Check SELinux status:
1. /usr/sbin/sestatus -v ##If the SELinux status parameter is enabled, it is turned on
SELinux status: enabled
2, getenforce ##You can also use this command to check
Turn off SELinux:
1. Temporarily shut down (without restarting the machine):
setenforce 0 ##Set SELinux to permissive mode
##setenforce 1 Set SELinux to enforcing mode
2. Modifying the configuration file requires restarting the machine:
Modify the /etc/selinux/config file
Change SELINUX=enforcing to SELINUX=disabled
Just restart the machine
The difference between the three modes of Enforcing, Permissive and Disable in selinux
1. If you want to immediately refuse to run SELinux:
[root@localhost ~]# setenforce 0
[root@localhost ~]# getenforce
Permissive
This command will set SELinux to Permissive mode, where setenforce 1 will set SELinux to Enforcing mode
2. Permanently set SELinux to Permissive mode
Here we need to talk about the difference between Permissive and Enforcing modes:
SELinux has three modes: Enforcing, Permissive and Disable. Enforcing mode is to apply the Policy set by SELinux. All rules (Rules) that violate the Policy will be rejected by SELinux. The difference between Permissive and Enforcing is that the former will still follow the SELinux Policy , but the operation that violates the rules will only be recorded and will not be rejected. Disable, as the name suggests, completely disables SELinux;
If we want to permanently set to Permissive mode, we have to modify the SELinux configuration file
/etc/sysconfig/selinux (in RHEL5 this is a symbolic link to /etc/selinux/conf)
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
#SELINUX=enforcing
SELINUX=permissive
# SELINUXTYPE = can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
Note that you need to restart after changing the configuration file to take effect
View the current status of selinux:
/usr/sbin/sestatus -v ##If the SELinux status parameter is enabled, it is enabled