Skip to main content

SELinux

安全增強式 Security-Enhanced Linux(SELinux)是一個在內核中實踐的強制存取控制(MAC)安全性機制。SELinux 首先在 CentOS 4 出現,並在其後的 CentOS 發行版本獲得重大改善。這些改善代表用 SELinux 解決問題的方法亦隨著時間而改變。

基本指令

To check if SELinux is enabled

# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          permissive
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31

# getenforce
Permissive

To temporarily set SELinux to Enforcing/Permissive

# setenforce 1   // Enforcing

# setenforce 0   // Permissive

Permanently change SELinux
Edit the file /etc/selinux/config

## Change this line 
SELinux=disabled
Find Files with SELinux Security Context
# With the find command
find ~/UbuntuMint -type f -context '*httpd_sys_content_t*' -name '*.txt'

# With the ls command
ls -Z | grep 'object_r:user_home_t' | grep '\.txt$'

 

延伸閱讀