How to install SELinux on Ubuntu Server 20.04

If you’ve already spent the time learning SELinux, but have to deploy Ubuntu as a server operating system, you can install SELinux and be on familiar ground. Jack Wallen shows you how.

password.jpg

Image: GettyImages/Yuichiro Chino

Data Center Must-Reads

Ubuntu Server has its own Mandatory Access Control system, called AppArmor, which is similar to SELinux, in that they both provide tools to isolate applications from one another, to protect the host system. But how each of these tools is used is quite different. In fact, just because you know one, doesn’t mean you’ll be able to immediately use the other. That’s why you might want to consider installing SELinux on Ubuntu Server. You might be migrating from a Red Hat-based distribution and have invested considerable time learning how to use that particular system.

Good thing you can install SELinux on Ubuntu. 

In fact, it’s actually quite simple, and I’m going to show you how it’s done. Once finished, you can start working with SELinux on Ubuntu Server in the same way you did when administering your Red Hat-based systems.

What you’ll need

To make this work, you’ll need a running instance of Ubuntu Server 20.04 and a user with sudo privileges. That’s it. Let’s get to work.

One warning: I highly recommend you first try this on a test system. And once you’re certain it will work for you, I would recommend you install SELinux on a fresh install of Ubuntu Server and then build from there.

How to remove AppArmor

The first thing to do is remove AppArmor. Log into your Ubuntu Server and stop the service with the command:

sudo systemctl stop apparmor

Now we can remove AppArmor with the command:

sudo apt-get remove apparmor -y

Once AppArmor has been removed, reboot your system with:

sudo reboot

How to install SELinux

Now we can install SELinux. Back at the terminal window, issue the command:

sudo apt-get install policycoreutils selinux-utils selinux-basics -y

When the installation completes, activate SELinux with the command:

sudo selinux-activate

Set SELinux to enforcing mode with:

sudo selinux-config-enforcing

Finally, reboot your system once again with:

sudo reboot

When the system comes back up, check to make sure SELinux is enabled with the command:

sestatus

You should see something like:

SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: default
Current mode: permissive
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: requested (insecure)
Max kernel policy version: 31

And that’s all there is to install SELinux on Ubuntu Server 20.04. If you’re already familiar with this security system, you can jump in and start securing your server.

Also see