"Linux system optimization" off SELinux

Selinux:selinux (Security-enhancedlinux) is the United States National Security Agency (NSA) implementation of mandatory access control, is the most outstanding new security subsystem in the history of Linux.

Although it is a security function, but because of the function too much, everything to tube, so it is more troublesome to use, so you can turn it off, and then use other security methods instead.

"1" View 3 modes of SELinux operation

[[Email protected] ~] #cat/etc/selinux/config #此为Selinux的配置文件目录 # This filecontrols the state of SELinux on the system. # selinux= Cantake One of these three values:# Enforcing-selinux security policy isenforced.# Permissive-selin UX Prints Warningsinstead of enforcing.# disabled-no SELinux policy is loaded.  selinux=enforcing# Selinuxtype=can Take one of these, values:# targeted-targeted processes areprotected,# MLS -Multi level Security protection. selinuxtype=targeted

You can see that there are 3 modes of operation:

Enforcing: Open selinuxpermissive: Free mode, this mode, only the warning message will be printed, but will not prevent disabled: turn off SELinux

"2" Changes the operating mode of the SELinux configuration file

Method One: Use the vi file editor to modify

[Email protected] ~]# Vi/etc/selinux/config

Modify "selinux=enforcing" to "selinux=disabled" and save exit

Method two: Sed command

[[Email protected] ~] #sed-i s#selinux=enforcing#selinux=disabled#g/etc/selinux/conf[[email protected] ~] #grep " Disabled "/etc/selinux/config# disabled-no selinux policy is loaded. Selinux=disabled

Note that you must add the parameter-I, otherwise only change the output, not change the contents of the configuration file. However, it is important to note that the current SELinux actual running state is still enforcing because the configuration file that modifies SELinux needs to take effect after the next reboot, so some more setup is required. (in order not to restart the Linux system)

"3" Changes the current operating mode of SELinux

To view the current operating mode:

[[Email protected] ~] #getenforce Enforcing

Modify the current mode to the permissive state:

[[email protected] ~]# Setenforce 0[[email protected] ~] #getenforce Permissive

Note that at this point the current selinux mode of operation has changed to permissive state, if you still need to change back to enforcing state, enter Setenforce 1, but note that Setenforce only parameters 0 and 1:

[[Email protected] ~] #setenforce 1[[email protected] ~] #getenforce enforcing[[email protected] ~]# Setenforce2usage:set Enforce [Enforcing | Permissive | 1 | 0]

When the permissive state is changed, the warning message is printed, but the actual operation is not affected, so the purpose can be achieved.

So, the above two methods of modification, the first is permanent modification, the second is temporary modification.

This article is from the "fragrant fluttering leaves" blog, please make sure to keep this source http://xpleaf.blog.51cto.com/9315560/1657735

"Linux system optimization" off SELinux