CentOS disable Selinux

Source: Internet
Author: User

CentOS disable Selinux

Selinux: SELinux (Security-EnhancedLinux) is the most outstanding New Security Subsystem in Linux history for implementing mandatory access control by the National Security Agency (NSA.

Although it is a security function, it is more troublesome to use because there are too many functions and everything needs to be managed. Therefore, you can disable it and use other security methods instead.

[1] view three modes of Selinux operation

[Root @ moban ~] # Cat/etc/selinux/config # This is The Selinux configuration file directory.#ThisfilecontrolsthestateofSELinuxonthesystem.#SELINUX=cantakeoneofthesethreevalues:#enforcing-SELinuxsecuritypolicyisenforced.#permissive-SELinuxprintswarningsinsteadofenforcing.#disabled-NoSELinuxpolicyisloaded.SELINUX=enforcing#SELINUXTYPE=cantakeoneofthesetwovalues:#targeted-Targetedprocessesareprotected,#mls-MultiLevelSecurityprotection.SELINUXTYPE=targeted

Three running modes are available:

Enforcing: Enable SelinuxPermissive: Free mode. In this mode, only warning messages are printed, but not blocked.Disabled: Disable Selinux

[2] changing the running mode of Selinux configuration file

Method 1: Use the vi file editor to modify

[root@moban~]#vi/etc/selinux/config

Change "SELINUX = enforcing" to "SELINUX = disabled". Save and exit.

Method 2: sed command

[root@moban~]#sed-is#SELINUX=enforcing#SELINUX=disabled#g/etc/selinux/conf[root@moban~]#grep"disabled"/etc/selinux/config#disabled-NoSELinuxpolicyisloaded.SELINUX=disabled

Note that you must add the parameter-I. Otherwise, only the output is changed, rather than the content of the configuration file. However, you must note that the configuration file for Selinux modification takes effect only after the next restart. Therefore, the actual running status of Selinux is still enforcing, so you need to make some other settings. (In order not to restart the Linux system)

[3] changing the current running mode of Selinux

View the current running mode:

[root@moban~]#getenforceEnforcing

Change the current mode to the permissive status:

[root@moban~]#setenforce0[root@moban~]#getenforcePermissive

Note that the current running mode of Selinux has been changed to the permissive State. If you still need to change back to the enforcing State, enter setenforce 1. Note that setenforce only has the parameters 0 and 1:

[root@moban~]#setenforce1[root@moban~]#getenforceEnforcing[root@moban~]#setenforce2usage:setenforce[Enforcing|Permissive|1|0]

After changing to the permissive status, a warning message is printed, but it does not affect the actual operation.

From this we can see that the first is Permanent modification, and the second is temporary modification.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.