1. 查看SELinux狀態
1.1 getenforce
- getenforce 命令是單詞get(獲取)和enforce(執行)連寫,可查看selinux狀態,與setenforce命令相反。
-
setenforce 命令則是單詞set(設置)和enforce(執行)連寫,用於設置selinux防火牆狀態,如: setenforce 0用於關閉selinux防火牆,但重啟后失效
[root@localhost ~]# getenforce Enforcing
1.2 /usr/sbin/sestatus
Current mode表示當前selinux防火牆的安全策略
[root@localhost ~]# /usr/sbin/sestatus
SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 28 SELinux status:selinux防火牆的狀態,enabled表示啟用selinux防火牆
Current mode: selinux防火牆當前的安全策略,enforcing 表示強
2. 關閉SELinux
2.1 臨時關閉
setenforce 0 :用於關閉selinux防火牆,但重啟后失效。
[root@localhost ~]# setenforce 0[root@localhost ~]# /usr/sbin/sestatus
SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 282.1 永久關閉
修改selinux的配置文件,重啟后生效。
打開 selinux 配置文件
[root@localhost ~]# vim /etc/selinux/config 修改 selinux 配置文件
將SELINUX=enforcing改為SELINUX=disabled,保存后退出
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=enforcing # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted此時獲取當前selinux防火牆的安全策略仍為Enforcing,配置文件並未生效。
[root@localhost ~]# getenforce Enforcing重啟
[root@localhost ~]# reboot驗證
[root@localhost ~]# /usr/sbin/sestatus SELinux status: disabled [root@localhost ~]# getenforce Disabled