SELinux:
Selinux:secure Enhanced Linux
General Linux Systems:
DAC: Autonomous access control
SELinux:
MAC: Mandatory access control
operating mode:
1.strict: Each process is under the control of SELinux;
2.targeted: A limited process receives SELinux control
Monitor only the processes that are vulnerable to intrusion
Subject Operation Object
Process operation process, file
SELinux provides a security label for each file, as well as a security label for the process
Tags: user:role:type
The user of User:selinux
Role: Roles
Type: Types
SELinux Rule Library:
Rules: Specify which types of files the domain can access or those within
Configure SELinux:
SELinux Enable
Re-marking the file
Setting some Boolean properties
Status of SELinux:
Enforcing: Mandatory, each restricted process is bound to be limited
Permissive: Enabled, each restricted process violation will not be banned, but will be logged to the audit log.
Disabled: Off
Related commands:
Getenforce: Gets the current status of SELinux;
Setenforce 0|1
0: Set to permissive
1: Set to enforcing
This setting: Not valid after rebooting the system
Configuration file:/etc/sysconfig/selinux,/etc/selinux/config
Selinux={disabled|enforcing|permissive}
To re-mark a file:
Chcon [OPTION] ... CONTEXT FILE ...
Chcon [OPTION] ... [-U USER] [-R ROLE] [-L RANGE] [-T TYPE] FILE ...
Chcon [OPTION] ...--reference=rfile FILE ...
-R Recursive marking
Restore file Default Tags: restorecon-r/path/to/file
Boolean rule:
Setsebool [-P] [On|off] (P: write config file)
Getsebool
Linux System Management-(-selinux)