- 浏览: 1774578 次
- 性别:
- 来自: 北京
文章分类
最新评论
-
奔跑的小牛:
例子都打不开
如何使用JVisualVM进行性能分析 -
蜗牛coder:
好东西[color=blue][/color]
Lucene学习:全文检索的基本原理 -
lovesunweina:
不在haoop中是在linux系统中,映射IP的时候,不能使用 ...
java.io.IOException: Incomplete HDFS URI, no host -
evening_xxxy:
挺好的, 谢谢分享
如何利用 JConsole观察分析Java程序的运行,进行排错调优 -
di1984HIT:
学习了~~~
ant使用ssh和linux交互 如:上传文件
4 Effective Methods to Disable SELinux Temporarily or Permanently
- 博客分类:
- LINUX
http://www.thegeekstuff.com/2009/06/how-to-disable-selinux-redhat-fedora-debian-unix/
On some of the Linux distribution SELinux is enabled by default,
which may cause some unwanted issues, if you don’t understand how
SELinux works and the fundamental details on how to configure it. I
strongly recommend that you understand SELinux and implement it on your
environment. But, until you understand the implementation details of
SELinux you may want to disable it to avoid some unnecessary issues.
To disable SELinux
you can use any one of the 4
different methods mentioned in this article.
The SELinux will enforce security policies including the mandatory
access controls defined by the US Department of Defence using the Linux
Security Module (LSM) defined in the Linux Kernel. Every files and
process in the system will be tagged with specific labels that will be
used by the SELinux. You can use ls -Z and view those labels as shown
below.
# ls -Z /etc/ -rw-r--r-- root root system_u:object_r:etc_t:s0 a2ps.cfg -rw-r--r-- root root system_u:object_r:adjtime_t:s0 adjtime -rw-r--r-- root root system_u:object_r:etc_aliases_t:s0 aliases drwxr-x--- root root system_u:object_r:auditd_etc_t:s0 audit drwxr-xr-x root root system_u:object_r:etc_runtime_t:s0 blkid drwxr-xr-x root root system_u:object_r:bluetooth_conf_t:s0 bluetooth drwx------ root root system_u:object_r:system_cron_spool_t:s0 cron.d -rw-rw-r-- root disk system_u:object_r:amanda_dumpdates_t:s0 dumpdates
Method 1: Disable SELinux Temporarily
To disable SELinux temporarily you have to modify the /selinux/enforce file as shown below. Please note that this setting will be gone after the reboot of the system.
# cat /selinux/enforce 1 # echo 0 > /selinux/enforce # cat /selinux/enforce 0
You can also use setenforce command as shown below to disable SELinux.
Possible parameters to setenforce commands are: Enforcing , Permissive, 1
(enable) or 0 (disable).
# setenforce 0
Method 2: Disable SELinux Permanently
To disable the SELinux permanently, modify the /etc/selinux/config and set the SELINUX=disabled as shown below. One you make any changes to the /etc/selinux/config, reboot the server for the changes to be considered.
# cat /etc/selinux/config SELINUX=disabled SELINUXTYPE=targeted SETLOCALDEFS=0
Following are the possible values for the SELINUX
variable
in the /etc/selinux/config
file
- enforcing – The Security Policy is always Encoforced
- permissive - This just simulates the enforcing policy by only printing warning messages and not really enforcing the SELinux. This is good to first see how SELinux works and later figure out what policies should be enforced.
- disabled - Completely disable SELinux
Following are the possible values for SELINUXTYPE
variable
in the /etc/selinux/config
file. This indicates the
type of policies that can be used for the SELinux.
- targeted - This policy will protected only specific targeted network daemons.
- strict - This is for maximum SELinux protection.
Method 3: Disable SELinux from the Grub Boot Loader
If you can’t locate /etc/selinux/config file on your system, you can pass disable SELinux by passing it as parameter to the Grub Boot Loader as shown below.
# cat /boot/grub/grub.conf default=0 timeout=5 splashimage=(hd0,0)/boot/grub/splash.xpm.gz hiddenmenu title Enterprise Linux Enterprise Linux Server (2.6.18-92.el5PAE) root (hd0,0) kernel /boot/vmlinuz-2.6.18-92.el5PAE ro root=LABEL=/ rhgb quiet selinux=0 initrd /boot/initrd-2.6.18-92.el5PAE.img title Enterprise Linux Enterprise Linux Server (2.6.18-92.el5) root (hd0,0) kernel /boot/vmlinuz-2.6.18-92.el5 ro root=LABEL=/ rhgb quiet selinux=0 initrd /boot/initrd-2.6.18-92.el5.img
Method 4: Disable Only a Specific Service in SELinux – HTTP/Apache
If you are not interested in disability the whole SELinux, you can
also disable SELinux only for a specific service. For example, do
disable SELinux for HTTP/Apache service, modify the httpd_disable_trans
variable in the /etc/selinux/targeted/booleans
file.
Set the httpd_disable_trans variable to 1 as shown below.
# grep httpd /etc/selinux/targeted/booleans httpd_builtin_scripting=1 httpd_disable_trans=1 httpd_enable_cgi=1 httpd_enable_homedirs=1 httpd_ssi_exec=1 httpd_tty_comm=0 httpd_unified=1
Set SELinux boolean value using setsebool command as shown below. Make
sure to restart the HTTP service after this change.
