首页 > 系统相关 >SELinux 开启和关闭

SELinux 开启和关闭

时间:2023-01-30 15:01:46浏览次数:49  
标签:status SELinux enforcing 开启 关闭 selinux root localhost

1. 查看SELinux状态

1.1 getenforce

  • getenforce 命令是单词get(获取)和enforce(执行)连写,可查看selinux状态,与setenforce命令相反。

  • setenforce 命令则是单词set(设置)和enforce(执行)连写,用于设置selinux防火墙状态,如: setenforce 0用于关闭selinux防火墙,但重启后失效

     

    1. [root@localhost ~]# getenforce

    2. Enforcing

1.2 /usr/sbin/sestatus

Current mode表示当前selinux防火墙的安全策略

 

  1. [root@localhost ~]# /usr/sbin/sestatus

  2. SELinux status: enabled

  3. SELinuxfs mount: /sys/fs/selinux

  4. SELinux root directory: /etc/selinux

  5. Loaded policy name: targeted

  6. Current mode: enforcing

  7. Mode from config file: enforcing

  8. Policy MLS status: enabled

  9. Policy deny_unknown status: allowed

  10. Max kernel policy version: 28

SELinux status:selinux防火墙的状态,enabled表示启用selinux防火墙
Current mode: selinux防火墙当前的安全策略,enforcing 表示强

2. 关闭SELinux

2.1 临时关闭

setenforce 0 :用于关闭selinux防火墙,但重启后失效。

[root@localhost ~]# setenforce 0
 

  1. [root@localhost ~]# /usr/sbin/sestatus

  2. SELinux status: enabled

  3. SELinuxfs mount: /sys/fs/selinux

  4. SELinux root directory: /etc/selinux

  5. Loaded policy name: targeted

  6. Current mode: permissive

  7. Mode from config file: enforcing

  8. Policy MLS status: enabled

  9. Policy deny_unknown status: allowed

  10. Max kernel policy version: 28

2.1 永久关闭

修改selinux的配置文件,重启后生效。

打开 selinux 配置文件

[root@localhost ~]# vim /etc/selinux/config

修改 selinux 配置文件

将SELINUX=enforcing改为SELINUX=disabled,保存后退出

 

  1. # This file controls the state of SELinux on the system.

  2. # SELINUX= can take one of these three values:

  3. # enforcing - SELinux security policy is enforced.

  4. # permissive - SELinux prints warnings instead of enforcing.

  5. # disabled - No SELinux policy is loaded.

  6. SELINUX=enforcing

  7. # SELINUXTYPE= can take one of three two values:

  8. # targeted - Targeted processes are protected,

  9. # minimum - Modification of targeted policy. Only selected processes are protected.

  10. # mls - Multi Level Security protection.

  11. SELINUXTYPE=targeted

此时获取当前selinux防火墙的安全策略仍为Enforcing,配置文件并未生效。

 

  1. [root@localhost ~]# getenforce

  2. Enforcing

重启

[root@localhost ~]# reboot

验证

 

  1. [root@localhost ~]# /usr/sbin/sestatus

  2. SELinux status: disabled

  3.  

  4. [root@localhost ~]# getenforce

  5. Disabled

标签:status,SELinux,enforcing,开启,关闭,selinux,root,localhost
From: https://www.cnblogs.com/surplus/p/17075932.html

相关文章

赞助商

阅读排行

网站主页关于我们联系我们网站地图

本网站内容转载自其他媒体,侵权联系[admin##ips99.com]。

Copyright © 2020-2023 IPS99 版权所有 IPS99