selinux

Modify the configuration file to permanently close SELinux.Vim/etc/selinux/config# This file controls the state of the SELinux on the system.# selinux= can take one of these three values:# Enforcing-selinux security policy is enforced.# Permissive-selinux Prints warnings ins

Tags: selinux firewalldRed Hat Enterprise Linux 7 shuts down firewall and SELinuxFirst, close the firewall1. View the firewall status first[Email protected] ~]#systemctl status Firewalldfirewalld.service-firewalld-dynamic Firewall daemonLoaded:loaded (/usr/lib/systemd/system/firewalld.service; enabled)Active:active (running) since three 2017-10-11 15:31:32 CST; 2min 20s agoMain pid:809 (FIREWALLD)CGroup:/system.slice/firewalld.service└─809/usr/bin/pyt

Today, I built FTP, I used to create a Linux user can not login, echo results are: Oops:cannot Change Directory:/home/linux Check the next reason, originally is SELinux configuration problem, SELinux block vsftp user access to the home directory Here's how to fix it: If SELinux is enabled, the following error occurs when a local user accesses the server via ftp:O

1. Mandatory type of security contextin SELinux, the access control property is called the security context. Regardless of whether the subject or object has a security context associated with it, the security context is usually made up of three parts: User: Role: type. such as:$id-Zjoe:user_r:user_tin SELinux, the object or subject of an access control attribute has a context attribute on the association, b

Obtain MySQL permissions for files and folders in Linux (SELinux) Obtain MySQL permissions for files and folders in Linux (SELinux) Homepage → Database Technology Background:Read News Obtain MySQL permissions for files and folders in Linux (SELinux) [Date: 2012-11-22] Source: Linux Author: chencong112 [Font:] Move the MySQL database director

RHEL6.1 vsftpd SELinux configuration and enable local user upload Modify/etc/vsftpd. conf, set anonymous_enable = NO, local_enable = YES. In this way, we disable anonymity.User Access and allow local users to access www.2cto.com ============================ ========================================================== ================================ add users to the ftp group, and set linux permissions [root @ www ~] # Usermod-aG ftp alexscript [root @

Maxent is a library used by our system to extract keywords using the maximum entropy. When I checked the system log this morning, I found a SELinux alarm:Apr 3 04:57:49 nserver setroubleshoot: SELinux is preventing/usr/local/bin/python from loading/usr/local/lib/python2.5/Site-packages/maxent/_ cmaxent. so which requires text relocation. for complete SELinux mess

System apk, so I put it into the system/system/app, behind the run found still reported ioexeption:permission denied! Then I joined the android:shareduserid= "Android.uid.system" in manifest to run the process UID to system, and then need to sign platform certificate for it, and I signed the relevant signature. Back with a full of information to debug when found there are new permissions anomalies, followed by the Adnroid5.1 introduced SELinux relate

A case of selinux causing failureSuch an error is the first encounter, the troubleshooting process has no clue, has been tangled in the child Setpgid This place, fortunately in the Google process to see someone in the setting selinux when the relevant cases, so think of starting from this.Originally due to SELinux opened, but the more bizarre is from other termin

1. View the SELinux context[Email protected] ~]# Ls-lz[Email protected] ~]# ls-ldz/tmp/[[Email protected] ~]# PS AUXZ View the context of the process[[email protected] ~]# semanage Port--list View the context type of the port[[email protected] ~]# semanage fcontext--list View all directory contextsOpening and closing of 2.selinuxSetenforcing 1|0 SELinux temporarily turned on or offGetenforce View the status

There are three ways to set SELinux under Linux.First, in the graphical interface:Desktop--Manage security levels and firewalls, set to disable.Second, in the command mode:Modify the file:/etc/selinux/config, and then restart the system. Specific changesThird, run the command: Setup, go to "firewall Configuration", in the SELinux bar, select "Disable".Four, run t

A policy must contain declarations of all object classes and permissions supported by the SELinux kernel and other object managers. Generally speaking, as a strategy writer, we don't have to worry about creating new object classes. However, we need to understand the defined object class to write a more efficient SELinux strategy. It is useful to understand the object class and the permission declaration syn

To ensure that the other configuration is correct, can not upload, that is selinux restrictions; Solution steps: getsebool-a | grep ftp //list FTP related rules Boolean open state setsebool-p allow_ftpd_anon_write on //Allow anonymous user to write to ll-z/var/ftp/ // View the specific properties of the FTP folder, including the security context chcon-t public_content_rw_t/var/ftp/directory //Set

Tags: using user profiles sshd set vsftpd scripts ash/etc Linux SecuritySELinux security mechanism, system security? security-enhanced Linux– The NSA National Security Agency led development, a set of enhanced Linux systemsFull-force access control system– integrated into the Linux kernel (2.6 and above) running–RHEL7 based on SELinux system for users, processes, directories and filesProvides a pre-set protection policy, as well as management tools?

Ubuntu officially announced that it will include SELinux Technology in the latest Ubuntu 8.04 release, HardyHeron. In their official statement, it is a pleasure to announce this result, these are all attributed to the Ubuntu security project team and the Ubuntu optimization project team. In addition, we are grateful for the strong support from Tresys. In the latest Ubuntu8.04 version, SELinux is not the def

If selinux is not disabled, httpd cannot use non-80 or other default ports. In this case, the httpd port is changed to 9080, and the following prompt is displayed: [root @ haifeng ~] # Service httpd startStarting httpd: (13) Permission denied: make_sock: cocould not bind to address [::]: 9080 (13) Permission denied: make_sock: cocould not bind to address 0.0.0.0: 9080no listening sockets available, shutting downUnable to open logs [FAILED] solution: 1

SELinux-related tool commands the following describes SELinux-related tools/usr/bin/setenforce modify the real-time running mode of SELinux setenforce 1 Set SELinux to enforcing mode setenforce 0 set SELinux to permissive mode if you want to completely disable

localhost.localdomain systemd[1]: Started firewalld-dynami ...May 23:03:55 Bogon systemd[1]: Stopping firewalld-dynamic firewall da .....May 23:03:56 Bogon systemd[1]: Stopped firewalld-dynamic firewall daemon.Hint:some lines were ellipsized, use-l to show on full.3. Check if the Firewall service is booting[Email protected] ~]#Systemctl is-enabled FirewalldEnabled #开启4. Turn off the firewall boot[Email protected] ~]#Systemctl Disable FIREWALLDRM '/etc/systemd/system/dbus-org.fedoraproject.firew

Environment: Redhat 6.4oracle11g RACYou need to shut down the operating system's firewall and SELinux before installing oracle11g.1. Shut down firewall: iptables-f ———————————— Clear Firewall PolicyService iptables stop ——————— shut down the Firewall serviceChkconfig iptables off —————— Disable Firewall service from booting2. Turn off SELinuxThe value of the "selinux" parameter in the configuration file /et

########################################################################### #selinux的初级管理 ###########################################################################1. What when SELinuxSELinux, kernel-level enhanced firewall2. How to manage SELinux levelsSELinux turned on or off)Vim/etc/sysconfig/selinuxselinux=disabled # #关闭状态selinux=enforcing # #强制状态