setenforce 命令則是單詞set(設置)和enforce(執行)連寫,用於設置selinux防火牆狀態,如: setenforce 0用於關閉selinux防火牆,但重啟後失效
[root@localhost ~]# getenforce
Enforcing
Current mode表示當前selinux防火牆的安全策略
[root@localhost ~]# /usr/sbin/sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
SELinux status:selinux防火牆的狀態,enabled表示啟用selinux防火牆
Current mode: selinux防火牆當前的安全策略,enforcing 表示強
setenforce 0 :用於關閉selinux防火牆,但重啟後失效。
[root@localhost ~]# setenforce 0
[root@localhost ~]# /usr/sbin/sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
修改selinux的配置文件,重啟後生效。
[root@localhost ~]# vim /etc/selinux/config
將SELINUX=enforcing改為SELINUX=disabled,保存後退出
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
此時獲取當前selinux防火牆的安全策略仍為Enforcing,配置文件並未生效。
[root@localhost ~]# getenforce
Enforcing
[root@localhost ~]# reboot
[root@localhost ~]# /usr/sbin/sestatus
SELinux status: disabled
[root@localhost ~]# getenforce
Disabled