一些Linux默認都是啟用SeLinux的,在安裝操作系統的時候我們可以選擇開啟或者關閉SeLinux,但是在安裝完系統之后又如何開啟與關閉呢?
在/etc/sysconf下有一個SeLinux文件,使用vi打開,更改其中的SELINUX項的值就可以了。
- SELINUX=disable 禁用SeLinux
- SELINUX=enforcing 使用SeLinux
[root@localhost sysconfig]# vim selinux # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=enforcing # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
關閉SELinux
1.無須重起而暫時關閉SELinux
- 以root用戶運行以下命令
setenforce 0
這條命令的作用是把SELinux暫時設定成Permissive模式(關於Permissive Mode在以下會有介紹)
如果要恢復運行SELinux則可以運行
setenforce 1
這條命令會把SELinux設定成Enforcing模式
2.把SELinux永久設定為Permissive模式
這里需要講一下Permissive和Enforcing模式的區別。 SELinux有三種模式:Enforcing, Permissive and Disable.
Enforcing模式就是應用SELinux所設定的Policy, 所有違反Policy的規則(Rules)都會被SELinux拒絕
Permissive和Enforcing的區別就在於它還是會遵循SELinux的Policy,但是對於違反規則的操作只會予以記錄而並不會拒絕操作
Disable 顧名思義就是完全禁用SELinux
如果要永久設定為Permissive模式,我們就要修改SELinux的配置文件 /etc/sysconfig/selinux (在RHEL5下這是一個symbolic link to /etc/selinux/conf)
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=enforcing
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
修改SELINUX=permissive,然后重新啟動就可以了