版權聲明: ########################################################################### 本文的所有內容均來自作者劉春凱的學習總結,未經本人許可,禁止私自轉發及使用。 QQ:1151887353 E-mail:[email protected] [email protected] ########################################################################## 第1章 關閉SElinux的方法 1.1 操作前備份 法一: [root@oldboyedu-36-02 ~]# cp/etc/selinux/config /etc/selinux/config.bak [root@oldboyedu-36-02 ~]# ls /etc/selinux config config.bak restorecond.conf restorecond_user.conf semanage.conf targeted 法二: [root@oldboyedu-36-02 ~]# sed -i.ori's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config===-i.ori替換前備份文件; [root@oldboyedu-36-02 ~]# ls /etc/selinux config config.bak config.ori restorecond.conf restorecond_user.conf semanage.conf targeted 1.2 永久關閉SElinux(修改配置文件) [root@oldboyedu-36-02 ~]# cat /etc/selinux/config # This file controls the state of SELinux on thesystem. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=enforcing # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls -Multi Level Security protection. SELINUXTYPE=targeted [root@oldboyedu-36-02 ~]# sed -i 's#SELINUX=enforcing#SELINUX=disabled#g'/etc/selinux/config [root@oldboyedu-36-02 ~]# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls -Multi Level Security protection. SELINUXTYPE=targeted ===需要重啓服務器才能生效(工作場景中不要以任何理由重啓服務器); 1.3 臨時關閉 [root@oldboyedu-36-02 ~]# getenforce ===查看selinux狀態 Enforcing [root@oldboyedu-36-02 ~]# setenforce ===查看selinux設置選項 usage: setenforce [ Enforcing | Permissive | 1 | 0 ]===1:開啓;0:提醒但不阻止; [root@oldboyedu-36-02 ~]# setenforce 0===設置爲0 [root@oldboyedu-36-02 ~]# getenforce Permissive 1.4 恢復SElinux的方法 法一:命令行恢復 setenforce 1; 法二:文件回覆 1、通過vi、sed直接修改配置文件 2、mv/etc/selinux/config.bak /etc/selinux/config==直接覆蓋配置文件 第2章 關閉防火牆iptables 2.1 臨時關閉iptables 查看防火牆狀態 法一: /etc/init.d/iptables status 法二: service iptables status 臨時關閉防火牆 法一: /etc/init.d/iptables stop /etc/init.d/iptables stop ===執行關閉兩次,確保關閉; 法二: service iptables stop service iptables stop /etc/init.d/iptables status或者service iptables status ===修改完成後,再次查看iptables狀態; 2.2 永久關閉iptables(開機自啓動項關閉iptables) 查看iptables是否開機自啓動 chkconfig | grep ipt 或者chkconfig --list iptables 關閉iptables的開機自啓動項 chkconfig iptables off 再次查看iptables開機自啓動是否關閉 chkconfig | grep ipt 或者chkconfig --list iptables
Linux基礎優化之SElinux和iptables項
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.