首頁 > 軟體

檢視SELinux狀態&關閉SELinux

2020-06-16 17:27:02

1. 檢視SELinux狀態

1.1 getenforce

  • getenforce 命令是單詞get(獲取)和enforce(執行)連寫,可檢視selinux狀態,與setenforce命令相反。

  • setenforce 命令則是單詞set(設定)和enforce(執行)連寫,用於設定selinux防火牆狀態,如: setenforce 0用於關閉selinux防火牆,但重新啟動後失效

    [root@localhost ~]# getenforce
Enforcing

1.2 /usr/sbin/sestatus

Current mode表示當前selinux防火牆的安全策略

[root@localhost ~]# /usr/sbin/sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28

SELinux status:selinux防火牆的狀態,enabled表示啟用selinux防火牆
Current mode: selinux防火牆當前的安全策略,enforcing 表示強

2. 關閉SELinux

2.1 臨時關閉

setenforce 0 :用於關閉selinux防火牆,但重新啟動後失效。

[root@localhost ~]# setenforce 0
[root@localhost ~]# /usr/sbin/sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28

2.1 永久關閉

修改selinux的組態檔,重新啟動後生效。

開啟 selinux 組態檔

[root@localhost ~]# vim /etc/selinux/config

修改 selinux 組態檔

將SELINUX=enforcing改為SELINUX=disabled,儲存後退出

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

此時獲取當前selinux防火牆的安全策略仍為Enforcing,組態檔並未生效。

[root@localhost ~]# getenforce
Enforcing

重新啟動

[root@localhost ~]# reboot

驗證

[root@localhost ~]# /usr/sbin/sestatus
SELinux status:                 disabled

[root@localhost ~]# getenforce
Disabled

本文永久更新連結地址http://www.linuxidc.com/Linux/2016-11/137723.htm


相關文章
IT145.com E-mail:sddin#qq.com