- A+
所属分类:未分类
在生成环境中,服务器基本上都是把selinux关闭了,因为SELinux的一些安全策略会导致服务无法正常使用,再一个就是一旦使用SELinux,大并发情况下,服务器资源耗费就显得太浪费了。
我这里就简单的说一下关于SELinux的一些命令以及配置。
怎样查看selinux状态
[root@k4df2v /root]# getenforce Enforcing
如上,说明SELinux已经策略生效中而且很严格,然后我们看看都有什么策略
[root@k4df2v /root]# /usr/sbin/sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 28
- SELinux status:SELinux防火墙的状态,enabled表示启用SELinux防火墙
- Current mode: SELinux防火墙当前的安全策略,enforcing 表示强
怎样关闭SELinux
临时关闭
[root@k4df2v /root]# setenforce 0
[root@k4df2v /root]# /usr/sbin/sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 28
永久关闭
修改 selinux 配置文件
将SELINUX=enforcing改为SELINUX=disabled,保存后退出
[root@k4df2v /root]# vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
验证:
[root@k4df2v /root]# /usr/sbin/sestatus SELinux status: disabled [root@k4df2v /root]# getenforce Disabled
- 安卓客户端下载
- 微信扫一扫
- 微信公众号
- 微信公众号扫一扫