diff --git a/manifests/config.pp b/manifests/config.pp
index 8e7539d9..cc46f72e 100644
--- a/manifests/config.pp
+++ b/manifests/config.pp
@@ -25,44 +25,48 @@
     fail("Use of private class ${name} by ${caller_module_name}")
   }
 
-  # Validations
-  validate_re($mode, ['^enforcing$', '^permissive$', '^disabled$'], "Valid modes are enforcing, permissive, and disabled.  Received: ${mode}")
-  validate_re($type, ['^targeted$', '^minimum$', '^mls$'], "Valid types are targeted, minimum, and mls.  Received: ${type}")
-
   file { $selinux::params::sx_mod_dir:
     ensure => directory,
   }
 
-  file_line { "set-selinux-config-to-${mode}":
-    path  => '/etc/selinux/config',
-    line  => "SELINUX=${mode}",
-    match => '^SELINUX=\w+',
-  }
+  if $mode {
+    validate_re($mode, ['^enforcing$', '^permissive$', '^disabled$'], "Valid modes are enforcing, permissive, and disabled.  Received: ${mode}")
 
-  file_line { "set-selinux-config-type-to-${type}":
-    path  => '/etc/selinux/config',
-    line  => "SELINUXTYPE=${type}",
-    match => '^SELINUXTYPE=\w+',
-  }
+    file_line { "set-selinux-config-to-${mode}":
+      path  => '/etc/selinux/config',
+      line  => "SELINUX=${mode}",
+      match => '^SELINUX=\w+',
+    }
 
-  case $mode {
-    permissive, disabled: {
-      $sestatus = '0'
-      if $mode == 'disabled' and defined('$::selinux_current_mode') and $::selinux_current_mode == 'permissive' {
-        notice('A reboot is required to fully disable SELinux. SELinux will operate in Permissive mode until a reboot')
+    case $mode {
+      permissive, disabled: {
+        $sestatus = '0'
+        if $mode == 'disabled' and defined('$::selinux_current_mode') and $::selinux_current_mode == 'permissive' {
+          notice('A reboot is required to fully disable SELinux. SELinux will operate in Permissive mode until a reboot')
+        }
+      }
+      enforcing: {
+        $sestatus = '1'
+      }
+      default : {
+        fail('You must specify a mode (enforced, permissive, or disabled) for selinux operation')
       }
     }
-    enforcing: {
-      $sestatus = '1'
-    }
-    default : {
-      fail('You must specify a mode (enforced, permissive, or disabled) for selinux operation')
+
+    exec { "change-selinux-status-to-${mode}":
+      command => "setenforce ${sestatus}",
+      unless  => "getenforce | grep -qi \"${mode}\\|disabled\"",
+      path    => '/bin:/usr/bin:/usr/sbin',
     }
   }
 
-  exec { "change-selinux-status-to-${mode}":
-    command => "setenforce ${sestatus}",
-    unless  => "getenforce | grep -qi \"${mode}\\|disabled\"",
-    path    => '/bin:/usr/bin:/usr/sbin',
+  if $type {
+    validate_re($type, ['^targeted$', '^minimum$', '^mls$'], "Valid types are targeted, minimum, and mls.  Received: ${type}")
+
+    file_line { "set-selinux-config-type-to-${type}":
+      path  => '/etc/selinux/config',
+      line  => "SELINUXTYPE=${type}",
+      match => '^SELINUXTYPE=\w+',
+    }
   }
 }
diff --git a/manifests/params.pp b/manifests/params.pp
index 0eb03d33..632d976b 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -8,8 +8,8 @@
 #
 class selinux::params {
   $sx_mod_dir   = '/usr/share/selinux'
-  $mode         = 'disabled'
-  $type         = 'targeted'
+  $mode         = undef
+  $type         = undef
 
   case $::osfamily {
     'RedHat': {