๐ŸฉบSELinux

Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies, including mandatory access controls (MAC).

How Datasentinel Works

Datasentinelโ€™s NGINX reverse-proxy talks to its internal services on a fixed set of local TCP ports:

  • 8216 โ€” InfluxDBโ€‚(times-series metrics store)

  • 9342 โ€” PostgreSQLโ€‚(configuration & metadata)

  • 12324 โ€” Backend API

  • 13300 โ€” Dispatcherโ€‚(agent-less collection)

  • 7125 โ€” Grafanaโ€‚(built-in dashboards)

NGINX config file: /etc/nginx/conf.d/datasentinel.conf

SELinux Status & Mode

Check

What you need
OS command
Expected output

Current runtime mode

getenforce

Enforcing, Permissive, or Disabled (If the command is missing, SELinux user-space tools arenโ€™t installed.)

Detailed status

sestatus

Shows the loaded policy, runtime mode, and the mode that will apply on next boot.

Modes

  • Enforcing: SELinux actively blocks any action that violates the loaded security policy and logs the denial.

  • Permissive: SELinux allows actions that would normally be denied but still logs the violations for troubleshooting and policy tuning.

  • Disabled: SELinux is turned off entirely, so no security policy is loaded, and no access controls or audit logs are applied.

Quick test workflow

  1. Run getenforce to confirm the current mode.

  2. If you need to troubleshoot, switch to permissive (logs only):

    setenforce 0   # temporaryโ€”reverts at reboot
  3. Re-run getenforce; it should now read Permissive.

  4. When finished, return to enforcing:

    setenforce 1
  5. For a permanent change, edit /etc/selinux/config and reboot.

Requirement

Approach
What it does
Commands / Steps

1. Bypass SELinux

Turns SELinux off (or into permissive mode) so it never blocks Datasentinel.

โ€ข Temporary: setenforce 0 โ€ƒโ†’ mode switches to Permissive until next reboot. โ€ข Permanent: Edit /etc/selinux/config and set SELINUX=permissive or SELINUX=disabled, then reboot.

Last updated