学习老男孩Linux的笔记总结29【第93课】93-不断补充SElinux用法的笔记

1. selinux是什么？

security-enhanced linux安全增强Linux

2. 查看selinux类型

[root@localhost ~]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

#     enforcing - SELinux security policy is enforced.    //开启状态

#     permissive - SELinux prints warnings instead of enforcing.    //警告但不阻止

#     disabled - No SELinux policy is loaded.    //不阻止

SELINUX=enforcing

# SELINUXTYPE= can take one of three two values:

#     targeted - Targeted processes are protected,

#     minimum - Modification of targeted policy. Only selected processes are protected.

#     mls - Multi Level Security protection.

SELINUXTYPE=targeted

3. 修改selinux的状态，修改完需要重启

[root@localhost ~]# cp /etc/selinux/config /etc/selinux/config.backup    //做好备份

[root@localhost ~]# sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config

[root@localhost ~]# grep =disabled /etc/selinux/config

SELINUX=disabled

4. 修改完selinux之后，必须重启服务器，但是生产环境下又不允许重启服务器。

[root@localhost ~]# getenforce     //检查selinux的状态

Enforcing

[root@localhost ~]# setenforce

usage:  setenforce [ Enforcing | Permissive | 1 | 0 ]

[root@localhost ~]# setenforce 1    //设置selinux的状态，1代表启用，0代表警告单不启用

[root@localhost ~]# getenforce

Enforcing

[root@localhost ~]# setenforce 0

[root@localhost ~]# getenforce

Permissive