[root@server1 ~]# cat /etc/selinux/config # This file controls the state of SELinux on the system.# SELINUX= can take one of these three values:# enforcing - SELinux security policy is enforced.# permissive - SELinux prints warnings instead of disabled.# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:# targeted - Targeted processes are protected,# minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection.
SELINUXTYPE=targeted
模式
中文
说明
enforcing
强制模式
违反SELinux规则的行为将被阻止并记录到日志中
permissive
宽容模式
违反SELinux规则的行为只会记录到日志中,一般为调试用
disabled
关闭模式
关闭SELinux
SELinux使用
基本使用
配置文件
[root@server1 ~]# cat /etc/selinux/config # This file controls the state of SELinux on the system.# SELINUX= can take one of these three values:# enforcing - SELinux security policy is enforced.# permissive - SELinux prints warnings instead of disabled.# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:# targeted - Targeted processes are protected,# minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection.
SELINUXTYPE=targeted
开启selinux
[root@server1 ~]# sed -i 's/SELINUX=disabled/SELINUX=enforing/' /etc/selinux/config
重启系统(不然selinux不生效)
[root@server1 ~]# reboot
查看selinux的模式
[root@server1 ~]# getenforce
Permissive
命令行设置selinux的模式(0为permissive;1为enforing)
[root@server1 ~]# setenforce 1[root@server1 ~]# getenforce
Enforcing
查看文件selinux规则
[root@server1 ~]# touch file1[root@server1 ~]# ll -Z file1 -rw-r--r--. root root unconfined_u:object_r:admin_home_t:s0 file1
查看进程selinux规则
[root@server1 ~]# ps -efZ |grep httpd
system_u:system_r:httpd_t:s0 root 1565 1 0 14:58 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
system_u:system_r:httpd_t:s0 apache 1567 1565 0 14:58 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
system_u:system_r:httpd_t:s0 apache 1568 1565 0 14:58 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
system_u:system_r:httpd_t:s0 apache 1569 1565 0 14:58 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
system_u:system_r:httpd_t:s0 apache 1570 1565 0 14:58 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND