Linux Security Mode
DAC, autonomous access control
MAC, mandatory access control
SELinux
A set of MAC extension modules to strengthen Linux security
National Security Agency leads development
How SELinux works
Integrated Linux kernel (2.6 and above)
Operating system provides customizable policies and management tools
[[email protected] ~] # cat / etc / redhat-release
Red Hat Enterprise Linux Se
enforced.# Permissive-selinux Prints warnings instead of enforcing.# disabled-no SELinux policy is loaded.Selinux=enforcing# selinuxtype= can take one of these the values:# targeted-targeted processes is protected,# Mls-multi level Security protection.selinuxtype=targeted[Email protected] selinux]#Now explain director
Article Title: SELINUX from understanding to hands-on configuration. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
SELinux can provide great security protection for your system. Users can be assigned pre-defined roles so that they cannot access files or access programs
的。2、system_r:代表的就是程序了。不过一般用户也会被指定成为system_r类型(Type):一个主体程序能否读取到这个文件资源,与类型字段有关1、Type:在文件资源中被称为类型2、Domain:在主体程序中被称为域Ii. SELinux startup, shutdown, and viewing三种模式:# SELINUX= can take one of these three values:# enforcing - SELinux security policy is enforced.# permissive - SE
selinux in the kernel, provide a customizable security policy, and provide many libraries and tools at the user level, all of which can use SELinux functionality. SELinux is an enforced access control (MAC) security system based on the domain-type model (DOMAIN-TYPE), which is written by the NSA and designed into kernel modules that are included in the kernel, a
-ready distributions, such as Fedora, Red Hat Enterprise Linux (RHEL), Debian, or Centos. They all enable selinux in the kernel, provide a customizable security policy, and provide many libraries and tools at the user level, all of which can use SELinux functionality.SELinux is an enforced access control (MAC) security system based on the domain-type model (DOMAIN-TYPE), which is written by the NSA and desi
These two days to do lamp when found selinux such a thing, send a closed method!
Ways to turn off SELinux:
Modify the Selinux= "" in the/etc/selinux/config file as disabled and reboot.
If you do not want to reboot the system, use the command Setenforce 0
Note:
Setenforce 1 set
Selinux:selinux (Security-enhancedlinux) is the United States National Security Agency (NSA) implementation of mandatory access control, is the most outstanding new security subsystem in the history of Linux.Although it is a security function, but because of the function too much, everything to tube, so it is more troublesome to use, so you can turn it off, and then use other security methods instead.
"1" View 3 modes of SELinux operation[[Email
Tags: href off print als control src US display ackSELinux (security-enhanced Linux) is the United States National Security Agency (NSA) implementation of mandatory access control, is the most outstanding new security subsystem in the history of Linux.Turn off SELinuxTemporary entry into force:Order temporary Effect: Setenforce 0 (temporary effective can be directly with setenforce 0) 1 enable 0 alarm, do not enablePermanent entry into force:# Back up before Operation Cp/e
One, SELinux configurationIn order for Cloudstack to work properly, we must set the SELinux to permissive. It needs to be available in the current system running state and after it has been started, with the following configuration.To set SELinux to permissive while the syst
System_u:object_r:admin_home_t:s0 anaconda-ks.cfgUser:role:typeUser : SELinux Userrole : Roles, Linux-like groupstype : Type, scope of sandboxSubject:domainObject:typeobject can be manipulated by subject only : Type is a subset of domain:domain = = Type or domain contains typeActivate SELinux1) configuration file location:650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M01/A4/E8/wKioL1mz7FvQCZUuAAAcFRya6Cg261.png "title="
/etc/sysconfig/selinux configuration file
Under Red Hat Enterprise Linux, two methods can be used to configure SELinux: Use the security level Configuration Tool (system-config-securitylevel) or manually edit the configuration file (/etc/s Ysconfig/selinux).
/etc/sysconfig/selinux is the primary configuration file for
View the detailed status of selinux. if it is enable, it indicates that selinux is enabled.
#/Usr/sbin/sestatus-v
View selinux mode
# Getenforce
2. disable selinux
2.1: permanently shut down (this will take effect after the server is restarted)
# Sed-I's/SELINUX = enforci
SELinux-related tool commands The following describes SELinux-related tools/usr/bin/setenforce modify the real-time running mode of SELinux setenforce1 set SELinux to enforcing mode setenforce0 set SELinux to permissive mode if th
our policy has developed many codes for this area, including the types of target resources that can be read in this field;
Since httpd domain is configured to read the target file (object) of the httpd_sys_content_t type, your Web page is placed in the/var/www/html/directory and can be read by the HTTPD program;
But finally can not read the correct data, but also to see whether rwx conforms to the Linux Authority specification!
The first is that the policy needs to formulate detail
The first step is to determine if the issue is related to SELinux, comand:adb Shell Setenforce 0 (This step requires root) to turn off the selinux mechanism of the phone, if the problem can be reproduced, then this issue is not related to SELinux, or related but also with Other mechanisms, such as those related to Linux autonomic access control (DAC). After you c
selinux. you can also set the selinux running level through setenforce 0 or 1. Level 0 indicates the Permissive mode, and level 1 indicates the Enforcing mode. for the switch between the disabled mode and other modes, only the configuration file can be modified, and the command does not work. second, you must restart the system to make the modification take effe
Tags: Linu miss root permissions with no permissions images image min filterThe following example runs on the ZTE Android 5.0 phone.When we use the root-privileged python to create the socket listener Port 8088, SELinux outputs the following record to the KmsgPYTHON-ANDROID5 the operation of the socket create, setopt, bind, listen, etc. are denied disallowed, because the target requires permission in Tcontext=u:r:init:s0, But our Python runs under roo
force this policy.
The following describes SELinux-related tools.
/Usr/bin/setenforce modify the real-time running mode of SELinux
Setenforce 1 sets SELinux to enforcing Mode
Setenforce 0 sets SELinux to permissive Mode
To completely disable
CentOS disable Selinux
Selinux: SELinux (Security-EnhancedLinux) is the most outstanding New Security Subsystem in Linux history for implementing mandatory access control by the National Security Agency (NSA.
Although it is a security function, it is more troublesome to use because there are too many functions and everything needs to be managed. Therefore, you ca
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.