[root@localhost ~]# ll /etc/sysconfig/selinux
lrwxrwxrwx. 1 root root 17 May 10 16:38 /etc/sysconfig/selinux -> ../selinux/config
[root@localhost ~]# cat /etc/selinux/config
This file controls the state of SELinux on the system.
SELINUX= can take one of these three values:
enforcing – SELinux security policy is enforced.
permissive – SELinux prints warnings instead of enforcing.
disabled – No SELinux policy is loaded.
SELINUX=enforcing
SELINUXTYPE= can take one of these two values:
targeted – Targeted processes are protected,
mls – Multi Level Security protection.
SELINUXTYPE=targeted
[root@localhost ~]# getenforce
Enforcing
[root@localhost ~]# setenforce 0
[root@localhost ~]# getenforce
Permissive
[root@localhost ~]# touch /root/home.txt
[root@localhost ~]# ll /root/home.txt
-rw-r–r–. 1 root root 0 May 15 01:07 /root/home.txt
[root@localhost ~]# ll -Z /root/home.txt
-rw-r–r–. root root unconfined_u:object_r:admin_home_t:s0 /root/home.txt
[root@localhost ~]# chcon -t user_tmp_t /root/home.txt
[root@localhost ~]# ll -X /root/home.txt
-rw-r–r–. 1 root root 0 May 15 01:07 /root/home.txt
[root@localhost ~]#
chcon -t httpd_sys_content_t index.html //81.7
restorecon
getsebool
setsebool
[root@localhost ~]# getsebool -a
[root@localhost ~]# getsebool ftp_home_dir
ftp_home_dir –> off
[root@localhost ~]# setsebool ftp_home_dir on
[root@localhost ~]# getsebool ftp_home_dir
ftp_home_dir –> on
[root@localhost ~]# setsebool -P ftp_home_dir on
root@localhost ~]# file /var/log/audit/audit.log
/var/log/audit/audit.log: ASCII text, with very long lines
[root@localhost html]# iptables -L -n
[root@localhost html]# iptables -L -n
[root@localhost html]# iptables -L -n
[root@localhost html]# ss -tnl
原创文章,作者:fsy,如若转载,请注明出处:http://www.178linux.com/75854