For SELinux on RHEL, you have to take explicit action to disable it. Now it is probably likely that admins who haven't added any SELinux skills to their skillset only learn how to turn it off and not set permissions correctly. However, that is almost as bad as running chmod 777 on everything (which I've seen plenty of people do). The minimum that anyone admining a RHEL-derived system should learn is the chcon (change security context) command, and running the tools to diagnose SELinux issues.
If you must, start off with setting SELinux to "Permissive" instead of disabling it completely. Then after a few days of running, go through your audit logs, fix any of the errors that come up, then set it back to Enforcing.
>If you must, start off with setting SELinux to "Permissive" instead of disabling it completely. Then after a few days of running, go through your audit logs, fix any of the errors that come up, then set it back to Enforcing.
This is the best bet for something that's in production already, but ideally, you want to have SELinux set to enforcing in testing environments and create the policies there in the first place.
If you must, start off with setting SELinux to "Permissive" instead of disabling it completely. Then after a few days of running, go through your audit logs, fix any of the errors that come up, then set it back to Enforcing.