RHCE254 2

来源：互联网发布：mac三国志13战斗卡编辑：程序博客网时间：2024/05/17 09:28

sestatus

vim /etc/sysconfig/selinux

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - SELinux is fully disabled.
SELINUX=enforcing
# SELINUXTYPE= type of policy in use. Possible values are:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.
SELINUXTYPE=targeted

getenforce

setenforce

chcon -t httpd_sys_content index.html

ls -Z

ps ax -Z | grep sendmail

semanage fcontext -a -t httpd_sys_content_t '/var/www/html(/.*)?'

semanage fcontext -l

getsebool -a |grep ftp

setsebool

[root@station3 ~]# setsebool allow_ftpd_anon_write=1

setsebool -P allow_ftpd_anon_write=1 －P 重启保存一定－P

semanage fcontext -l grep '/etc/mail(/.*)'

setroubleshootd

tail /var/log/messages

service setroubleshoot status

yum install setroubleshoot -y

chkconfig --list setroubleshoot

service httpd restart

iptables -L --line-number

iptables -D INPUT 1

iptables -I INPUT -s 192.168.0.254

ll /etc/rc.d/iptables

/etc

1.禁止除了 192.168.1.25 主机的 192.168.1.0/24 网络访问本机FTP 服务！

2.禁止202.103.0.117主机来访问本机WEB服务。（用 --deport 和 --sport写出规则）

3.禁止本机用户访问202.103.0.68的 DNS服务（用 --deport 和 --sport 写出规则）

1. iptables -A INPUT -s 192.168.1.25 -p tcp --deport 21 -j ACCEPT

iptables -A INPORT -s 192.168.1.0/24 -p tcp --deport 21 -j REJECT

2.iptables -A INPUT -s 202.103.0.117 -p tcp --deport 80 -j REJECT

iptables -A OUTPUT -d 202.103.0.117 -p tcp --sport 80 -j REJECT

3.iptables -A OUTPUT -d 202.103.0.68 -p udp --dport 53 -j DROP

iptables -A INPUT -s 202.103.0.68 -p udp --sport 53 -j DROP

iptables -nL 默认链策略

iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT

iptables -nvL

iptables -N rehe

iptables -L rece

iptables -A rehe -s 192.168.2.0/24 -j ACCEPT

iptables -L rehe

iptables -A INPUT -j rece

iptables -nvl INPUT

iptables -F rhce

iptables -X rhce