CentOS关掉防火墙以及selinux

in #linux7 years ago

新安装完CentOS Linux,发现配置完apache后没法访问,估计是防火墙问题。
  /etc/init.d/iptables status
  会得到一系列信息,说明防火墙开着。
  /etc/init.d/iptables stop
  永久关闭:
  chkconfig --level 35 iptables off
永久关闭SELinux
查看当前SELinux状态:
/usr/bin/setstatus -v
编辑/etc/selinux/config,找到SELINUX 行修改成为:SELINUX=disabled:

# This file controls the state of SELinux on the system. 
# SELINUX= can take one of these three values: 
# enforcing - SELinux security policy is enforced. 
# permissive - SELinux prints warnings instead of enforcing. 
# disabled - No SELinux policy is loaded. 
SELINUX=disabled 
# SELINUXTYPE= can take one of these two values: 
# targeted - Only targeted network daemons are protected. 
# strict - Full SELinux protection. 
SELINUXTYPE=targeted 

重启系统。

Centos还提供了实时改变SELinux工作模式的工具,前提是SELinux没有被disabled掉的时候

/usr/sbin/setenforce 0 #使SELinux工作模式变成permissive模式
/usr/sbin/setenforce 1 #使SELinux工作模式变成enforcing模式

添加到系统默认启动脚本里面

echo "/usr/sbin/setenforce 0" >> /etc/rc.local

这样就可以实时控制SELinux的启用和不启用了。
三个参数介绍介绍
● enforcing — The SELinux security policy is enforced.
● permissive — The SELinux system prints warnings but does not enforce policy.
● disabled — SELinux is fully disabled. SELinux hooks are disengaged from the kernel and the pseudo-file system is unregistered.
简单翻译:
enforcing模式:强制组织。
permissive模式:SELinux系统输出警告,但是不强制阻止程序运行。
disabled:
参考:http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-selinux.html

Sort:  

Congratulations @zhuhongaaa! You received a personal award!

Happy Birthday! - You are on the Steem blockchain for 1 year!

You can view your badges on your Steem Board and compare to others on the Steem Ranking

Do not miss the last post from @steemitboard:

3 years on Steem - The distribution of commemorative badges has begun!
Happy Birthday! The Steem blockchain is running for 3 years.
Vote for @Steemitboard as a witness to get one more award and increased upvotes!

Coin Marketplace

STEEM 0.27
TRX 0.21
JST 0.039
BTC 95762.70
ETH 3609.61
SBD 3.84