管理SELINUX

开启&监视SELinux'

修改SELinux模式

修改SELinux上下文

修改SELinux的布尔值

SELinux故障排查

 

RH4开始，RH5完善

安全级别

极大提高安全性

SELinux对系统里面所有设备打标签，限制所有用户的所有行为，防止间接破坏

[root@sky ~]# getenforce
Enforcing
[root@sky ~]# setenforce 0    //只做记录不限制
[root@sky ~]# getenforce
Permissive
[root@sky ~]# setenforce 1
[root@sky ~]# getenforce
Enforcing
[root@sky ~]#

[root@sky etc]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted