My path to learning Linux. 001

University has learned 3 years of Java, I do not want to learn Linux now, this is my first blog, of course, I am also a small white, many problems may be wrong, and is a few ridiculous mistakes, here hope you have patience to see the people put forward these mistakes, thank you!

Later this blog is my Linux home, I will put all I have learned on this.

Learning Linux, the first thing is to turn off all Selinux,iptable,networkmanager, I went online to check, SELinux, full name: Security Enhanced Linux, is a Mac (mandatory access control system) an implementation, my understanding is to manage the system resources. It can be used to defend against o-day attacks, oday I have not touched, degree Niang is said to take advantage of the open vulnerability implementation of the attack, as to why the vulnerability is not public? I am also very puzzled. He and firewalls and ACLs are not duplicated.

Getenforce can get the current selinux running state, there are three kinds of running states: Disabled,permissive, and enforcing. In fact, Disabled indicates that SELinux is disabled. Permissive represents a security warning but does not prevent suspicious behavior. Enforcing represents a warning and prevents suspicious behavior.

We can set it to disabled or permissive, method one, can execute: Setenforce 0. But it only comes into effect now, and then it goes back again after a reboot. Method Two: Change the SELinux configuration file, Vim/etc/sysconfig/selinux, the inside to selinux=disabled, and then restart the good.

Here I ask why to turn off, not to protect the system resources? The reason for this is from Baidu ....

1. Why does the PC have to drive SELinux? Who would use a 0day loophole to attack a PC?
2. SELinux is not required on most business servers because it basically uses load-balancing devices to distribute traffic, only a few ports are open to the outside world.
3. The use of virtualization is more and more widespread, different types of applications are distributed across different servers, and there is no need to isolate permissions between different services
4. SELinux brings a disproportionate amount of additional security and usage complexity, and is not cost-effective

I think the first reason is the most suitable for me, and open the SELinux Restart service is generally very slow, and, in the Web Server service, specifically in the experiment with different system users log on when the login is not on, closed after the good, I believe I will someday open it again. Oh, too.

And then, we close NetworkManager This is simple:/etc/init.d/networkmanager stop, and then set the boot does not start: Chkconfig NetworkManager off.

Finally, we shut down the firewall iptables-f clear all the rules, my understanding is to shut down the host firewall. Then save the settings: Service iptables save.

Well, I'm going to write about it today, and it'll always be updated, oh, yes.

My path to learning Linux. 001