search
Visit our websiteBlogRelease Notes

stethoscopeSELinux

Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies, including mandatory access controls (MAC).

circle-exclamation

Run all commands as root.

hashtag
How Datasentinel Works

Datasentinel’s NGINX reverse-proxy talks to its internal services on a fixed set of local TCP ports:

  • 8216 — InfluxDB (times-series metrics store)

  • 9342 — PostgreSQL (configuration & metadata)

  • 12324 — Backend API

  • 13300 — Dispatcher (agent-less collection)

  • 7125 — Grafana (built-in dashboards)

NGINX config file: /etc/nginx/conf.d/datasentinel.conf

hashtag
SELinux Status & Mode

hashtag
Check

What you need
OS command
Expected output

Current runtime mode

getenforce

Enforcing, Permissive, or Disabled (If the command is missing, SELinux user-space tools aren’t installed.)

Detailed status

sestatus

Shows the loaded policy, runtime mode, and the mode that will apply on next boot.

hashtag
Modes

  • Enforcing: SELinux actively blocks any action that violates the loaded security policy and logs the denial.

  • Permissive: SELinux allows actions that would normally be denied but still logs the violations for troubleshooting and policy tuning.

  • Disabled: SELinux is turned off entirely, so no security policy is loaded, and no access controls or audit logs are applied.

hashtag
Quick test workflow

  1. Run getenforce to confirm the current mode.

  2. If you need to troubleshoot, switch to permissive (logs only):

  3. Re-run getenforce; it should now read Permissive.

  4. When finished, return to enforcing:

  5. For a permanent change, edit /etc/selinux/config and reboot.

hashtag
Requirement

triangle-exclamation

SELinux Requirement For proper operation of all Datasentinel services, SELinux must be set to Permissive or Disabled on the host. Running in Enforcing mode can block critical internal traffic and file access, preventing components from starting or communicating.

Approach
What it does
Commands / Steps

1. Bypass SELinux

Turns SELinux off (or into permissive mode) so it never blocks Datasentinel.

Temporary: setenforce 0  → mode switches to Permissive until next reboot. • Permanent: Edit /etc/selinux/config and set SELINUX=permissive or SELINUX=disabled, then reboot.

PreviousInfluxDBNextOrganize Content Using Tags

Last updated