CentOS 7 開啟/關閉SELinux
雖然SELinux的本意是好的,但真的很不便,本文將會介紹如何開啟/關閉SELinux!
SELinux(Security-Enhanced Linux):以最小權限為原則的安全管理模式,這軟體的權限凌駕於原本Linux的使用者(User)、群組(Group)、防火牆…等軟體之上。為的就是透過各種方式(不方便)讓Linux達到最安全設定!
但是,假如Server實際上是不開放給其他PowerUser使用的話,其實不太需要擔心!
Step 1
確認SELinux是否被啟動
SELinux停止運作狀態
|
1 2 |
[andy@www ~]$ sudo sestatus SELinux status: disabled |
SELinux正常運作狀態
|
1 2 3 4 5 6 7 |
[andy@www ~]# sudo sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 21 Policy from config file: targeted |
Step 2
暫時停止SELinux
(重開機之後,會恢復原始設定)
|
1 |
[andy@www ~]$ sudo setenforce 0 |
暫時啟動SELinux
(重開機之後,會恢復原始設定)
|
1 |
[andy@www ~]$ sudo setenforce 1 |
Step 3
|
1 |
[andy@www ~]$ sudo vim /etc/selinux/config |
|
1 2 3 4 5 6 7 8 9 10 11 |
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted |
永久停止SELinux:將第6行改為SELINUX=disable
永久啟用SELinux:將第6行改為SELINUX=enable
下次重開機時就會套用設定檔的設定值了
