Selinux command set sorting and summary

Selinux command set Summary 1. Related command sets: sestatusgetenforcesetenforce 0/1id/ls/ps-Z view object chon [OPTION] context files/chon [OPTIONS] -- reference = REF_FILES FILES-f force execution, even if there is an error message, it is not displayed.-l range specifies to use range as the security value range.-R recursive-r ROLE modifies the ROLE principle.-t TYPE only modifies the TYPE principle.-u USER only modifies the USER principle. -v Verbose) example: chcon-u system_u-t httpd_t file chcon root: object_r: user_home_t filematchpathcon [-a |-V] file find the default principle-a does not display the path name; -V check if the fixfiles definition is met [-R PACKAGES...] [check | restore] fixed the file security principle restorecon [OPTIONS] File Restoration:-f listfile (replace files with Files),-o: output to files,-v: displays unwanted files.-I ignores non-existent files and recreates all default security rules: generate an empty /. autorelabel file, and then restart. This takes a long time. Seinfo [OPTIONS] [POLICY_FILE] sesearch [-a | -- allow | -- audit | -- neverallow | -- type |-s NAME |-t NAME] [POLICY_FILE]: sesearch-a-s httpd_t-t etc_t/etc/selinux/targeted/policy/policy.21getseboolsetsebool [-P] sebool = value-P indicates that it will still take effect after startup, if this parameter is not added, only the system-config-selinux tool currently takes effect. Only the sealert tool in the graphic interface needs to install the setroubleshoot package grep httpd/var/log/audit. log | audit2allow-M mypol; semodule-I mypol. pp II. Concept: DAC (Discretionary Access Control) Arbitrary read Control -- "ACL (Access Control List) is an extended MAC (Mandatory Access Control) of DAC) mandatory read control-RBAC (Role-Based) Role basis, which is determined by the user's Role-Multi-Level Security (MLS, different access level security principles are defined: targeted: used to protect common network services; strict: used to provide RBAC-compliant security; mls: provides Access Vector Cache (Access Vector Cache) with MLS-compliant security to store SELinux policy variables in the memory to speed up query.