SELinux is a project launched by the National Security Agency to strengthen the system to a level that can reach the military. This also provides a stronger guarantee for Linux security.The so-called DAC, is the autonomous access control, that is, every user in order to be able to implement and other users to share files, before using ACLs, only by changing the permissions of other users of this file, but this method to the security of the system has
Linux Security Mode
DAC, autonomous access control
MAC, mandatory access control
SELinux
A set of MAC extension modules to strengthen Linux security
National Security Agency leads development
How SELinux works
Integrated Linux kernel (2.6 and above)
Operating system provides customizable policies and management tools
[[email protected] ~] # cat / etc / redhat-release
Red Hat Enterprise Linux Se
About SELinux
SELinux provides a flexible Mandatory Access Control System (MAC) at the Linux kernel level. This mandatory access control system is built on a free access control system (DAC.
DAC means that the system's Secure Access Control is freely managed by the system administrator root, not when the system forces Mac to run, for example, when an application or thread runs with a user UID or suid, it al
The company rented another Linux server and wanted to use Debian, but the management staff of the IDC would not install it, so they had to use rhel5 instead.
Zend optimizer is used for the system. I installed v3.3 and the installation process went smoothly. After I restarted Apache, I found that the Zend optimizer module was not loaded, and no records were found in Apache error_log, execute the PHP-V command with the following output:
Failed loading/usr/local/Zend/lib/Optimizer-3.3.0/zendoptimiz
The topic of this article is SELinux configuration on RHEL 5. RHEL also provides two methods to configure SELinux: graphical user interface (GUI) and command line. To demonstrate the ease of use of SELinux, This article uses the rhel gui to enable SELinux.
To enable SELinux
SELinux Properties of files1. Temporary modification of File type propertiesIncorrect file Type property is the main cause of common selinux denial of access1) Modify the SELinux properties of the file:[email protected] ~]# Touch Test.file # #新建文件[Email protected] ~]# ls-z Test.file # #查看文件的SELinux属性-rw-r--r--. Root ro
Original Address: http://www.ibm.com/developerworks/cn/linux/l-cn-selinux-services1/index.html?ca=drs-introductionSELinux's security measures are mainly focused on access control of various network services. For services like Apache, Samba, NFS, Vsftp, MySQL, Bind DNS, SELinux only opens the most basic operational requirements. As for connecting the external network, running scripts, accessing the user dire
SELinux tolerant mode (permissive) forced mode (enforcing) off (disabled) conversion between several modes when installing Intel's C + + and Fortran compilers in CentOS6.2 Encountered a situation where the mandatory mode of selinux is not enforceable,Need to close selinux or change the enforcing to permissive mode, after querying some of the data, the
To address the standard "user-group-other/read-write-execute" permissions, as well as restrictions on access control lists and enhanced security mechanisms, the National Security Agency (NSA) has designed a flexible access control (mandatory) method SELinux (Security enhanced Linux abbreviation), to restrict permissions beyond the standard permissions, allows the process to access as little as possible with minimal permissions or in system objects suc
When Linux is installed, it is usually the case that SELinux is turned on by default, which causes the installation of some services to be unsuccessful.It can be completely closed if not needed, here is how to view it in CentOS 7.0 and turn off SELinux.View SELinux StatusWhen Linux is installed, it is usually the case that SELinux is turned on by default, which c
Article Title: SELINUX from understanding to hands-on configuration. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
SELinux can provide great security protection for your system. Users can be assigned pre-defined roles so that they cannot access files or access programs
Linux selinux and LinuxselinuxOperating mode of SELinuxSubject: SELinux mainly wants to manage programs. Therefore, you can set the "Subject" and "process" to an equal sign;Object: the Object resource that the subject program can access is generally a file system. Therefore, this target project can be assigned an equal sign to the file system;Policy: because of the large number of programs and archives,
SELinux uses so-called Delegated access control (Mandatory access Control,mac) to manage permissions based on specific programs and specific file resources. Even the root user, when using a different program, the permissions you can obtain are not necessarily root, need to be based on the program settings.I. SELinux mode of operation1、主体(Subject) SELinux主要
Primary management of SELinux1. What is SELinuxSELinux, kernel-level enhanced firewall (a plugin on the kernel)SELinux (security-enhanced Linux) is the United States National Security Agency (NSA) implementation of mandatory access control, is the most outstanding new security subsystem in the history of Linux. The NSA, with the help of the Linux community, has developed an access control system that, under the constraints of the access control system
These two days to do lamp when found selinux such a thing, send a closed method!
Ways to turn off SELinux:
Modify the Selinux= "" in the/etc/selinux/config file as disabled and reboot.
If you do not want to reboot the system, use the command Setenforce 0
Note:
Setenforce 1 set
15.SElinux Security system Basics · SELinux (Secure enhanced Linux) Security Enhancements Linux is a NSA a brand-new security development for the computer infrastructure Linux security policy mechanism, SELinux allows administrators to define security policies more flexibly,· SELinux is a kernel-level security mechanis
This is the name of this article, because it is not very understanding of Selinux, perhaps you have a better way please tell me! first, the problem phenomenonafter Nginx startup, this machine can be accessed normally, using the Curl command to get the default index.html, the other interfaces are inaccessible. The remote access server prompts for the request information, check Nginx user rights and ports are normal, iptables not started. # curl-i local
SELinux (Security-EnhancedLinux) is the implementation of mandatory access control by the National Security Agency (NSA) and the most outstanding new Security subsystem in Linux history. Under such access control system restrictions, a process can only access the files required in its tasks. SELinux is installed on Fedora and RedHatEnterpriseLinux by default (CentOS is also included ). Although
1. What when SELinuxSELinux, kernel-level enhanced firewallBasic SELINUX Security ConceptsSELINUX (Security enhanced Linux) protects your systemThe extra mechanism of the whole sexIn a way, it can be seen as parallel to the standard permission systemSystem of permissions. In normal mode, the process runs as a user,and the files and other resources on the system are set permissions (controlWhich users have access to which files SELINUXAnother differenc
Using two cases to get a preliminary understanding of the working mechanism of selinux in Linux
SELinux is a MAC system provided in Linux kernel 2.6. For the currently available Linux security module, SELinux is the most comprehensive and fully tested. It was established based on 20 years of MAC research. SELinux combi
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.