CentOS disable Selinux

CentOS disable Selinux

Selinux: SELinux (Security-EnhancedLinux) is the most outstanding New Security Subsystem in Linux history for implementing mandatory access control by the National Security Agency (NSA.

Although it is a security function, it is more troublesome to use because there are too many functions and everything needs to be managed. Therefore, you can disable it and use other security methods instead.

[1] view three modes of Selinux operation

[Root @ moban ~] # Cat/etc/selinux/config # This is The Selinux configuration file directory.#ThisfilecontrolsthestateofSELinuxonthesystem.#SELINUX=cantakeoneofthesethreevalues:#enforcing-SELinuxsecuritypolicyisenforced.#permissive-SELinuxprintswarningsinsteadofenforcing.#disabled-NoSELinuxpolicyisloaded.SELINUX=enforcing#SELINUXTYPE=cantakeoneofthesetwovalues:#targeted-Targetedprocessesareprotected,#mls-MultiLevelSecurityprotection.SELINUXTYPE=targeted

Three running modes are available:

Enforcing: Enable SelinuxPermissive: Free mode. In this mode, only warning messages are printed, but not blocked.Disabled: Disable Selinux

[2] changing the running mode of Selinux configuration file

Method 1: Use the vi file editor to modify

[root@moban~]#vi/etc/selinux/config

Change "SELINUX = enforcing" to "SELINUX = disabled". Save and exit.

Method 2: sed command

[root@moban~]#sed-is#SELINUX=enforcing#SELINUX=disabled#g/etc/selinux/conf[root@moban~]#grep"disabled"/etc/selinux/config#disabled-NoSELinuxpolicyisloaded.SELINUX=disabled

Note that you must add the parameter-I. Otherwise, only the output is changed, rather than the content of the configuration file. However, you must note that the configuration file for Selinux modification takes effect only after the next restart. Therefore, the actual running status of Selinux is still enforcing, so you need to make some other settings. (In order not to restart the Linux system)

[3] changing the current running mode of Selinux

View the current running mode:

[root@moban~]#getenforceEnforcing

Change the current mode to the permissive status:

[root@moban~]#setenforce0[root@moban~]#getenforcePermissive

Note that the current running mode of Selinux has been changed to the permissive State. If you still need to change back to the enforcing State, enter setenforce 1. Note that setenforce only has the parameters 0 and 1:

[root@moban~]#setenforce1[root@moban~]#getenforceEnforcing[root@moban~]#setenforce2usage:setenforce[Enforcing|Permissive|1|0]

After changing to the permissive status, a warning message is printed, but it does not affect the actual operation.

From this we can see that the first is Permanent modification, and the second is temporary modification.