Viewing and shutting down Selinux

Keywords: SELinux firewall vim

Note: This article is not an original article, which is transferred from the following:

View and setup of Selinux

1. Check SELinux status

1.1 getenforce

  • The getenforce command is a combination of the words get (get) and enforceto view the selinux status, as opposed to the setenforce command.

  • The setenforce command is a combination of the words set (setting) and enforceto set the selinux firewall status. For example, set enforce 0 is used to turn off selinux firewall, but fails after restart

    [root@localhost ~]# getenforce
Enforcing

1.2 /usr/sbin/sestatus

Current mode indicates the current security policy of selinux firewall

[root@localhost ~]# /usr/sbin/sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28

SELinux status: the status of selinux firewall. Enabled means selinux firewall is enabled
Current mode: the current security policy of selinux firewall, enforces means strong

2. Turn off SELinux

2.1 temporary closure

setenforce 0: used to turn off selinux firewall, but fails after restart.

[root@localhost ~]# setenforce 0
[root@localhost ~]# /usr/sbin/sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28

2.1 permanent closure

Modify the configuration file of selinux, and it will take effect after restart.

Open selinux configuration file

[root@localhost ~]# vim /etc/selinux/config

Modify selinux configuration file

Change SELinux = forcing to SELINUX=disabled, and exit after saving

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

At this time, the security policy to obtain the current selinux firewall is still Enforcing, and the configuration file does not take effect.

[root@localhost ~]# getenforce
Enforcing

restart

[root@localhost ~]# reboot

Verification

[root@localhost ~]# /usr/sbin/sestatus
SELinux status:                 disabled

[root@localhost ~]# getenforce
Disabled

Posted by unixmiah on Wed, 15 Apr 2020 10:33:34 -0700

Hot Keywords

©2024 Programmer Group