Linux下如何禁用或启用SeLinux
有些Linux默认都是启用SeLinux的,但是有些极少部分是没有开启的,那我们应该如何开启了,下面会讲到如何开启。
在/etc/sysconf下有一个SeLinux文件,使用vi打开,更改其中的SELINUX项的值就可以了, 注意更改完成后都要重新启动服务器。
- SELINUX=enforcing 使用SeLinux
开启SeLinux
vi /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
关闭SeLinux
- 暂时关闭或者开启不用重启服务器,否则设置无效
暂时关闭
以root用户运行以下命令
setenforce 0
这条命令就是将 SELinux 的模式(Mode)设置为 Permissive,就相当于让它继续处于运行状态,监控和记录信息,但是不采取任何拦截动作,也就相当于临时禁用 SELinux 了。但是重启系统后就会恢复到原来的状态。
可以将它恢复,或者临时启用
setenforce 1
永久关闭
- SELINUX=disable 禁用SeLinux
vi /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disable
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted