首页 > 代码库 > SELinux、运行级别init、防火墙iptables

SELinux、运行级别init、防火墙iptables


SElinux是美国国家安全局对于强制访问控制的实现。


修改配置文件,使关闭SELinux永久生效:(重启生效)

[root@wuyike ~]# cat /etc/selinux/config 


# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

#     enforcing - SELinux security policy is enforced.

#     permissive - SELinux prints warnings instead of enforcing.

#     disabled - No SELinux policy is loaded.

SELINUX=enforcing

# SELINUXTYPE= can take one of these two values:

#     targeted - Targeted processes are protected,

#     mls - Multi Level Security protection.

SELINUXTYPE=targeted 


[root@wuyike ~]# sed -i "s#SELINUX=enforcing#SELINUX=disabled#g" /etc/selinux/config 

[root@wuyike ~]# cat /etc/selinux/config 


# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

#     enforcing - SELinux security policy is enforced.

#     permissive - SELinux prints warnings instead of enforcing.

#     disabled - No SELinux policy is loaded.

SELINUX=disabled

# SELINUXTYPE= can take one of these two values:

#     targeted - Targeted processes are protected,

#     mls - Multi Level Security protection.

SELINUXTYPE=targeted 



[root@wuyike ~]# grep =disabled /etc/selinux/config 

SELINUX=disabled


临时生效:

[root@wuyike ~]# getenforce

Enforcing

[root@wuyike ~]# setenforce

usage:  setenforce [ Enforcing | Permissive | 1 | 0 ]

[root@wuyike ~]# setenforce 0

[root@wuyike ~]# getenforce

Permissive

getenforce 检查selinux状态

setenforce 设置selinux状态 1 启用  0 警告,不启用


为了使重启或不重启都生效,以上两种方式都要修改



运行级别:

运行级别有7种,看各种级别:

[root@wuyike ~]# tail /etc/inittab

# Default runlevel. The runlevels used are:

#   0 - halt (Do NOT set initdefault to this)

#   1 - Single user mode    -->单用户模式

#   2 - Multiuser, without NFS (The same as 3, if you do not have networking)

#   3 - Full multiuser mode    -->完全的多用户模式

#   4 - unused

#   5 - X11    -->切换为桌面环境,需要安装了桌面软件包

#   6 - reboot (Do NOT set initdefault to this)

id:3:initdefault:

查看运行级别:

[root@wuyike ~]# runlevel

N 3

切换运行级别:

[root@wuyike ~]# init 6  --->(重启)


关闭linux防火墙的方法:

/etc/init.d/iptables stop==service iptables stop 最好连续执行两遍

或:

root@wuyike ~]# chkconfig iptables off

查看防火墙:

[root@wuyike ~]# iptables -L -n




SELinux、运行级别init、防火墙iptables