CentOS查看、修改SELinux的状态

SELinux(Security-Enhanced Linux) 是美国国家安全局（NSA）对于强制访问控制的实现，是 linux历史上最杰出的新安全子系统。但是我们一般都不用它，因为它管的东西太多了，想做安全可以用防火墙等其他措施。 

我们可以通过查看配置文件的命令 cat /etc/selinux/config 来查看状态，

 [root@mazhonghua ~]# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=enforcing # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted 

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12

发现SELinux共有3个状态enforcing （执行中）、permissive （不执行但产生警告）、disabled（关闭）。  我们可以通过修改配置文件来修改SELinux的状态

 [root@mazhonghua ~]# sed -i s#SELINUX=enforcing#SELINUX=disabled# /etc/selinux/config [root@mazhonghua ~]# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted 

• 1
• 2
• 3
• 4
• 9
• 5
• 6
• 7
• 8
• 10
• 11
• 12
• 13