Check the SeLinux status and close the difference between the three modes of Enforcing, Permissive and Disable in SeLinux selinux under CentOS

Others 2022-04-20 14:57:15 views: 0

Check SELinux status:

1. /usr/sbin/sestatus -v ##If the SELinux status parameter is enabled, it is turned on

SELinux status:                 enabled

2, getenforce ##You can also use this command to check

Turn off SELinux:

1. Temporarily shut down (without restarting the machine):

setenforce 0 ##Set SELinux to permissive mode

##setenforce 1 Set SELinux to enforcing mode

2. Modifying the configuration file requires restarting the machine:

Modify the /etc/selinux/config file

Change SELINUX=enforcing to SELINUX=disabled

Just restart the machine

The difference between the three modes of Enforcing, Permissive and Disable in selinux

1. If you want to immediately refuse to run SELinux:
[root@localhost ~]# setenforce 0

[root@localhost ~]# getenforce

Permissive
This command will set SELinux to Permissive mode, where setenforce 1 will set SELinux to Enforcing mode

2. Permanently set SELinux to Permissive mode
Here we need to talk about the difference between Permissive and Enforcing modes:

SELinux has three modes: Enforcing, Permissive and Disable. Enforcing mode is to apply the Policy set by SELinux. All rules (Rules) that violate the Policy will be rejected by SELinux. The difference between Permissive and Enforcing is that the former will still follow the SELinux Policy , but the operation that violates the rules will only be recorded and will not be rejected. Disable, as the name suggests, completely disables SELinux;


If we want to permanently set to Permissive mode, we have to modify the SELinux configuration file
/etc/sysconfig/selinux (in RHEL5 this is a symbolic link to /etc/selinux/conf)
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
#SELINUX=enforcing
SELINUX=permissive
# SELINUXTYPE = can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted 

Note that you need to restart after changing the configuration file to take effect

View the current status of selinux:

/usr/sbin/sestatus -v ##If the SELinux status parameter is enabled, it is enabled
 

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=324327564&siteId=291194637
Recommended
TIOBE May list: Fortran “resurrected” into Top 10
GCC 14.1 released
Ranking
B. Little Girl and Game【1300 / 回文字符串 博弈论】
CIKERS Shane 20190613
"Javascript advanced programming" study notes - the constructor and prototype
beeline hiveserver2 start
springboot - Automatically backup mysql data every day
Data Storage Full Solution--Detailed Persistence Technology
Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original
TCP / IP protocol layers structure and function
Command type literal pos: unknown; Fallback type literal pos: unknown] with root cause
Design of multifunctional curtain controller with indoor anti-theft alarm
Daily
More
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)

Code World

© 2018 codetd.com