littleairmada · March 1, 2022 00:02
diff --git a/al2_enable_selinux.txt b/al2_enable_selinux.txt
 # The Standard Caveat applies: Always test before you implement on a production system.
 # These steps assume you are connected to an AL2 EC2 instance as the ec2-user.
 # I use this to enable SELinux as the very first step when creating a base AMI. It has worked for me without issues for the past 3+ years.

 # 1. Install packages and autorelabel the filesystem
 sudo yum -y install policycoreutils selinux-policy-targeted policycoreutils-python
 sudo sed -i 's/SELINUX=disabled/SELINUX=permissive/g' /etc/selinux/config

 sudo systemctl enable rhel-autorelabel
 sudo systemctl enable rhel-autorelabel-mark
 sudo touch /.autorelabel

 sudo reboot

 # 2. Set SELinux to enforcing and reboot
 sudo sed -i 's/SELINUX=permissive/SELINUX=enforcing/g' /etc/selinux/config
 sudo reboot
	# The Standard Caveat applies: Always test before you implement on a production system.
	# These steps assume you are connected to an AL2 EC2 instance as the ec2-user.
	# I use this to enable SELinux as the very first step when creating a base AMI. It has worked for me without issues for the past 3+ years.

	# 1. Install packages and autorelabel the filesystem
	sudo yum -y install policycoreutils selinux-policy-targeted policycoreutils-python
	sudo sed -i 's/SELINUX=disabled/SELINUX=permissive/g' /etc/selinux/config

	sudo systemctl enable rhel-autorelabel
	sudo systemctl enable rhel-autorelabel-mark
	sudo touch /.autorelabel

	sudo reboot

	# 2. Set SELinux to enforcing and reboot
	sudo sed -i 's/SELINUX=permissive/SELINUX=enforcing/g' /etc/selinux/config
	sudo reboot