SELinux Primary Management

1. What is SELinux
SELinux, kernel-level enhanced firewall
Including:
File Security Context
Process Security Context

2. How to manage SELinux levels
SELinux turned on or off)
Vim/etc/sysconfig/selinux
selinux=disabled # #关闭状态
Selinux=enforcing # #强制状态
Selinux=permissive # #警告状态

Getenforce # #查看状态
When SELinux is turned on
Setenforce 0|1 # #更改selinux运行级别
#1 Enforcement Mode
#0
View security Context
Ps-z
Ls-z

If in mandatory mode, if the whole context is not unified, LFTP will not be able to view the different security context files

Unified Security Context）
#setenforce 1
#mkdir/westos
#touch/mnt/test1
#vim/ETC/VSF
Anon_root=/westos
#mv/mnt/test1/var/ftp/
#lftp IP
#ls #查看不到文件
#semanage fcontext-l |grep/westos/
#semanage fcontext-l |grep/var/ftp
#semanage fcontext-a-T public_content_t ' Westos (/.*)? '
#lftp IP
#ls #可查看到文件

3. How to change the file security context
temporary Change)
Chcon-t Security Context File
Chcon-t Public_content_t/publicftp-r

permanently changed)
Semanage Fcontext-l # #列出内核安全上下文列表内容
Semanage fcontext-a-T public_content_t '/publicftp (/.*)? '
restorecon-fvvr/publicftp/


4. How to control the SELinux switch to the service function
getsebool-a | grep Service Name
getsebool-a | grep FTP
setsebool-p function bool Value On|off
Setsebool-p Ftpd_anon_write on

unfamiliar users uploading files to the server
#vim/etc/vsftpd/vsftp.conf
#anon_root =/westos
Anon_upload_enable=yes
#chgrp ftp/var/ftp/pub/
#chmod 775/var/ftp/pub/
#chcon-T public_content_rw_t/var/ftp/pub/
#getsebool-A | grep FTP
#setsebool-P ftpd_anon_write on
#lftp
#cd Pub
#put

5. Monitor the SELinux error message

#yum Install Setroubleshoot-server
#yum Install Setroubleshoot
/var/log/message
/var/log/audit/audit.log

6. When SELinux is having problems
#touch/.autorelabel
#reboot #重启

This article from the "Technology life, Simple not simple" blog, please be sure to keep this source http://willis.blog.51cto.com/11907152/1847018

SELinux Primary Management