【就业班作业】【第十周】1、编写脚本selinux.sh,实现开启或禁用SELinux功能
编写脚本selinux.sh,实现开启或禁用SELinux功能:
#!/bin/bash # echo "########################################" echo -e "Current status:\n`sestatus`" echo "########################################" echo -e "\n" read -p "Please input enable|disable|permissive|quit to set selinux:" Arg if [ $Arg == "enable" ] ; then setenforce 1 sed -ri.bak "s#^SELINUX=.*#SELINUX=enforcing#" /etc/selinux/config &>/dev/null echo "Selinux current status is `getenforce`" echo "Selinux'config file is set `sed -n "/^SELINUX=/p" /etc/selinux/config`" exit elif [ $Arg == "disable" ] ; then setenforce 0 sed -ri.bak "s#^SELINUX=.*#SELINUX=disabled#" /etc/selinux/config &>/dev/null echo "Selinux current status is `getenforce`,But Disabled's status need to reboot" echo "Selinux'config file is set `sed -n "/^SELINUX=/p" /etc/selinux/config`" exit elif [ $Arg == "permissive" ] ; then setenforce Permissive sed -ri.bak "s#^SELINUX=.*#SELINUX=Permissive#" /etc/selinux/config &>/dev/null echo "Selinux current status is `getenforce`" echo "Selinux'config file is set `sed -n "/^SELINUX=/p" /etc/selinux/config`" exit else [ $Arg == "quit" ] echo "The shell exit" exit fi
测试效果:
[root@localhost data]# bash +x ./selinuxset.sh ######################################## Current status: SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive Mode from config file: permissive Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 31 ######################################## Please input enable|disable|permissive|quit to set selinux:enable Selinux current status is Enforcing Selinux'config file is set SELINUX=enforcing [root@localhost data]# bash +x ./selinuxset.sh ######################################## Current status: SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 31 ######################################## Please input enable|disable|permissive|quit to set selinux:disable Selinux current status is Permissive,But Disabled's status need to reboot Selinux'config file is set SELINUX=disabled [root@localhost data]# bash +x ./selinuxset.sh ######################################## Current status: SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive Mode from config file: disabled Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 31 ######################################## Please input enable|disable|permissive|quit to set selinux:permissive Selinux current status is Permissive Selinux'config file is set SELINUX=Permissive [root@localhost data]# sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive Mode from config file: permissive Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 31 [root@localhost data]#
(结束)