This afternoon, after a file server restarts. It is not possible to FTP to this file server from other hosts. The check was found to be a problem with SELinux. Colleague to change the parameters in/etc/selinux/config selinuxtype=targeted to Disabled, restart the host is unsuccessful, error message:Unable to load SELinux Policy. Machine was in enforcing Mode. Halt
effective nic file vi /etc/sysconfig/ network-scripts/ifcfg-NIC name // Configure permanent NIC configuration fileConfiguration of 5.selinuxVi/etc/sysconfig/selinux/Enter SELinux to modify file, add selinux=disable to deactivate SELinux function in last lineDisabled: Disable
1. Referencing the monitorCurrently, most of the main operating system types of access control are called DACS (arbitrary access Control), the characteristics of the DAC mainly refers to the user access to resources permissions. But DAC has some weaknesses, in order to customer service these weaknesses, the Mac was born (mandatory access control). But Mac also has some weaknesses and is not very flexible to use. Then the value that SELinux brings to L
First of all, the SELinux, full name security enhanced Linux.selinux is a kernel module for the process, file and other permissions set based on.Second, the traditional file permissions and account relationship and the policy rules to develop a program to read specific files1. Traditional file permissions and account relationships: Autonomous access control, DACWhen a process wants to access the file, the system will compare the permissions of the fil
Tags: selinuxTurn off SELinuxAfter executing the ls-l permissions, it is found that there is a point after 9 for the permission. This point is controlled by Sellinux, and when you close SELinux, the created file does not appear.1. View the status of SElinux[Email protected] ~]# getenforceenforcing//Open State2. Change to relaxed state. Immediate effect, restart failure.Modified to loose state, Setenforce 0.
3.3.1 Local SELinux Policy language compilerThe most basic way to build a policy file for the kernel is to compile it from the source policy file using the CheckPolicy program. This source program, which is built in many steps, is named "Policy.conf". CheckPolicy checks the syntax and semantics of the source policy file and writes the result in a certain form (taken by a binary policy file) to a file that can be read by the Kernel Policy loader (load_
First, modify the file/etc/sysconfig/selinux as follows.# This file controls the state of SELinux in the system.# selinux= can take one of the these three values:# Enforcing-se Linux security Policy is enforced.# permissive-selinux prints warnings instead of enforcing.# disabled-no SELi Nux policy is loaded.
To view the SELinux status:1,/usr/sbin/sestatus-v | grep "SELinux Status:" # #如果SELinux the status parameter is enabled2, Getenforce # #除了上面的命令还可以使用这个命令, the output is permissive to close, enforcing to open.To turn off SELinux:1, temporary shutdown (do not restart the system can be effective):Setenforce 0 # #设置
SELinux (NSA) 3.1 off SELinux permanently shutdown selinux-effective after server restart /etc/selinux/config selinux= can take one Of these three values:enforcing default SELinux on run permissive
Tags: selinuxI. Introduction of SELinux?? SELinux mandatory access control of a strategy, in the traditional Linux system, all files, have users, groups and permissions to control access, in SELinux, all objects, by the security elements stored in the extended domain control access, all files, ports, processes have a security context, The security context consist
A CentOS + Nginx + PHP + MySQL virtual machine is configured. To share files between Linux virtual machines and Windows, install the Samba service on the Virtual Machine and configure anonymous access. I have never touched SELinux before. I didn't expect it to affect the access permission of folders. I learned some new things through the day of hard work. Note below
CentOS + Nginx +PHP+ For file sharing between Linux and Windows virtual machines, inst
In RedHat Linux 5, install PHP SELinux protection and restart apache in the last step. The following error is reported:
Httpd: Syntax error on line 53 of/usr/local/apache/conf/httpd. conf: Cannot load/usr/local/apache/modules/libphp5.so into server:/usr/local/apache/modules/libphp5.so: cannot restore segment prot after reloc: Permission denied
Cause: There is a SELinux protection m
Date: October 30, 2016Usually in the Linux experiment, the Linux system will be shut down the firewall, to avoid being affected when doing experiments.
After the system installation is complete, turn off the iptables firewall with SELinux and check the status of the firewall first:
Service Iptables StatusTo view the SELinux status command:/usr/sbin/sestatus-vcommand to temporarily shut down the fire
First, view the current SELinux statusCommand line execution Getenforce 650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/86/E9/wKioL1fOjADCUozgAAAI5l9Eejw709.png "Styl E= "Float:none;" title= "9~6s485 ' 60wbu[zvm8_cbse.png" alt= "Wkiol1fojadcuozgaaai5l9eejw709.png"/>Second, temporarily modify the SELinux status (without restarting the immediate effect, restart after failure. )Command line executio
Article Source: http://blog.csdn.net/johnnycode/article/details/419475812014-12-16 DayThe Internet connection was handled well last night. In the morning I could not visit again.The phenomenon is Nginx can obtain respone head information, but respone body information intermittently can be obtained, nginx configured for monitoring 80port. Iptables and SELinux service stop state.Finally the processing conclusion is that an IDC request 80port must apply
If selinux is not disabled, httpd cannot use non-80 or other default ports. in this case, the httpd port is changed to 9080, and the following prompt is displayed: [root @ haifeng ~] # ServicehttpdstartStartinghttpd :( 13) Permissiondenied: make_sock: couldnot... if selinux is not disabled, httpd cannot use non-80 or other default ports. in this case, the httpd port is changed to 9080, and the following pro
#############################################This article is extremely ice original, reprint please indicate source #############################################1. SELinux can be understood as a security mechanism on Android, a security strengthening system designed for Linux by the NSA and some companiesWe can customize some of the permissions of our phone by configuring the policy of SELinux, for example,
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.