1. Introduction to SELinux
The biggest security change in Redhat Enterprise Linux as 3.0/4.0 is the integration of SELinux support.
SELinux, short for security-enhanced Linux, is an access control system developed by the National Security Agency (NSA.
SELinux can maximize the security of Linux systems. As to how
When installing Intel's C + + and Fortran compilers in CentOS6.2, you encounter a situation in which SELinux enforcement mode is not enforceable.Need to close selinux or change the enforcing to permissive mode, after querying some of the data, the selinux of several modes, and its relationship and conversion methods to do a summary, for later viewing and learning
SELinux base/Activate or deactivate selinux/change the domain of object/enable or disable program featuresGet more help with the SELinux authoritative guidePerhaps it should be called: how to understand windowsLinux is more secure than Windows, so it's unreasonable to say so.Security Level: A>b>c>dLinux (C2) Windows (C2)GUI Interface: Mac>windowsGraphics workstat
1. SELinux backgroundSelinux:secure enhanced Linux.It is a security module for the mandatory access control of Linux developed by the National Security Agency (Nsa=the) and the SCC (Securecomputing Corporation). Released in 2000 under the GNU GPL, the Linux kernel was integrated into the kernel after the 2.6 release.1.1. MACSELinux is based on Mac for access control and all is more secure. Unlike traditional access control, dac:discretionary access co
I saw some of my friends on the Forum saying:VsFTPdThe server can be started normally, but it cannot be accessed or the user cannot upload files. I think it should be a firewall or SELINUX event. The FTPD server may be protected by the firewall or SELINUX security mechanism. Therefore, you must have the firewall over ftp, and SELINUX over the ftp server;
In Fedor
To view the SELinux status:1,/usr/sbin/sestatus-v# #如果SELinux The status parameter is enabled and is turned on selinuxstatus: enabledsestatus # #直接执行命令SELinux status: enabled2 , getenforce # #也可以用这个命令检查enabled To turn off SELinux:1, temporary shutdown (do not restart the machine): Setenforce 0 # #设置
When you consider using SELinux on the server, it is helpful to know some basic commands and management tools. This article is part of three SELinux tutorials. Here, we will provide some commands to help you ensure the security of Linux servers.
Function
Command
Chcon
It is used to mark one or more files with a specific security environment.
Checkpolicy
Is
1. SELinux IntroductionSELINUX is the acronym for Security Enhanced Linux, which literally means secure hardening of Linux, developed by the National Security Agency (NSA), a module that integrates into the Linux core, is an implementation of mandatory access control (MAC), is The most outstanding new security subsystem in Linux history provides better access control than traditional UNIX permissions. Under the limitations of the
Linux Beginner-selinux articleSELinux is a mandatory access control (MAC) security system, the most outstanding new security system in the history of Linux. For the Linux security module, the SELinux function is the most comprehensive, the test is also the most sufficient, this is a kernel-based security system.1, the status of SELinuxThe command "Getenforce" can view the status of
Disable SELinux in CentOS/Linux
SELinux (Security-Enhanced Linux) is the implementation of mandatory access control by the National Security Agency (NSA) and the most outstanding New Security Subsystem in Linux history. Under such access control system restrictions, a process can only access the files required in its tasks. SELinux is installed on Fedora and Red
SELinuxBasic Overview:SELinux (security-enhanced Linux) is the United States National Security Agency (NSA) implementation of mandatory access control, is the most outstanding new security subsystem in the history of Linux. The NSA, with the help of the Linux community, has developed an access control system that, under the constraints of the access control system, can access only those files that are needed in his tasks. SELinux is installed on Fedor
This is currently the safest tutorial. if you are a newbie, strictly follow the steps in this tutorial. if you have a certain foundation, you can skip this tutorial.
This is currently the safest tutorial. if you are a newbie, follow the steps in this tutorial. if you have a certain foundation, you can skip some paragraphs.Modify port configurations
Run
vim /etc/ssh/sshd_config
Find the line # Port 22, remove the comment, and add a line of Port 1234 below.
Port 22Port 1234In many tutorials, 22 is
Three models of SELinuxEnforcing #permissive # tolerant mode: represents SELinux operation, but only warning messages do not actually restrict access to domain/type. This mode can be shipped as SELinux debug, disabled # closed, SELinux does not actually work. View the status of SELinux1. View configuration information/usr/sbin/sestatus-v#/usr/sb
SELinux Policy and rule management related orders: Seinfo command, sesearch command, getsebool command, setsebool command, Semanage command.Seinfo command The Seinfo command is used to query the policies provided by SELinux to provide how many rules, a principal process can read to the target file resource is focused on the SELinux policy and the rules within t
SELinux (security-enhanced Linux) is the United States National Security Agency (NSA) implementation of mandatory access control, is the most outstanding new security subsystem in the history of Linux. The NSA, with the help of the Linux community, has developed an access control system that, under the constraints of the access control system, can access only those files that are needed in his tasks. SELinux
about SELinux (security-enhanced Linux) : (Reference http://blog.csdn.net/flaght/article/details/2973910)Normal Linux uses the discretionary access control policy (discretionary Acces control, DAC) policy to restrict resource access. This strategy is relatively simple and weak, as long as the required permissions (file owners and file attributes, etc.) can be used resources, which is prone to security risks, and it is difficult to support many securit
This year we have celebrated SELinux's ten-year-old birthday. looking back at the ten-year-old development history, there is a sense of dreams. SELinux first appeared in FedoraCore3, and then logged on to the Red Hat Enterprise Linux4. SELinux, a friend who has never used SELinux or who wants to further confirm its basic definition, has celebrated the tenth birth
Selinux:selinux (Security-enhancedlinux) is the United States National Security Agency (NSA) implementation of mandatory access control, is the most outstanding new security subsystem in the history of Linux.Although it is a security function, but because of the function too much, everything to tube, so it is more troublesome to use, so you can turn it off, and then use other security methods instead.
"1" View 3 modes of SELinux operation[[Email
Almost certainly everyone has heard of SELinux (more accurately, tried to shut down), and even some past experience has made you biased against SELinux. But with the growing 0-day security hole, maybe it's time to get to know about this mandatory access control system (MAC) in the Linux kernel, and we'll encounter problems with SELinux control when we're just in
Understand SELinux, set to file SELinux security files, copy, move the impact of SELinux rules, set Apache, VSFTPD SELinux rules1. Understanding SELinux1) DAC: Refers to the control of a user's access to resources, i.e., permissionsMac:selinux tags, restrict the process access to resources, process is owned by the user
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.