich-rule='
  rule family="ipv4"
  source address="192.168.0.0/24"
  port protocol="tcp" port="3306" accept'

Reload the firewall rules to apply changes.

firewall-cmd --reload

Verify Rules

After adding the rules in firewalld, You can verify the by the running following command.

firewall-cmd --list-all

Output:

public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources:
  services: cockpit dhcpv6-client ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
        rule family="ipv4" source address="192.168.0.0/24" port port="3306" protocol="tcp" accept

The last line of output shows the rich rules added the firewalld.

Remove Rules from Firewalld

If you don’t need to keep the ports open, you can remove/deny the above ports from the firewalld using the –remove-port option:

firewall-cmd --permanent --zone=public --remove-port=3306/tcp

Next, run the following command to apply the changes:

firewall-cmd --reload

Conclusion

In this tutorial, you have learned to open port access to all traffic or specific IP address/network using firewalld on Linux operating systems.

The post How to Open Specific Port in FirewallD appeared first on TecAdmin.

Step 1 – Install Fail2ban on CentOS 8

First of all, install epel-release package to configure EPEL yum repository on your CentOS 8 system. After that, install the Fail2ban rpm package using the following commands.

sudo dnf install epel-release
sudo dnf install fail2ban

Step 2 – Configure Fail2ban

Fail2ban keeps configuration files under /etc/fail2ban directory. but we need to create a copy of this file as jail.local.

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo vi /etc/fail2ban/jail.local 

Now we need to make necessary changes in jail.local file to create ban rules. Edit this file in your favorite editor and make changes in [DEFAULT] section.

[DEFAULT]

# "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban
# will not ban a host which matches an address in this list. Several addresses
# can be defined using space (and/or comma) separator.
ignoreip = 127.0.0.1/8 192.168.1.0/24

# "bantime" is the number of seconds that a host is banned.
bantime = 60m

# A host is banned if it has generated "maxretry" during the last "findtime" seconds. as per below
# settings, 2 minutes
findtime = 5m

# "maxretry" is the number of failures before a host get banned.
maxretry = 5

Step 3 – Protect SSH/SFTP

After completing default configuration, go down in the same file jail.local and update [ssh-iptables] section as below.

[ssh-iptables]

enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=22, protocol=tcp]
           sendmail-whois[name=SSH, dest=root, sender=fail2ban@example.com, sendername="Fail2Ban"]
logpath  = /var/log/secure
maxretry = 3

Step 4 – Protect FTP

Let’s protect your FTP (vsFTPd) server, Find the below entry of [vsftpd-iptables] section and make changes as below. If you are not using vsFTPd, you can skip this section.

[vsftpd-iptables]

enabled  = true
filter   = vsftpd
action   = iptables[name=VSFTPD, port=21, protocol=tcp]
           sendmail-whois[name=VSFTPD, dest=you@example.com]
logpath  = /var/log/vsftpd.log
maxretry = 5
bantime  = 1800

Step 5 – Restart Service and Test

After making all the changes save your file and restart Fail2ban service using the following command.

sudo systemctl start fail2ban.service
sudo systemctl enable fail2ban.service

For testing purposes, I have tried SSH with the wrong credentials from a different machine. After three wrong attempts, Fail2ban blocked that IP via iptables with reject ICMP. You can see the rules in iptables after blocking the IP address as below. For SSH only systems, make sure to have SSH access from another IP before making these tests.

The post How to Install and Configure Fail2ban on CentOS 8 appeared first on TecAdmin.

SELinux Modes:

SELinux has three modes to run. By default, SELinux runs in Enforcing mode on CentOS 7

• Enforcing – SELinux security policy is enforced.
• Permissive – SELinux allows access but prints warnings on rules voilation.
• Disabled – No SELinux policy is loaded.

Check SELinux Status

You can use getenforce command to view the status of SELinux. Another command sestatus gives you more details about SELinux status.

Press CTRL+ALT+T to launch a terminal and type:

sestatus 

Output:
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31

The above status shows that SELinux is enabled and enforcing.

How to disable SELinux on CentOS 7

You can disable SELinux permanently by edition the /etc/selinux/config file in CentOS 7 and RHEL 7 systems. Edit the SELinux configuration file and set SELINUX=disabled to permanently disable the SELinux on a CentOS 7 system. This will completely disable all the SELinux context.

sudo nano /etc/selinux/config 

Set SELINUX value to disabled:

SELINUX=disabled

Reboot your instance to apply changes.

You can again activate the SELinux by setting SELINUX=enforcing in configuration file. Instead of disabling SELinux, you can set it to permissive mode.

Set SELinux in Permissive Mode (Temporary)

The permissive mode means the SELinux policy is not enforced. SELinux does not deny any operations even they do policy violations. It only creates logs, which is helpful for debugging.

You can set the SELinux in permissive mode temporarily by using one of the below commands.

sudo setenforce 0 

sudo setenforce Permissive 

Once the system rebooted, the temporary mode will be disabled and SELinux will again in enforcing. Use the next method to apply changes permanently.

Set SELinux in Permissive Mode (Permanent)

You can also Configure SELinux Permissive Mode Permanently by editing the configuration file. Edit the configuration in in your favorite text edit:

sudo nano /etc/selinux/config 

Set the SELINUX value to permissive.

SELINUX=permissive

Save your file and close. Then reboot your system to apply changes.

Concusion

In this tutorial, you have learned how to disable SELinux on CentOS 7. Additionally discussed disabling SELinux permanently or set this to permissive mode on CentOS 7 or RHEL 7 Linux systems.

You can read more about SELinux on its official site: What is SELinux?

The post How To disable SELinux on CentOS 7 appeared first on TecAdmin.