SELinux(Security-Enhanced Linux) 是美国国家安全局(NSA)对于强制访问控制的实现,是 linux历史上最杰出的新安全子系统。但是我们一般都不用它,因为它管的东西太多了,想做安全可以用防火墙等其他措施。
我们可以通过查看配置文件的命令 cat /etc/selinux/config
[root@mazhonghua ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
发现SELinux共有3个状态enforcing (执行中)、permissive (不执行但产生警告)、disabled(关闭)。
我们可以通过修改配置文件来修改SELinux的状态
[root@mazhonghua ~]# sed -i s#SELINUX=enforcing#SELINUX=disabled# /etc/selinux/config
[root@mazhonghua ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
最后我们重启服务器,SELinux状态由enforcing变为disabled 。
当然,一般我们的Linux都不能重启,我们可以使用这个命令 setenforce 1 临时(重启即失效)设置SELinux 成为enforcing模式(setenforce 0
root@mazhonghua ~]# setenforce 0
[root@mazhonghua ~]# getenforce
Permissive
/usr/sbin/sestatus
[root@mazhonghua ~]# /usr/sbin/sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: disabled
Policy version: 24
Policy from config file: targeted
SELinux(Security-Enhanced Linux) 是美国国家安全局(NSA)对于强制访问控制的实现,是 linux历史上最杰出的新安全子系统。但是我们一般都不用它,因为它管的东西太多了,想做安全可以用防火墙等其他措施。
我们可以通过查看配置文件的命令 cat /etc/selinux/config
[root@mazhonghua ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
发现SELinux共有3个状态enforcing (执行中)、permissive (不执行但产生警告)、disabled(关闭)。
我们可以通过修改配置文件来修改SELinux的状态
[root@mazhonghua ~]# sed -i s#SELINUX=enforcing#SELINUX=disabled# /etc/selinux/config
[root@mazhonghua ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
最后我们重启服务器,SELinux状态由enforcing变为disabled 。
当然,一般我们的Linux都不能重启,我们可以使用这个命令 setenforce 1 临时(重启即失效)设置SELinux 成为enforcing模式(setenforce 0
root@mazhonghua ~]# setenforce 0
[root@mazhonghua ~]# getenforce
Permissive
/usr/sbin/sestatus
[root@mazhonghua ~]# /usr/sbin/sestatus标签:mazhonghua,.#,查看,SELinux,enforcing,SELINUX,disabled,Linux From: https://blog.51cto.com/u_6468453/6123564
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: disabled
Policy version: 24
Policy from config file: targeted