selinux

SELinux is a project launched by the National Security Agency to strengthen the system to a level that can reach the military. This also provides a stronger guarantee for Linux security.The so-called DAC, is the autonomous access control, that is, every user in order to be able to implement and other users to share files, before using ACLs, only by changing the permissions of other users of this file, but this method to the security of the system has

Linux Security Mode DAC, autonomous access control MAC, mandatory access control SELinux A set of MAC extension modules to strengthen Linux security National Security Agency leads development How SELinux works Integrated Linux kernel (2.6 and above) Operating system provides customizable policies and management tools [[email protected] ~] # cat / etc / redhat-release Red Hat Enterprise Linux Se

About SELinux SELinux provides a flexible Mandatory Access Control System (MAC) at the Linux kernel level. This mandatory access control system is built on a free access control system (DAC. DAC means that the system's Secure Access Control is freely managed by the system administrator root, not when the system forces Mac to run, for example, when an application or thread runs with a user UID or suid, it al

The company rented another Linux server and wanted to use Debian, but the management staff of the IDC would not install it, so they had to use rhel5 instead. Zend optimizer is used for the system. I installed v3.3 and the installation process went smoothly. After I restarted Apache, I found that the Zend optimizer module was not loaded, and no records were found in Apache error_log, execute the PHP-V command with the following output: Failed loading/usr/local/Zend/lib/Optimizer-3.3.0/zendoptimiz

The topic of this article is SELinux configuration on RHEL 5. RHEL also provides two methods to configure SELinux: graphical user interface (GUI) and command line. To demonstrate the ease of use of SELinux, This article uses the rhel gui to enable SELinux. To enable SELinux

SELinux Properties of files1. Temporary modification of File type propertiesIncorrect file Type property is the main cause of common selinux denial of access1) Modify the SELinux properties of the file:[email protected] ~]# Touch Test.file # #新建文件[Email protected] ~]# ls-z Test.file # #查看文件的SELinux属性-rw-r--r--. Root ro

Original Address: http://www.ibm.com/developerworks/cn/linux/l-cn-selinux-services1/index.html?ca=drs-introductionSELinux's security measures are mainly focused on access control of various network services. For services like Apache, Samba, NFS, Vsftp, MySQL, Bind DNS, SELinux only opens the most basic operational requirements. As for connecting the external network, running scripts, accessing the user dire

SELinux tolerant mode (permissive) forced mode (enforcing) off (disabled) conversion between several modes when installing Intel's C + + and Fortran compilers in CentOS6.2 Encountered a situation where the mandatory mode of selinux is not enforceable,Need to close selinux or change the enforcing to permissive mode, after querying some of the data, the

To address the standard "user-group-other/read-write-execute" permissions, as well as restrictions on access control lists and enhanced security mechanisms, the National Security Agency (NSA) has designed a flexible access control (mandatory) method SELinux (Security enhanced Linux abbreviation), to restrict permissions beyond the standard permissions, allows the process to access as little as possible with minimal permissions or in system objects suc

When Linux is installed, it is usually the case that SELinux is turned on by default, which causes the installation of some services to be unsuccessful.It can be completely closed if not needed, here is how to view it in CentOS 7.0 and turn off SELinux.View SELinux StatusWhen Linux is installed, it is usually the case that SELinux is turned on by default, which c

Article Title: SELINUX from understanding to hands-on configuration. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source. SELinux can provide great security protection for your system. Users can be assigned pre-defined roles so that they cannot access files or access programs

Linux selinux and LinuxselinuxOperating mode of SELinuxSubject: SELinux mainly wants to manage programs. Therefore, you can set the "Subject" and "process" to an equal sign;Object: the Object resource that the subject program can access is generally a file system. Therefore, this target project can be assigned an equal sign to the file system;Policy: because of the large number of programs and archives,

SELinux uses so-called Delegated access control (Mandatory access Control,mac) to manage permissions based on specific programs and specific file resources. Even the root user, when using a different program, the permissions you can obtain are not necessarily root, need to be based on the program settings.I. SELinux mode of operation1、主体（Subject） SELinux主要

Primary management of SELinux1. What is SELinuxSELinux, kernel-level enhanced firewall (a plugin on the kernel)SELinux (security-enhanced Linux) is the United States National Security Agency (NSA) implementation of mandatory access control, is the most outstanding new security subsystem in the history of Linux. The NSA, with the help of the Linux community, has developed an access control system that, under the constraints of the access control system

These two days to do lamp when found selinux such a thing, send a closed method! Ways to turn off SELinux: Modify the Selinux= "" in the/etc/selinux/config file as disabled and reboot. If you do not want to reboot the system, use the command Setenforce 0 Note: Setenforce 1 set

15.SElinux Security system Basics · SELinux (Secure enhanced Linux) Security Enhancements Linux is a NSA a brand-new security development for the computer infrastructure Linux security policy mechanism, SELinux allows administrators to define security policies more flexibly,· SELinux is a kernel-level security mechanis

This is the name of this article, because it is not very understanding of Selinux, perhaps you have a better way please tell me! first, the problem phenomenonafter Nginx startup, this machine can be accessed normally, using the Curl command to get the default index.html, the other interfaces are inaccessible. The remote access server prompts for the request information, check Nginx user rights and ports are normal, iptables not started. # curl-i local

SELinux (Security-EnhancedLinux) is the implementation of mandatory access control by the National Security Agency (NSA) and the most outstanding new Security subsystem in Linux history. Under such access control system restrictions, a process can only access the files required in its tasks. SELinux is installed on Fedora and RedHatEnterpriseLinux by default (CentOS is also included ). Although

1. What when SELinuxSELinux, kernel-level enhanced firewallBasic SELINUX Security ConceptsSELINUX (Security enhanced Linux) protects your systemThe extra mechanism of the whole sexIn a way, it can be seen as parallel to the standard permission systemSystem of permissions. In normal mode, the process runs as a user,and the files and other resources on the system are set permissions (controlWhich users have access to which files SELINUXAnother differenc

Using two cases to get a preliminary understanding of the working mechanism of selinux in Linux SELinux is a MAC system provided in Linux kernel 2.6. For the currently available Linux security module, SELinux is the most comprehensive and fully tested. It was established based on 20 years of MAC research. SELinux combi