45.2.1. Viewing the Status of SELinux
The
sestatus command provides a
configurable view into the status of SELinux. The simplest form of this
command shows the following information:
[root@localhost ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 21
Policy from config file: targeted
The
-v option includes information about the security contexts of a series of files that are specified in
/etc/sestatus.conf:
[root@localhost ~]# sestatus -v
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 21
Policy from config file: targeted
Process contexts:
Current context: user_u:system_r:unconfined_t
Init context: system_u:system_r:init_t
/sbin/mingetty system_u:system_r:getty_t
/usr/sbin/sshd system_u:system_r:unconfined_t:s0-s0:c0.c1023
File contexts:
Controlling term: user_u:object_r:devpts_t
/etc/passwd system_u:object_r:etc_t
/etc/shadow system_u:object_r:shadow_t
/bin/bash system_u:object_r:shell_exec_t
/bin/login system_u:object_r:login_exec_t
/bin/sh system_u:object_r:bin_t -> system_u:object_r:shell_exec_t
/sbin/agetty system_u:object_r:getty_exec_t
/sbin/init system_u:object_r:init_exec_t
/sbin/mingetty system_u:object_r:getty_exec_t
/usr/sbin/sshd system_u:object_r:sshd_exec_t
/lib/libc.so.6 system_u:object_r:lib_t -> system_u:object_r:lib_t
/lib/ld-linux.so.2 system_u:object_r:lib_t -> system_u:object_r:ld_so_t
The
-b displays the current state of
booleans. You can use this in combination with grep or other tools to
determine the status of particular booleans:
[root@host2a ~]# sestatus -b | grep httpd | grep on$
httpd_builtin_scripting on
httpd_disable_trans on
httpd_enable_cgi on
httpd_enable_homedirs on
httpd_unified on
Fuente: https://www.centos.org/docs/5/html/5.1/Deployment_Guide/sec-selinux-status-viewing.html
vi /etc/selinux/config
#--------------------------------------------
#5.4.2. Disabling SELinux
#Para desabilitar hay que poner la variable SELINUX en disabled: SELINUX=disabled en el archivo /etc/selinux/config:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
No hay comentarios:
Publicar un comentario