Some Linux by default is SELinux enabled, we can choose to turn selinux on or off when installing the operating system, but how to turn it on and off after installing the system?
There is a SELinux file under/etc/sysconf, using VI to open, change the value of the SELinux item in it.
- Selinux=disable disabling SELinux
- Selinux=enforcing using SELinux
[email protected] sysconfig]# Vim SELinux # This file controls the state of SELinux on the system.# selinux=Can take one of these three values:# enforcing-SELinux Security Policy isenforced.# Permissive-SELinux Prints warnings instead of enforcing.# disabled-No SELinux Policy isloaded. SELINUX = enforcing# selinuxtype=Can take one of these values:# targeted-Targeted processes isprotected, # Minimum-Modification of targeted policy. Only selected processes isprotected. # MLS-Multi level Security protection. Selinuxtype=targeted
Turn off SELinux
1. Temporarily close SELinux without restarting
- Run the following command with the root user
0
The purpose of this command is to temporarily set SELinux to the permissive mode (about permissive mode is described below)
If you want to resume running SELinux, you can run
1
This command will set SELinux to enforcing mode.
2. Permanently set SELinux to permissive mode
Here you need to tell the difference between the permissive and enforcing modes. SELinux has three modes: enforcing, Permissive and Disable.
Enforcing mode is the policy that is set by SELinux, and all rules that violate policy will be rejected by SELinux.
The difference between permissive and enforcing is that it still follows the SELinux policy, but the actions that violate the rules are only recorded and not rejected.
Disable as the name implies is completely disabling selinux
If you want to permanently set the permissive mode, we will modify the SELinux configuration file/etc/sysconfig/selinux (under RHEL5 This is a symbolic link to/etc/selinux/conf)
# This file controls the state of the SELinux on the system.
# selinux= can take one of these three values:
# Enforcing-selinux security policy is enforced.
# Permissive-selinux Prints warnings instead of enforcing.
# Disabled-selinux is fully disabled.
Selinux=enforcing
# selinuxtype= type of policy in use. Possible values are:
# Targeted-only targeted Network daemons is protected.
# Strict-full SELinux protection.
selinuxtype=targeted
Modify the selinux=permissive, and then restart it.
Disable, enable SELinux under Linux