# setsebool httpd_disable_trans 1 # service httpd restart
发表评论
-
gentoo share net folder (网络共享文件夹)
2011-10-02 17:49 2930服务端: 安装samba emerge -av n ... -
Gentoo, Mounting a remote Shared Folder
2011-02-23 15:04 2154http://en.gentoo-wiki.com/wiki/ ... -
磁盘 I/O 分析
2010-11-04 14:16 10385什么时候需要分析 对于JAVA程序员来说,磁盘IO ... -
gentoo下解决RAID卡识别问题 找到RAID卡Adeptec 5805对应的驱动
2010-10-12 18:31 1991RAID卡Adeptec 5805的识别有问题 在这里 ... -
gentoo下解决Intel Corporation 80003ES2LAN网卡驱动问题
2010-10-12 18:11 4007网卡没识别,难道驱动有问题? lspci查看 ... -
Linux 域名服务器DNS gentoo dnsmasq
2010-09-20 15:47 2071DNS缓存 # emerge dn ... -
gentoo 忘记root密码 如何修改root密码
2010-05-31 13:17 5212进入grub的时候,按上下箭头 选择平时启动的那个内核 按 ... -
mrtg snmp监控网络流量的简单安装配置文档
2010-05-24 10:39 3276mrtg snmp安装配置文档 1、net-snmp安装在被 ... -
LINUX挂载一个 NTFS 文件系统
2010-05-11 00:15 1694wget http://packages.sw.be/rpmf ... -
Linux下显示硬件信息--lshw
2010-04-30 09:20 11106lshw lshw(Hardware Lister)是另外 ... -
Linux下硬件信息查看--dmidecode
2010-04-30 09:19 4728dmidecode以一种可读的 ... -
nginx spawn-fcgi php
2010-04-22 16:11 2360安装spawn-fcgi # emerge spawn- ... -
emerge PHP 添加模块 比如非默认模块mysql
2010-04-22 11:09 1894// 查看默认USE变量 emerge --preten ... -
Ghost操作系统gentoo不成功而想出来的折中方案
2010-04-20 22:29 1429装好一台机器后,Ghost操作系统,可惜没成功,之后采用折中方 ... -
gentoo 下emerge安装修改默认版本以及取消掩掉的软件
2010-04-20 14:42 5752#emerge安装使用分支官方文档:http://www. ... -
CentOS 修改IP地址, DNS, 网关
2010-04-20 10:54 3308由于修改网关总是忘记在哪个地方,Google出来一堆垃圾文章, ... -
gentoo系统安装记录
2010-04-20 09:57 3876这里是最直接的安装方法,官方文档: http://www.g ... -
SSH 无密码认证(RSA/DSA认证)
2010-03-22 14:13 7973今天配置hadoop过程中发现,ssh localhost 配 ... -
快速编辑 Shell 命令行
2010-02-20 10:13 2064这片文章不错,做个备份,转载如下: 作者: robin ... -
编译Linux内核,把你的LInux系统换成最新内核就这么简单
2009-12-02 10:35 4200CentOS5.4系统,当前位置:/usr/src ...
相关推荐
Severity Code Description ... To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. 解决方案:更改预处理定义 右击项目名,选择Properties 在c/c++下选择Preprocessor 点击图
再次单击并重新启用所有以前禁用的扩展。 有时,您只需要暂时禁用chrome扩展程序即可。只需单击一下,此扩展程序便可以做到这一点。更好的是,它可以记住先前启用了哪些扩展,并且只需单击一下即可再次启用它们。...
This shows how to disable control alt and delete by tricking the computer into thinking that the screensaver is running.
This is a straight forward example of how to disable any Win95/98 window..
语言:English 一键暂时禁用所有扩展。 再次单击,您将重新启用所有以前禁用的扩展。 有时,您只需要暂时禁用chrome扩展程序即可。 只需单击一下,此扩展程序便可以做到这一点。 更好的是,它可以记住先前启用了哪些...
后仿
角色:禁用SELinux和IPTables 禁用SELinux和IPTables以安装并重新引导计算机 要求 没有任何 ... - { role: jermon.selinux_disable } 执照 GPL 作者信息 杰克·蒙特利乌斯(Jerker Montelius)2015
Utility to disable HOME KEY in Android Activity. As there are a lot questions about "how to disable home button in android?" on Stack Overflow, such as how to disable home button in android? Android ...
如何关闭QC3.0
Disable Input to a WebBrowser Control
TCPKeyBlockHook is a Low Level ...to send a custom message with the keyboard information to the calling application or process.You can use this Component and DLL to disable any or all Keyboard Keys.
USB4 1.0 ECN - Adding Disable Time Sync Bit to TMU_ADP_CS_6 - V2
此adb中无adb disable-verity命令,如果在cmd中输入以上命令会报 /system/bin/sh: disable-verity: not found 的错误。具体可看本人的文章 ”/system/bin/sh: disable-verity: not found 的解决方案“ 【使用方式】...
蚁剑的能绕过disable_functions的插件,插件无法下载问题
WordPress的插件:google字体插件-disable-google-fonts 解压后,请将目录名称:wordpress1,修改为:disable-google-fonts
Right clicking on each marker in the Markers toolbar displays a context menu, and allows you to enable or disable each marker, search for each marker, or change the match condition (case sensitivity, ...
enable and disable "HOME" button in android 4.0.3 above the version 4.0.3,we should modify the frameworks detail is described in the Enable_Disable_Home.rar
重新编译的支持adb disable-verity命令的adb,通常用于解锁system分区
2.1.2 Disable selinux 11 2.1.3 Tuning os kernel parameter 11 2.1.4 Create groups and users 12 2.1.5 Create directory 12 2.2 INSTALL SERVER 7.1.7 12 2.3 INITIAL SERVER 13 2.4 CLUSTER SCRIPTS 13 ...
USB4 1.0 ECN - Lane Disable Condition.pdf