linux SELINUX 查看配置文件
【摘要】 ECS信息规格:2vCPUs | 4GiB | kc1.large.2镜像:openEuler 20.03 64bit with ARM | 公共镜像 linux SELINUX 查看配置文件 /etc/sysconfig/selinux是符号链接# stat /etc/sysconfig/selinux File: /etc/sysconfig/selinux -> ../seli...
ECS信息
- 规格:2vCPUs | 4GiB | kc1.large.2
- 镜像:openEuler 20.03 64bit with ARM | 公共镜像
linux SELINUX 查看配置文件
/etc/sysconfig/selinux是符号链接
# stat /etc/sysconfig/selinux
File: /etc/sysconfig/selinux -> ../selinux/config
Size: 17 Blocks: 0 IO Block: 4096 symbolic link
Device: fd02h/64770d Inode: 141813 Links: 1
Access: (0777/lrwxrwxrwx) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2021-10-04 15:57:54.203285534 +0800
Modify: 2020-05-18 10:35:49.716000000 +0800
Change: 2020-05-18 10:35:49.716000000 +0800
Birth: 2020-05-18 10:35:49.716000000 +0800
/etc/selinux/config是实际的配置文件
# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
- SELINUX的模式有三种:enforcing、permissive、disabled
- SELINUXTYPE的策略有三种:targeted、minimum、mls
tree 查看 /etc/selinux/ 的目录结构
- 安装tree
# tree
-bash: tree: command not found
# yum install tree
Last metadata expiration check: 2:46:11 ago on Mon 04 Oct 2021 01:19:18 PM CST.
Dependencies resolved.
=====================================================================================================================================
Package Architecture Version Repository Size
=====================================================================================================================================
Installing:
tree aarch64 1.7.0-18.oe1 OS 49 k
Transaction Summary
=====================================================================================================================================
Install 1 Package
Total download size: 49 k
Installed size: 165 k
Is this ok [y/N]: y
Downloading Packages:
tree-1.7.0-18.oe1.aarch64.rpm 1.6 MB/s | 49 kB 00:00
-------------------------------------------------------------------------------------------------------------------------------------
Total 1.5 MB/s | 49 kB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : tree-1.7.0-18.oe1.aarch64 1/1
Verifying : tree-1.7.0-18.oe1.aarch64 1/1
Installed:
tree-1.7.0-18.oe1.aarch64
Complete!
# pwd
/etc/selinux
# tree
.
├── config
├── restorecond.conf
├── restorecond_user.conf
├── semanage.conf
└── targeted
├── booleans.subs_dist
├── contexts
│ ├── customizable_types
│ ├── dbus_contexts
│ ├── default_contexts
│ ├── default_type
│ ├── failsafe_context
│ ├── files
│ │ ├── file_contexts
│ │ ├── file_contexts.homedirs
│ │ ├── file_contexts.local
│ │ ├── file_contexts.subs
│ │ ├── file_contexts.subs_dist
│ │ └── media
│ ├── initrc_context
│ ├── lxc_contexts
│ ├── openssh_contexts
│ ├── removable_context
│ ├── securetty_types
│ ├── sepgsql_contexts
│ ├── snapperd_contexts
│ ├── systemd_contexts
│ ├── userhelper_context
│ ├── users
│ │ ├── guest_u
│ │ ├── root
│ │ ├── staff_u
│ │ ├── sysadm_u
│ │ ├── unconfined_u
│ │ ├── user_u
│ │ └── xguest_u
│ ├── virtual_domain_context
│ ├── virtual_image_context
│ └── x_contexts
├── logins
├── policy
│ └── policy.31
├── setrans.conf
└── seusers
6 directories, 38 files
虽然selinux配置起来有些复杂,但是强烈建议在生产环境中开启selinux!为了安全着想,安全生产才是基线!
学习资料
欢迎各位同学一起来交流学习心得^_^
【版权声明】本文为华为云社区用户原创内容,转载时必须标注文章的来源(华为云社区)、文章链接、文章作者等基本信息, 否则作者和本社区有权追究责任。如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容,举报邮箱:
cloudbbs@huaweicloud.com
- 点赞
- 收藏
- 关注作者
评论(0)