selinux

This afternoon, after a file server restarts. It is not possible to FTP to this file server from other hosts. The check was found to be a problem with SELinux. Colleague to change the parameters in/etc/selinux/config selinuxtype=targeted to Disabled, restart the host is unsuccessful, error message:Unable to load SELinux Policy. Machine was in enforcing Mode. Halt

effective nic file vi /etc/sysconfig/ network-scripts/ifcfg-NIC name // Configure permanent NIC configuration fileConfiguration of 5.selinuxVi/etc/sysconfig/selinux/Enter SELinux to modify file, add selinux=disable to deactivate SELinux function in last lineDisabled: Disable

1. Referencing the monitorCurrently, most of the main operating system types of access control are called DACS (arbitrary access Control), the characteristics of the DAC mainly refers to the user access to resources permissions. But DAC has some weaknesses, in order to customer service these weaknesses, the Mac was born (mandatory access control). But Mac also has some weaknesses and is not very flexible to use. Then the value that SELinux brings to L

First of all, the SELinux, full name security enhanced Linux.selinux is a kernel module for the process, file and other permissions set based on.Second, the traditional file permissions and account relationship and the policy rules to develop a program to read specific files1. Traditional file permissions and account relationships: Autonomous access control, DACWhen a process wants to access the file, the system will compare the permissions of the fil

Tags: selinuxTurn off SELinuxAfter executing the ls-l permissions, it is found that there is a point after 9 for the permission. This point is controlled by Sellinux, and when you close SELinux, the created file does not appear.1. View the status of SElinux[Email protected] ~]# getenforceenforcing//Open State2. Change to relaxed state. Immediate effect, restart failure.Modified to loose state, Setenforce 0.

3.3.1 Local SELinux Policy language compilerThe most basic way to build a policy file for the kernel is to compile it from the source policy file using the CheckPolicy program. This source program, which is built in many steps, is named "Policy.conf". CheckPolicy checks the syntax and semantics of the source policy file and writes the result in a certain form (taken by a binary policy file) to a file that can be read by the Kernel Policy loader (load_

First, modify the file/etc/sysconfig/selinux as follows.# This file controls the state of SELinux in the system.# selinux= can take one of the these three values:# Enforcing-se Linux security Policy is enforced.# permissive-selinux prints warnings instead of enforcing.# disabled-no SELi Nux policy is loaded.

To view the SELinux status:1,/usr/sbin/sestatus-v | grep "SELinux Status:" # #如果SELinux the status parameter is enabled2, Getenforce # #除了上面的命令还可以使用这个命令, the output is permissive to close, enforcing to open.To turn off SELinux:1, temporary shutdown (do not restart the system can be effective):Setenforce 0 # #设置

--nofork--nopid Sep 09:47:40 admin203 systemd[1]: Starting firewalld-dynamic Firewall daemon ... Sep 09:47:40 admin203 systemd[1]: Started firewalld-dynamic firewall daemon. Turn off firewall [[emailprotected] ~]# systemctl stop firewalld Turn on firewall [[emailprotected] ~]# Systemctl Start FIREWALLD Boot firewall automatically [[emailprotected] ~]# systemctl enable FIREWALLD Turn off firewall automatically [email protected] ~]# systemctl disable FIREWALLD removed symlink/etc/system

SELinux (NSA) 3.1 off SELinux permanently shutdown selinux-effective after server restart /etc/selinux/config selinux= can take one Of these three values:enforcing default SELinux on run permissive

Tags: FTP server start ftp file data restore URL BSP LinuxFirst, display and set SELinux[[email protected] ~]# vim/etc/sysconfig/selinux//Mandatory mode licensing mode disable mode[[email protected] ~]# Getenforce//view current SELinux status[[email protected] ~]# setenforce//can switch between forced mode (1) license mode (0)[[email protected] ~]# sestatus//list

Tags: selinuxI. Introduction of SELinux?? SELinux mandatory access control of a strategy, in the traditional Linux system, all files, have users, groups and permissions to control access, in SELinux, all objects, by the security elements stored in the extended domain control access, all files, ports, processes have a security context, The security context consist

A CentOS + Nginx + PHP + MySQL virtual machine is configured. To share files between Linux virtual machines and Windows, install the Samba service on the Virtual Machine and configure anonymous access. I have never touched SELinux before. I didn't expect it to affect the access permission of folders. I learned some new things through the day of hard work. Note below CentOS + Nginx +PHP+ For file sharing between Linux and Windows virtual machines, inst

In RedHat Linux 5, install PHP SELinux protection and restart apache in the last step. The following error is reported: Httpd: Syntax error on line 53 of/usr/local/apache/conf/httpd. conf: Cannot load/usr/local/apache/modules/libphp5.so into server:/usr/local/apache/modules/libphp5.so: cannot restore segment prot after reloc: Permission denied Cause: There is a SELinux protection m

Date: October 30, 2016Usually in the Linux experiment, the Linux system will be shut down the firewall, to avoid being affected when doing experiments. After the system installation is complete, turn off the iptables firewall with SELinux and check the status of the firewall first: Service Iptables StatusTo view the SELinux status command:/usr/sbin/sestatus-vcommand to temporarily shut down the fire

First, view the current SELinux statusCommand line execution Getenforce 650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/86/E9/wKioL1fOjADCUozgAAAI5l9Eejw709.png "Styl E= "Float:none;" title= "9~6s485 ' 60wbu[zvm8_cbse.png" alt= "Wkiol1fojadcuozgaaai5l9eejw709.png"/>Second, temporarily modify the SELinux status (without restarting the immediate effect, restart after failure. ）Command line executio

/etc/security/limits.conf #定义对用户的各种限制# MAC: Mandatory access control. Added control of the application./etc/selinux/config #配置文件#thisfilecontrolsthestateofselinuxonthesystem.# SELINUX=cantakeoneofthesethreevalues: #3种工作模式 # enforcing-selinuxsecuritypolicyisenforced. #强制模式 # permissive-selinuxprintswarningsinsteadof enforcing. #警告模式 #disabled-noselinuxpolicyis loaded.

Article Source: http://blog.csdn.net/johnnycode/article/details/419475812014-12-16 DayThe Internet connection was handled well last night. In the morning I could not visit again.The phenomenon is Nginx can obtain respone head information, but respone body information intermittently can be obtained, nginx configured for monitoring 80port. Iptables and SELinux service stop state.Finally the processing conclusion is that an IDC request 80port must apply

If selinux is not disabled, httpd cannot use non-80 or other default ports. in this case, the httpd port is changed to 9080, and the following prompt is displayed: [root @ haifeng ~] # ServicehttpdstartStartinghttpd :( 13) Permissiondenied: make_sock: couldnot... if selinux is not disabled, httpd cannot use non-80 or other default ports. in this case, the httpd port is changed to 9080, and the following pro

#############################################This article is extremely ice original, reprint please indicate source #############################################1. SELinux can be understood as a security mechanism on Android, a security strengthening system designed for Linux by the NSA and some companiesWe can customize some of the permissions of our phone by configuring the policy of SELinux, for example,