What is Secure Enhanced Linux (SELinux)?
- strict: each process is controlled by SELinux
- targeted: only limited processes are controlled by SELinux; only monitor processes that are vulnerable to intrusion
SELinux working mode status
- enforcing: mandatory, any action that violates the policy will be banned and recorded as kernel information
- permissive: enabled, actions that violate policies will not be banned, but warning messages will be prompted and recorded in the audit log;
- disabled: disables SELinux. When you do not know much about SELinux, set the mode to disabled, and there will be no problems when accessing some network applications.
- View SELinux status
- Configure SELinux status: This configuration takes effect temporarily. Restart has no effect. To change to permissive mode, you can use a command
getenforce 0 -
Configure the SELinux config file (/etc/selinux/config): This configuration takes effect permanently. You need to restart the system after the configuration takes effect.