SELinux

Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies, including mandatory access controls (MAC).

Run all commands as root.

How Datasentinel Works

Datasentinel’s NGINX reverse-proxy talks to its internal services on a fixed set of local TCP ports:

8216 — InfluxDB (times-series metrics store)
9342 — PostgreSQL (configuration & metadata)
12324 — Backend API
13300 — Dispatcher (agent-less collection)
7125 — Grafana (built-in dashboards)

NGINX config file: /etc/nginx/conf.d/datasentinel.conf

SELinux Status & Mode

Check

What you need

OS command

Expected output

Current runtime mode

getenforce

Enforcing, Permissive, or Disabled (If the command is missing, SELinux user-space tools aren’t installed.)

Detailed status

sestatus

Shows the loaded policy, runtime mode, and the mode that will apply on next boot.

Modes

Enforcing: SELinux actively blocks any action that violates the loaded security policy and logs the denial.
Permissive: SELinux allows actions that would normally be denied but still logs the violations for troubleshooting and policy tuning.
Disabled: SELinux is turned off entirely, so no security policy is loaded, and no access controls or audit logs are applied.

Quick test workflow

Run getenforce to confirm the current mode.
If you need to troubleshoot, switch to permissive (logs only):
```
setenforce 0   # temporary—reverts at reboot
```
Re-run getenforce; it should now read Permissive.
When finished, return to enforcing:
```
setenforce 1
```
For a permanent change, edit /etc/selinux/config and reboot.

Requirement

SELinux Requirement For proper operation of all Datasentinel services, SELinux must be set to Permissive or Disabled on the host. Running in Enforcing mode can block critical internal traffic and file access, preventing components from starting or communicating.

Approach

What it does

Commands / Steps

1. Bypass SELinux

Turns SELinux off (or into permissive mode) so it never blocks Datasentinel.

• Temporary: setenforce 0 → mode switches to Permissive until next reboot. • Permanent: Edit /etc/selinux/config and set SELINUX=permissive or SELINUX=disabled, then reboot.

PreviousInfluxDB NextHow to Contact Us

Last updated 4 days ago

How Datasentinel Works

Datasentinel’s NGINX reverse-proxy talks to its internal services on a fixed set of local TCP ports:

8216 — InfluxDB (times-series metrics store)

9342 — PostgreSQL (configuration & metadata)

12324 — Backend API

13300 — Dispatcher (agent-less collection)

7125 — Grafana (built-in dashboards)

NGINX config file: /etc/nginx/conf.d/datasentinel.conf

SELinux Status & Mode

Check

What you need

OS command

Expected output

Current runtime mode

getenforce

Enforcing, Permissive, or Disabled (If the command is missing, SELinux user-space tools aren’t installed.)

Detailed status

sestatus

Shows the loaded policy, runtime mode, and the mode that will apply on next boot.

Modes

Enforcing: SELinux actively blocks any action that violates the loaded security policy and logs the denial.

Permissive: SELinux allows actions that would normally be denied but still logs the violations for troubleshooting and policy tuning.

Disabled: SELinux is turned off entirely, so no security policy is loaded, and no access controls or audit logs are applied.

Quick test workflow

Run getenforce to confirm the current mode.

If you need to troubleshoot, switch to permissive (logs only):

setenforce 0   # temporary—reverts at reboot

Re-run getenforce; it should now read Permissive.

When finished, return to enforcing:

setenforce 1

For a permanent change, edit /etc/selinux/config and reboot.

Requirement

Approach

What it does

Commands / Steps

1. Bypass SELinux

Turns SELinux off (or into permissive mode) so it never blocks Datasentinel.

• Temporary: setenforce 0 → mode switches to Permissive until next reboot. • Permanent: Edit /etc/selinux/config and set SELINUX=permissive or SELINUX=disabled, then reboot.