Security News > 2021 > March > Why it's time to stop setting SELinux to Permissive or Disabled
The time for Disabled or Permissive SELinux settings is over.
The only difference between Disabled and Permissive is that Permissive keeps SELinux running and logs Access Vector Cache actions.
It's perfectly fine to set SELinux to Permissive mode while testing, but once you've figured out the problem, it's time to set the security system to enforcing.
Setting SELinux to Disable or Permissive is easy, but we're talking about the security of your server or LAN. That's not the place to take the easy route.
With SELinux in place, if you deploy a web server that allows an attacker to gain access, SELinux will prevent that attacker from accessing any file the web server isn't supposed to see.
For the longest time, I set SELinux to Permissive or even disabled it altogether.