Copyright notice: ########################################################################## #本文的所有内容均来自作者刘春凯的学习总结, without my permission, It is forbidden to forward and use it privately. qq:1151887353e-mail:[email protected] [email protected]########## ############################################################### #第1章 Close SELinux method 1.1 Pre-operation backup method: [Email protected] ~]# cp/etc/selinux/config /etc/selinux/config.bak[[email protected] ~]# ls /etc/selinuxconfig config.bak restorecond.conf restorecond_ User.conf semanage.conf targeted Law II: [[Email protected] ~]# sed -i.ori ' s# Selinux=enforcing#selinux=disabled#g ' /etc/selinux/config===-i.ori replace the pre-backup file; [[email protected] ~] # ls /etc/selinuxconfig config.bak config.ori restorecond.conf restorecond_user.conf semanage.conf targeted1.2 permanently close selinux (Modify config file) [[email protected] ~]# cat /etc/selinux/config # this file controls the state of selinux on thesystem.# selinux= can take one of these three values:# enforcing - SELinux security policy is enforced.# permissive - selinux prints warnings instead of enforcing.# disabled - no selinux policy Is loaded. selinux=enforcing# selinuxtype= can take one of these two values:# targeted - Targeted processes are protected,# mls -multi level security protection. selinuxtype=targeted[[email protected] ~]# sed -i ' s#SELINUX=enforcing#SELINUX= Disabled#g '/etc/selinux/config [[email protected] ~]# cat /etc/selinux/config # this file controls the State of selinux on the system.# selinux= can take one of these three values:# enforcing - SELinux security Policy is enforced.# permissive - selinux prints warnings instead of enforcing.# disabled - no selinux policy is loaded. selinux=disabled# selinuxtype= can take one of these two values:# targeted - Targeted processes are protected,# mls -multi level security protection. selinuxtype=targeted === need to restart the server to take effect (do not restart the server for any reason in the work scenario); 1.3 temporarily shut down [[email protected] ~] # getenforce === View selinux Status Enforcing[[email protected] ~]# setenforce === View selinux setup Options usage: setenforce [ Enforcing | permissive | 1 | 0 ]===1: Open; 0: reminding but not blocking; [[email protected] ~]# setenforce 0=== set to 0[[email protected] ~]# getenforcepermissive 1.4 Restore SELinux Method method One: Command line restore setenforce 1; Method II: File reply 1, through VI, SED directly modify the configuration file 2, mv/etc/selinux/config.bak /etc/ selinux/config== Direct Overwrite profile 2nd Close firewall iptables2.1 temporarily shut down iptables View Firewall state law one:/etc/init.d/iptables Status Law II: Service iptables status Temporary shutdown firewall law one:/etc/init.d/iptables stop/etc/init.d/iptables stop === execution closed two times to ensure close; Law II: service iptables stopservice iptables stop/etc/ Init.d/iptables status or service iptables status === After the modification is complete, review the iptables status again; 2.2 Permanently turn off iptables (Power on from startup item off iptables) to see if the iptables is powered on from the boot chkconfig | grep ipt or chkconfig -- list iptables turn off the iptables of the boot fromStartup item chkconfig iptables off again to see if iptables boot is off chkconfig | grep ipt or Chkconfig --list iptables.
The SELinux and iptables of Linux Foundation optimization