Selinux

Selinux


配置文件  /etc/sysconfig/selinux
#vim /etc/sysconfig/selinux
  1 # This file controls the state of SELinux on the system.
  2 # SELINUX= can take one of these three values:
  3 #       enforcing - SELinux security policy is enforced.
  4 #       permissive - SELinux prints warnings instead of enforcing.
  5 #       disabled - SELinux is fully disabled.
  6 SELINUX=disabled
  7 # SELINUXTYPE= type of policy in use. Possible values are:
  8 #       targeted - Only targeted network daemons are protected.
  9 #       strict - Full SELinux protection.
10 SELINUXTYPE=targeted



安全机制
DAC  :自主访问控制    主体是用户
MAC  :强制访问控制     主体是进程

启用Selinux后
#cd /root/
#ll -Z              //查看文件的安全上下文(标签)
#ps -eZ|grep httpd    //查看进程的标签

#chcon -t httpd_sys_content_t /var/www/html/2.html   //修改文件的安全上下文中的类型,apache才能访问

[root@station252 ~]#semanage port -l |grep http    //查看http进程能使用的端口和安全上下文的类型
http_cache_port_t              tcp      3128, 8080, 8118, 11211, 10001-10010
http_cache_port_t              udp      3130, 11211
http_port_t                    tcp      80, 443, 488, 8008, 8009, 8443
pegasus_http_port_t            tcp      5988
pegasus_https_port_t           tcp      5989
[root@station252 ~]#

修改httpd 监听端口为8888后,需要将8888端口加入到安全上下文的http_port_t 类型,否则启动不了http
[root@station252 ~]# semanage port -a -t http_port_t -p tcp 8888
[root@station252 ~]# semanage port -l|grep http
http_cache_port_t              tcp      3128, 8080, 8118, 11211, 10001-10010
http_cache_port_t              udp      3130, 11211
http_port_t                    tcp      8888, 80, 443, 488, 8008, 8009, 8443
pegasus_http_port_t            tcp      5988
pegasus_https_port_t           tcp      5989
[root@station252 ~]#
[root@station252 ~]# service httpd start

[root@station3 ~]# getsebool -a |grep ftp          //查看selinux中ftp的bool值
[root@station3 ~]# setsebool -P ftp_home_dir on    //修改bool值


[root@vm8 ule]# getenforce
Enforcing
[root@vm8 ule]# setenforce 0
[root@vm8 ule]# getenforce
Permissive
[root@vm8 ule]# setenforce 1
[root@vm8 ule]# getenforce
Enforcing
[root@vm8 ule]# setenforce 2
usage:  setenforce [ Enforcing | Permissive | 1 | 0 ]
[root@vm8 ule]# 
已标记关键词 清除标记
©️2020 CSDN 皮肤主题: 创作都市 设计师:CSDN官方博客 返回首页