sestatus
vim /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=enforcing
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
getenforce
setenforce
chcon -t httpd_sys_content index.html
ls -Z
ps ax -Z | grep sendmail
semanage fcontext -a -t httpd_sys_content_t '/var/www/html(/.*)?'
semanage fcontext -l
getsebool -a |grep ftp
setsebool
[root@station3 ~]# setsebool allow_ftpd_anon_write=1
setsebool -P allow_ftpd_anon_write=1 -P 重启保存 一定 -P
semanage fcontext -l grep '/etc/mail(/.*)'
setroubleshootd
tail /var/log/messages
service setroubleshoot status
yum install setroubleshoot -y
chkconfig --list setroubleshoot
service httpd restart
iptables -L --line-number
iptables -D INPUT 1
iptables -I INPUT -s 192.168.0.254
ll /etc/rc.d/iptables
/etc
1.禁止除了 192.168.1.25 主机的 192.168.1.0/24 网络访问本机FTP 服务!
2.禁止202.103.0.117主机来访问本机WEB服务 。(用 --deport 和 --sport写出规则)
3.禁止本机用户访问202.103.0.68的 DNS服务(用 --deport 和 --sport 写出规则)
1. iptables -A INPUT -s 192.168.1.25 -p tcp --deport 21 -j ACCEPT
iptables -A INPORT -s 192.168.1.0/24 -p tcp --deport 21 -j REJECT
2.iptables -A INPUT -s 202.103.0.117 -p tcp --deport 80 -j REJECT
iptables -A OUTPUT -d 202.103.0.117 -p tcp --sport 80 -j REJECT
3.iptables -A OUTPUT -d 202.103.0.68 -p udp --dport 53 -j DROP
iptables -A INPUT -s 202.103.0.68 -p udp --sport 53 -j DROP
iptables -nL 默认链策略
iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT
iptables -nvL
iptables -N rehe
iptables -L rece
iptables -A rehe -s 192.168.2.0/24 -j ACCEPT
iptables -L rehe
iptables -A INPUT -j rece
iptables -nvl INPUT
iptables -F rhce
iptables -X rhce