op07-SELinux op
来源:互联网 发布:用友软件畅捷通 编辑:程序博客网 时间:2024/05/21 09:17
op07-SELinux op
1 SELinux
SELinux提供了比默认ugo+rwx更详细的权限控制。开启SELinux后,即使因为0day漏洞被提权,相应程序的权限在SELinux控制下也不会造成太大影响。
SELinux复杂,会对某些程序的安装和使用带来极大的难度;在没有真正理解SELinux之前,建议关闭SELinux。
2 查看SELinux状态
[root@husa ~]# /usr/sbin/sestatus -vSELinux status: enabledSELinuxfs mount: /sys/fs/selinuxSELinux root directory: /etc/selinuxLoaded policy name: targetedCurrent mode: permissiveMode from config file: permissivePolicy MLS status: enabledPolicy deny_unknown status: allowedMax kernel policy version: 28Process contexts:Current context: unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023Init context: system_u:system_r:init_t:s0/usr/sbin/sshd system_u:system_r:sshd_t:s0-s0:c0.c1023File contexts:Controlling terminal: unconfined_u:object_r:user_devpts_t:s0/etc/passwd system_u:object_r:passwd_file_t:s0/etc/shadow system_u:object_r:shadow_t:s0/bin/bash system_u:object_r:shell_exec_t:s0/bin/login system_u:object_r:login_exec_t:s0/bin/sh system_u:object_r:bin_t:s0 -> system_u:object_r:shell_exec_t:s0/sbin/agetty system_u:object_r:getty_exec_t:s0/sbin/init system_u:object_r:bin_t:s0 -> system_u:object_r:init_exec_t:s0/usr/sbin/sshd system_u:object_r:sshd_exec_t:s0
3 查看SELinux mode
[root@husa ~]# /usr/sbin/getenforcePermissive
4 临时关闭SELinux
Use Enforcing or 1 to put SELinux in enforcing mode.
Use Permissive or 0 to put SELinux in permissive mode.
[root@husa ~]# setenforce 0[root@husa ~]# setenforce 1
5 永久关闭SELinux
# This file controls the state of SELinux on the system.# SELINUX= can take one of these three values:# enforcing - SELinux security policy is enforced.# permissive - SELinux prints warnings instead of enforcing.# disabled - No SELinux policy is loaded.SELINUX=permissive# SELINUXTYPE= can take one of three two values:# targeted - Targeted processes are protected,# minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection.SELINUXTYPE=targeted
直接修改SELINUX的值为disabled然后重启
0 0
- op07-SELinux op
- OP
- selinux
- SELinux
- SELinux
- SELinux
- SELinux
- SELinux
- selinux
- SELinux
- SElinux
- Selinux
- SELinux
- SElinux
- selinux
- SElinux
- selinux
- Selinux
- python深度学习keras库学习(1)
- Matlab中使用文本文件(.txt)进行数据存取的技巧总结(1)
- hdu2161 Primes
- 【2016-01-17】只为记录
- 使用pageheap调试大型程序中越界访问问题(windows)
- op07-SELinux op
- C++操作文本
- 012-httpd2.4(CentOS 7) new features config
- 广播的实现--实现强制下线功能
- 从CVPR 2014看计算机视觉领域的最新热点
- CSS各种居中方法
- Java反射机制
- jackson 读取或载入磁盘上的 json 格式文件
- svn分支开发与主干合并(branch & merge)