centos selinux set permissive - Shell-Bash (1)

📌 相关文章

📜 centos selinux set permissive - Shell-Bash (1)

📅 最后修改于: 2023-12-03 15:29:57.420000 🧑 作者: Mango

CentOS SELinux: Set Permissive

Introduction

In CentOS, SELinux is a security feature that provides an extra layer of security to the system by restricting access to files, directories, and ports. By default, SELinux is set to Enforcing mode, which means that all access violations are logged and denied. This can cause issues when running certain applications, such as web servers or databases.

In this tutorial, we will show you how to set SELinux to Permissive mode, allowing all access violations to be logged but not denied. This can help you troubleshoot issues with applications that might be blocked by SELinux.

Step 1: Check SELinux Status

Before you change the SELinux mode, it is important to check the current status of SELinux. You can use the following command to check the SELinux status:

sestatus

If SELinux is enabled, you will see an output similar to this:

SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

Step 2: Set SELinux to Permissive Mode

To set SELinux to Permissive mode, you can use the following command:

setenforce 0

This command will set the SELinux mode to Permissive immediately, but the change will not be persistent across reboots.

Step 3: Make SELinux Permissive Across Reboots

To make the SELinux mode Permissive across reboots, you need to edit the SELinux configuration file in /etc/selinux/config.

vi /etc/selinux/config

In the file, change the SELINUX=enforcing to SELINUX=permissive.

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

Save and close the file.

Step 4: Verify SELinux Mode

To verify that the SELinux mode is set to Permissive, you can use the following command:

sestatus

You should see an output similar to this:

SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   permissive
Mode from config file:          permissive
Policy version:                 24
Policy from config file:        targeted

Conclusion

In this tutorial, we showed you how to set SELinux to Permissive mode in CentOS. This can help you troubleshoot issues with applications that might be blocked by SELinux. However, it is important to note that Permissive mode does not provide the same level of security as Enforcing mode, so it should only be used for troubleshooting purposes.