檢視Selinux和關閉Selinux

2021-08-15 09:28:51 字數 2568 閱讀 6267

selinux的檢視和設定

1.1 getenforce

1.2 /usr/sbin/sestatus

current mode表示當前selinux防火牆的安全策略

[root@localhost ~]# /usr/sbin/sestatus


selinux status:                 enabled


selinuxfs mount:                /sys/fs/selinux


selinux root directory:         /etc/selinux


loaded policy name:             targeted


current mode:                   enforcing


mode from config file:          enforcing


policy mls status:              enabled


policy deny_unknown status:     allowed


max kernel policy version:      28
selinux status:selinux防火牆的狀態,enabled表示啟用selinux防火牆

current mode: selinux防火牆當前的安全策略,enforcing 表示強

2.1 臨時關閉

setenforce 0:用於關閉selinux防火牆,但重啟後失效。

[root@localhost ~]# setenforce 0
[root@localhost ~]# /usr/sbin/sestatus


selinux status:                 enabled


selinuxfs mount:                /sys/fs/selinux


selinux root directory:         /etc/selinux


loaded policy name:             targeted


current mode:                   permissive


mode from config file:          enforcing


policy mls status:              enabled


policy deny_unknown status:     allowed


max kernel policy version:      28
2.1 永久關閉

修改selinux的配置檔案,重啟後生效。

開啟 selinux 配置檔案

[root@localhost ~]# vim /etc/selinux/config
修改 selinux 配置檔案

將selinux=enforcing改為selinux=disabled,儲存後退出

# this file controls the state of selinux on the system.


# selinux= can take one of these three values:


#     enforcing - selinux security policy is enforced.


#     permissive - selinux prints warnings instead of enforcing.


#     disabled - no selinux policy is loaded.


selinux=enforcing


# selinuxtype= can take one of three two values:


#     targeted - targeted processes are protected,


#     minimum - modification of targeted policy. only selected processes are protected. 


#     mls - multi level security protection.


selinuxtype=targeted
此時獲取當前selinux防火牆的安全策略仍為enforcing,配置檔案並未生效。

[root@localhost ~]# getenforce


enforcing
重啟
[root@localhost ~]# reboot
驗證
[root@localhost ~]# /usr/sbin/sestatus


selinux status:                 disabled


[root@localhost ~]# getenforce


disabled

檢視SELinux狀態 關閉SELinux

1.1 getenforce 1.2 usr sbin sestatus current mode表示當前selinux防火牆的安全策略 root localhost usr sbin sestatus selinux status enabled selinuxfs mount sys fs se...

檢視selinux狀態和關閉

檢視selinux狀態 1 usr sbin sestatus v 如果selinux status引數為enabled即為開啟狀態 selinux status enabled 2 getenforce 也可以用這個命令檢查 關閉selinux 1 臨時關閉 不用重啟機器 setenforce 0...

如何檢視,關閉和開啟selinux

以下介紹一下selinux相關的工具 usr bin setenforce 修改selinux的實時執行模式 setenforce 1 設定selinux 成為enforcing模式 setenforce 0 設定selinux 成為permissive模式 如果要徹底禁用selinux 需要在 e...