• 查看SELinux状态&关闭SELinux


     

    1. 查看SELinux状态

    1.1 getenforce

    • getenforce 命令是单词get(获取)和enforce(执行)连写,可查看selinux状态,与setenforce命令相反。
    • setenforce 命令则是单词set(设置)和enforce(执行)连写,用于设置selinux防火墙状态,如: setenforce 0用于关闭selinux防火墙,但重启后失效
    [root@localhost ~]# getenforce
    Enforcing
    

    1.2 /usr/sbin/sestatus

    Current mode表示当前selinux防火墙的安全策略

    [root@localhost ~]# /usr/sbin/sestatus
    SELinux status:                 enabled
    SELinuxfs mount:                /sys/fs/selinux
    SELinux root directory:         /etc/selinux
    Loaded policy name:             targeted
    Current mode:                   enforcing
    Mode from config file:          enforcing
    Policy MLS status:              enabled
    Policy deny_unknown status:     allowed
    Max kernel policy version:      28
    
    

    SELinux status:selinux防火墙的状态,enabled表示启用selinux防火墙
    Current mode: selinux防火墙当前的安全策略,enforcing 表示强

    2. 关闭SELinux

    2.1 临时关闭

    setenforce 0 :用于关闭selinux防火墙,但重启后失效。

    [root@localhost ~]# setenforce 0
    
    [root@localhost ~]# /usr/sbin/sestatus
    SELinux status:                 enabled
    SELinuxfs mount:                /sys/fs/selinux
    SELinux root directory:         /etc/selinux
    Loaded policy name:             targeted
    Current mode:                   permissive
    Mode from config file:          enforcing
    Policy MLS status:              enabled
    Policy deny_unknown status:     allowed
    Max kernel policy version:      28
    

    2.1 永久关闭

    修改selinux的配置文件,重启后生效。

    打开 selinux 配置文件

    [root@localhost ~]# vim /etc/selinux/config
    
    

    修改 selinux 配置文件

    将SELINUX=enforcing改为SELINUX=disabled,保存后退出

    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    #     enforcing - SELinux security policy is enforced.
    #     permissive - SELinux prints warnings instead of enforcing.
    #     disabled - No SELinux policy is loaded.
    SELINUX=enforcing
    # SELINUXTYPE= can take one of three two values:
    #     targeted - Targeted processes are protected,
    #     minimum - Modification of targeted policy. Only selected processes are protected. 
    #     mls - Multi Level Security protection.
    SELINUXTYPE=targeted
    

    此时获取当前selinux防火墙的安全策略仍为Enforcing,配置文件并未生效。

    [root@localhost ~]# getenforce
    Enforcing
    

    重启

    [root@localhost ~]# reboot
    

    验证

    [root@localhost ~]# /usr/sbin/sestatus
    SELinux status:                 disabled
    
    [root@localhost ~]# getenforce
    Disabled
    
    
  • 相关阅读:
    android so壳入口浅析
    PySide图形界面开发(一)
    对一个伪装成微信的加固病毒的分析
    ZjDroid工具介绍及脱壳详细示例
    用pyinstaller把python代码打包成exe可执行文件
    Android下so注入汇总
    利用drozer进行Android渗透测试
    OWASP移动安全漏洞Top 10
    python with原理
    腾讯云
  • 原文地址:https://www.cnblogs.com/lcword/p/15949691.html
Copyright © 2020-2023  润新知