centos如何查看以及关闭SELinux

  • centos如何查看以及关闭SELinux已关闭评论
  • 5 views
  • A+
所属分类:linux

在生成环境中,服务器基本上都是把selinux关闭了,因为SELinux的一些安全策略会导致服务无法正常使用,再一个就是一旦使用SELinux,大并发情况下,服务器资源耗费就显得太浪费了。

我这里就简单的说一下关于SELinux的一些命令以及配置。

怎样查看selinux状态

[root@k4df2v /root]# getenforce
Enforcing

如上,说明SELinux已经策略生效中而且很严格,然后我们看看都有什么策略

[root@k4df2v /root]# /usr/sbin/sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28
  • SELinux status:SELinux防火墙的状态,enabled表示启用SELinux防火墙
  • Current mode: SELinux防火墙当前的安全策略,enforcing 表示强

怎样关闭SELinux

 临时关闭

[root@k4df2v /root]# setenforce 0
[root@k4df2v /root]# /usr/sbin/sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28

永久关闭

修改 selinux 配置文件

将SELINUX=enforcing改为SELINUX=disabled,保存后退出

[root@k4df2v /root]# vi /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

验证:

[root@k4df2v /root]# /usr/sbin/sestatus
SELinux status:                 disabled

[root@k4df2v /root]# getenforce
Disabled

 

  • 安卓客户端下载
  • 微信扫一扫
  • weinxin
  • 微信公众号
  • 微信公众号扫一扫
  • weinxin
avatar