For some bizarre reason that I'll never understand, the tools that you need to administer SELinux don't get installed by default, even though SELinux itself does. So, the first thing you'll need to do on your CentOS virtual machine is to install them.

On CentOS 7, run this command:

sudo yum install setools policycoreutils policycoreutils-python

On CentOS 8, run this command:

sudo dnf install setools policycoreutils policycoreutils-python-utils

Later on in this chapter, in the Troubleshooting with setroubleshoot section, we'll look at how to use setroubleshoot to help diagnose SELinux problems. In order to have some cool error messages to look at when we get there, go ahead and install setroubleshoot now, and activate it by restarting the auditd daemon. (There's no setroubleshoot daemon, because setroubleshoot is meant to be controlled by the auditd daemon.) Install setroubleshoot like so.

For CentOS 7, use the following command:

sudo yum install setroubleshoot
sudo service auditd restart

For CentOS 8, use the following command:

sudo dnf install setroubleshoot
sudo service auditd restart

One of the little systemd quirks that we have to deal with on Red Hat-type systems is that you can't stop or restart the auditd daemon with the normal systemctl command. However, the old-fashioned service command works. For some reason that I don't understand, the Red Hat folk configured the auditd service file to disable the normal systemd way of doing things.

You now have what you need to get started. Let's now look at what SELinux can do for a busy web server administrator.