selinux的檢視和設定
1.1 getenforce
1.2 /usr/sbin/sestatus
current mode表示當前selinux防火牆的安全策略
[root@localhost ~]# /usr/sbin/sestatus
selinux status: enabled
selinuxfs mount: /sys/fs/selinux
selinux root directory: /etc/selinux
loaded policy name: targeted
current mode: enforcing
mode from config file: enforcing
policy mls status: enabled
policy deny_unknown status: allowed
max kernel policy version: 28
current mode: selinux防火牆當前的安全策略,enforcing 表示強
2.1 臨時關閉
setenforce 0:用於關閉selinux防火牆,但重啟後失效。
[root@localhost ~]# setenforce 0[root@localhost ~]# /usr/sbin/sestatus
selinux status: enabled
selinuxfs mount: /sys/fs/selinux
selinux root directory: /etc/selinux
loaded policy name: targeted
current mode: permissive
mode from config file: enforcing
policy mls status: enabled
policy deny_unknown status: allowed
max kernel policy version: 28
修改selinux的配置檔案,重啟後生效。
開啟 selinux 配置檔案
[root@localhost ~]# vim /etc/selinux/config將selinux=enforcing改為selinux=disabled,儲存後退出
# this file controls the state of selinux on the system.
# selinux= can take one of these three values:
# enforcing - selinux security policy is enforced.
# permissive - selinux prints warnings instead of enforcing.
# disabled - no selinux policy is loaded.
selinux=enforcing
# selinuxtype= can take one of three two values:
# targeted - targeted processes are protected,
# minimum - modification of targeted policy. only selected processes are protected.
# mls - multi level security protection.
selinuxtype=targeted
[root@localhost ~]# getenforce
enforcing
[root@localhost ~]# reboot[root@localhost ~]# /usr/sbin/sestatus
selinux status: disabled
[root@localhost ~]# getenforce
disabled
檢視SELinux狀態 關閉SELinux
1.1 getenforce 1.2 usr sbin sestatus current mode表示當前selinux防火牆的安全策略 root localhost usr sbin sestatus selinux status enabled selinuxfs mount sys fs se...
檢視selinux狀態和關閉
檢視selinux狀態 1 usr sbin sestatus v 如果selinux status引數為enabled即為開啟狀態 selinux status enabled 2 getenforce 也可以用這個命令檢查 關閉selinux 1 臨時關閉 不用重啟機器 setenforce 0...
如何檢視,關閉和開啟selinux
以下介紹一下selinux相關的工具 usr bin setenforce 修改selinux的實時執行模式 setenforce 1 設定selinux 成為enforcing模式 setenforce 0 設定selinux 成為permissive模式 如果要徹底禁用selinux 需要在 e...