To view the SELinux status:1,/usr/sbin/sestatus-v # #如果SELinux The status parameter is enabled is turned onSELinux status:enabled2. Getenforce # #也可以用这个命令检查To turn off SELinux:1, temporarily shut down (do not restart the machine):Setenforce 0 # #设置SELinux become permissive m
Login as:root[email protected] ' s password:Last Login:tue Mar 6 03:31:31 2018 from 10.93.143.1[Email protected] ~]# More/etc/selinux/config# This file controls the state of the SELinux on the system.# selinux= can take one of these three values:# Enforcing-selinux security policy is enforced.#
guide ". Throw the following reference:Deployment_Guide-en-US, the so-called"DevelopmentGuide ":Http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Deployment_Guide-en-US/index.htmlTo enable or disable SELinux, see Chapter 44.2.7. enable or disable SELinux in the Development Guide ":Http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Deployment_Guide-en-US/sec-sel-enable-disable.htmlThere a
that this command is Getenforce. This command is incredibly simple to use (because it is only used to report the SELinux mode). To use this tool, open a terminal window and execute the getenforce command. The command returns enforcing, Permissive, or disabled (see).Setting the SELinux mode is actually simple--depending on what mode you want to set. Remember: It
This article from the "lone star Rain" blog, please be sure to keep this source http://bguncle.blog.51cto.com/3184079/957315
View SELinux status:
1./usr/sbin/sestatus-V # If The SELinux status parameter is enabled, it is enabled.
SELinux status: Enabled
2. getenforce # You can also use this command to check
Disable SEL
, a denial message is recorded in/var/log/messages.
It sounds relatively simple, isn't it? In fact, the process is more complex, but to simplify the introduction, only the important steps are listed.
Mode
SELinux has three modes (which can be set by the user ). These modes determine how SELinux responds to a request. These modes are:
Enforcing (Force)-The SELinux
from the policy database. Based on the current pattern mode, if the SELinux Secure Server grants permissions, the principal can access the target. If the SELinux security server denies permissions, a deny message is logged in the/var/log/messages.It sounds relatively simple, doesn't it? The process is actually more complex, but in order to simplify the introduction, only important steps are listed.ModeSELi
Familiar with SELinux and SELinux Functions
Now, playing with the SELinux system has some value. For example, we use a strictly qualified ora Core 4 release. Most of these examples can basically run on Red hat Enterprise Linux version 4 or Fedora Core 5. Although it may be a little different, you may be able to run it using another release. "Getting
Tags: res etc appears this nbsp mount inux def parameterSELinux startup, shutdown, and view1, not all Linux distributions support SELinuxCurrently, SELinux supports three modes, as follows:Enforcing: Mandatory mode, on behalf of the SELinux operation, and has correctly begun to limit the domain/type;Permissive: Tolerant mode: On behalf of
strategy was primarily for the server environment. However, with the extensive application of SELinux over the past 8 years, the SELinux strategy can still meet the requirements of security and convenience in the General desktop and program development environment . With the release of Fedora 15 as an example, the author is in the process of building complete entertainment (including a variety of third-par
will not take effect until the system is restarted)View SELinux configuration file/etc/selinux/config or his link file/etc/sysconfig/selinux/650) this.width=650; "src=" https://s4.51cto.com/wyfs02/M02/96/05/wKiom1kcBeDwOW1lAAL4mMLGOeM922.jpg "title=" 1.jpg "alt=" Wkiom1kcbedwow1laal4mmlgoem922.jpg "/>The status of SELinux
Three models of SELinuxEnforcing #permissive # tolerant mode: represents SELinux operation, but only warning messages do not actually restrict access to domain/type. This mode can be shipped as SELinux debug, disabled # closed, SELinux does not actually work. View the status of SELinux1. View configur
Turn off SELinux functionality1. Permanently closed1.1 Check, BackupPermanently close SELinux1. Pre-operation BackupCat/etc/selinux/config# This file controls the state of the SELinux on the system.# selinux= can take one of these three values:# Enforcing-selinux security po
specific working status of SELinuxWorking principle such as:
Ii. mode of work and type of work2.1 Operating modeGetenforce can view the current SELinux mode of operation,Setenforce can modify the SELinux mode of operation, but can only switch between permissive and enforcing . [Email protected] ~]# setenforce 0|1 , respectively, represents
Base access Control)-the user is given only minimal permissions. To the user, is divided into some role,Even the root user, if you are not in the Sysadm_r, still can not implement sysadm_t management operations.3. TE (Type Enforcement)-gives the process only minimal operational privileges, and the TE concept is very important in SELinux;is to assign a file type tag to a file called type, which assigns a label called Domain to the process, and can spe
1. SELinux IntroductionSELINUX is the acronym for Security Enhanced Linux, which literally means secure hardening of Linux, developed by the National Security Agency (NSA), a module that integrates into the Linux core, is an implementation of mandatory access control (MAC), is The most outstanding new security subsystem in Linux history provides better access control than traditional UNIX permissions. Under the limitations of the
[Email protected] ~]$ Cat/etc/selinux/config# This file controls the state of the SELinux on the system.# selinux= can take one of these three values:# Enforcing-selinux security policy is enforced.# Permissive-selinux Prints warn
: enabledselinuxfs mount: /selinuxcurrent mode: enforcingmode from config file:Querying SELinux Run modeoperating modes are divided into three enforcing (mandatory mode), permissive (tolerant mode), disabled (off)Third, problem-handlingSince the analysis of the problem may be in SELinux, then try to repair, repair
To disable SELinux, modify selinux = quot; in the/etc/SELINUX/config file as disabled, and restart. If you do not want to restart the system, run the setenforce0 command. note: setenforce1 sets SELinux to enforcing mode. setenforce0 sets SELinux to permis.
To disable
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.