Tags: Dom reference config three mode sub enter Setsebool TPS informationBasic SELinux Security ConceptsSELINUX (Security-enhanced Linux) is an additional mechanism to protect your system's security.SELinux (security-enhanced Linux) is the United States National Security Agency (NSA) implementation of mandatory access control, is the most outstanding new security subsystem in the history of Linux. The NSA, with the help of the Linux community, has dev
To view the SELinux status: 1,/usr/sbin/sestatus-v # #如果SELinux The status parameter is enabled is turned on SELinux status:enabled 2. Getenforce # #也可以用这个命令检查 To turn off SELinux: 1, temporarily shut down (do not restart the machine): Setenforce 0 # #设置SELinux become
First, some conceptsSecond, SELinux statusIii. related applicationsIv. Related OrdersFirst, some concepts1. Linux Secure access modelDAC (discretionary access control): Autonomous access controls2. SELinux Secure access mechanismSELinux is a secure system based on the Second, SELinux status1. SELinux Status(1), Disable
To view the SELinux status:1,/usr/sbin/sestatus-v # #如果SELinux The status parameter is enabled is turned onSELinux status:enabled2. Getenforce # #也可以用这个命令检查To turn off SELinux:1, temporarily shut down (do not restart the machine):Setenforce 0 # #设置SELinux become permissive m
yearsIn general desktop and program development environments, SELinux policies can meet the security and convenience requirements at the same time..Taking the just-released fedora 15 as an example, the author builds a complete entertainment environment (including multiple third-party native Linux games and wine games) and development environment (AndroidSDK + eclipse), only the first running of the wine program is blocked by the default
many user-layer libraries and tools that can use the SELinux function.SELinux is a domain-type-based Mandatory Access Control (MAC) security system. It is written and designed by NSA to include the kernel module into the kernel, some security-related applications are also patched with SELinux, and finally there is a corresponding security policy. Any program has full control over its resources. If a progra
install.log.syslog
We will discuss the meaning of these fields later.
Iii. Strategy
In SELinux, we define policies to control which domains can access which contexts.
In SELinux, multiple policy modes are preset, and we usually do not need to define our own policies unless we need to protect some services or programs.
In CentOS/RHEL, the target policy is used by default. What is the target policy?
The targ
SELinux, rather than disabling the OS security mechanism. You need to decide if Y ou want to disable SELinux temporarily to test the problem, or permanently switch it off. It may also is a better option to do changes to the policy to permit the operations that is being blocked-but this re Quires knowledge of writing policies and May is a steep learning curve for some people. For the operating system as a
SELinux (security-enhanced Linux) is the United States National Security Agency (NSA) implementation of mandatory access control, is the most outstanding new security subsystem in the history of Linux. Under the restriction of this access control system, the process can only access files that are needed in his tasks. SELinux is installed on Fedora and Red Hat Enterprise Linux by default.Although
SELinux (security-enhanced Linux) is the United States National Security Agency (NSA) implementation of mandatory access control, is the most outstanding new security subsystem in the history of Linux. Under the restriction of this access control system, the process can only access files that are needed in his tasks. SELinux is installed on Fedora and Red Hat Enterprise Linux by default.Although
SELinux (security-enhanced Linux) is the United States National Security Agency (NSA) implementation of mandatory access control, is the most outstanding new security subsystem in the history of Linux. Under the restriction of this access control system, the process can only access files that are needed in his tasks. SELinux is installed on Fedora and Red Hat Enterprise Linux by default.Although
parameter that is used to determine whether your system's kernel is running in force (enforcing) or free (permissive) mode, which is the "enforcing" parameter. In free mode, SELinux just records what he should do, and in fact doesn't do any action. In mandatory mode, SELinux will come to the bottom. If your policy has errors, the system may prevent you from logg
-identify:selinux user identification, usually refers to the type of user; RolE: Role Domain|type: The type of the domain or file of the process; sencitivity: sensitivity; Note: In the targeted policy result set, only the type of domain and file that cares about the process can match and has no relationship with other security context identities ; SELinux Policy library: Rule Library: Store rule rules: which domain of the process can access or manipul
Nfig/selinux file defines the working mode of SELinux and the Resultant Set of policies used; selinux=enforcing selinuxtype=targeted selinux working mode (/etc SELinux working mode defined in/sysconfig/selinux file): Enforcing-fo
refers to the type of user;Role: RolesDomain|type: The type of the domain or file of the process;Sencitivity: Sensitivity;Note: In the targeted policy result set, only the type of domain and file that cares about the process can match, and it has no relationship with other security context identifiers;The SELinux Strategy Library:Rule library: Storing rulesRule: Which domain of the process can access or manipulate which types of files in which way; s
file.
MLS Security level. Only makes sense in MLS mode.
File Security Context
• There are two main categories.System_uThe file created for the system service.Unconfined_uA file created for the user himself.
• Both are Object_r, representing a file.
• In targeted modeThe only field that needs attention.• In targeted mode, only the type of the two corresponds (not the same), the process can access the file.
MLS Security level. Only makes sense in MLS mode.
Tags: off off selinux command usr ESS mis need detail openLinux Nginx failed to startJob for Nginx.service failed because the control process exited with error code. See "Systemctl Status Nginx.service" and "Journalctl-xe" for details.Need to close SELinuxTo view the SELinux status:1,/usr/sbin/sestatus-v # #如果SELinux The status parameter is enabled is turned onSE
. 开启模式# permissive - SELinux prints warnings instead of enforcing. 宽容模式# disabled - No SELinux policy is loaded. 关闭模式SELINUX=enforcing #设置selinux的状态模式# SELINUXTYPE= can take one of three two values:# targeted - Targeted processes are protected
View SELinux status: 1./usr/sbin/sestatus-v # if the SELinuxstatus parameter is enabled, SELinuxstatus is enabled: enabled2, getenforce # You can also use this command to check and disable SELi... "/> SELinux status: 1./usr/sbin/sestatus-v # if the SELinux status parameter is enabled, SELinux status is enabled: enabled2, getenforce # You can also use this
To view the SELinux status:1,/usr/sbin/sestatus-v # #如果SELinux The status parameter is enabled is turned onSELinux status:enabled2. Getenforce # #也可以用这个命令检查To turn off SELinux:1, temporarily shut down (do not restart the machine):Setenforce 0 # #设置SELinux become permissive m
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.