How to install SELinux on Ubuntu Server 20.04
If you’ve already spent the time learning SELinux, but have to deploy Ubuntu as a server operating system, you can install SELinux and be on familiar ground. Jack Wallen shows you how.
Ubuntu Server has its own Mandatory Access Control system, called AppArmor, which is similar to SELinux, in that they both provide tools to isolate applications from one another, to protect the host system. But how each of these tools is used is quite different. In fact, just because you know one, doesn’t mean you’ll be able to immediately use the other. That’s why you might want to consider installing SELinux on Ubuntu Server. You might be migrating from a Red Hat-based distribution and have invested considerable time learning how to use that particular system.
Good thing you can install SELinux on Ubuntu.
In fact, it’s actually quite simple, and I’m going to show you how it’s done. Once finished, you can start working with SELinux on Ubuntu Server in the same way you did when administering your Red Hat-based systems.
What you’ll need
To make this work, you’ll need a running instance of Ubuntu Server 20.04 and a user with sudo privileges. That’s it. Let’s get to work.
One warning: I highly recommend you first try this on a test system. And once you’re certain it will work for you, I would recommend you install SELinux on a fresh install of Ubuntu Server and then build from there.
How to remove AppArmor
The first thing to do is remove AppArmor. Log into your Ubuntu Server and stop the service with the command:
sudo systemctl stop apparmor
Now we can remove AppArmor with the command:
sudo apt-get remove apparmor -y
Once AppArmor has been removed, reboot your system with:
sudo reboot
How to install SELinux
Now we can install SELinux. Back at the terminal window, issue the command:
sudo apt-get install policycoreutils selinux-utils selinux-basics -y
When the installation completes, activate SELinux with the command:
sudo selinux-activate
Set SELinux to enforcing mode with:
sudo selinux-config-enforcing
Finally, reboot your system once again with:
sudo reboot
When the system comes back up, check to make sure SELinux is enabled with the command:
sestatus
You should see something like:
SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: default Current mode: permissive Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Memory protection checking: requested (insecure) Max kernel policy version: 31
And that’s all there is to install SELinux on Ubuntu Server 20.04. If you’re already familiar with this security system, you can jump in and start securing your server.