4 Effective Methods to Disable SELinux Temporarily or Permanently

最新推荐文章于 2020-11-04 15:31:36 发布
最新推荐文章于 2020-11-04 15:31:36 发布
阅读量122 收藏 1
点赞数
分类专栏: LINUX 文章标签: Linux Debian Security RedHat Apache
本文介绍了四种禁用SELinux的方法,包括临时禁用、永久禁用、从Grub引导加载器禁用及仅针对特定服务(如HTTP/Apache)禁用。这些方法适用于不熟悉SELinux工作原理但希望避免其可能带来的问题的用户。

http://www.thegeekstuff.com/2009/06/how-to-disable-selinux-redhat-fedora-debian-unix/

 

On some of the Linux distribution SELinux is enabled by default, which may cause some unwanted issues, if you don’t understand how SELinux works and the fundamental details on how to configure it. I strongly recommend that you understand SELinux and implement it on your environment. But, until you understand the implementation details of SELinux you may want to disable it to avoid some unnecessary issues.
 
To disable SELinux you can use any one of the 4 different methods mentioned in this article.

The SELinux will enforce security policies including the mandatory access controls defined by the US Department of Defence using the Linux Security Module (LSM) defined in the Linux Kernel. Every files and process in the system will be tagged with specific labels that will be used by the SELinux. You can use ls -Z and view those labels as shown below. 

# ls -Z /etc/

-rw-r--r--  root root  system_u:object_r:etc_t:s0       a2ps.cfg
-rw-r--r--  root root  system_u:object_r:adjtime_t:s0   adjtime
-rw-r--r--  root root  system_u:object_r:etc_aliases_t:s0 aliases
drwxr-x---  root root  system_u:object_r:auditd_etc_t:s0 audit
drwxr-xr-x  root root  system_u:object_r:etc_runtime_t:s0 blkid
drwxr-xr-x  root root  system_u:object_r:bluetooth_conf_t:s0 bluetooth
drwx------  root root  system_u:object_r:system_cron_spool_t:s0 cron.d
-rw-rw-r--  root disk  system_u:object_r:amanda_dumpdates_t:s0 dumpdates

Method 1: Disable SELinux Temporarily

To disable SELinux temporarily you have to modify the /selinux/enforce file as shown below. Please note that this setting will be gone after the reboot of the system.

# cat /selinux/enforce
1

# echo 0 > /selinux/enforce


# cat /selinux/enforce
0

 
You can also use setenforce command as shown below to disable SELinux. Possible parameters to setenforce commands are: Enforcing , Permissive, 1 (enable) or 0 (disable).

# setenforce 0

Method 2: Disable SELinux Permanently

To disable the SELinux permanently, modify the /etc/selinux/config and set the SELINUX=disabled as shown below. One you make any changes to the /etc/selinux/config, reboot the server for the changes to be considered.

# cat /etc/selinux/config

SELINUX=disabled
SELINUXTYPE=targeted
SETLOCALDEFS=0

 
Following are the possible values for the SELINUX variable in the /etc/selinux/config file

  • enforcing – The Security Policy is always Encoforced
  • permissive - This just simulates the enforcing policy by only printing warning messages and not really enforcing the SELinux. This is good to first see how SELinux works and later figure out what policies should be enforced.
  • disabled - Completely disable SELinux

 
Following are the possible values for SELINUXTYPE variable in the /etc/selinux/config file. This indicates the type of policies that can be used for the SELinux.

  • targeted - This policy will protected only specific targeted network daemons.
  • strict - This is for maximum SELinux protection.

Method 3: Disable SELinux from the Grub Boot Loader

If you can’t locate /etc/selinux/config file on your system, you can pass disable SELinux by passing it as parameter to the Grub Boot Loader as shown below.

 

# cat /boot/grub/grub.conf

default=0
timeout=5
splashimage=(hd0,0)/boot/grub/splash.xpm.gz
hiddenmenu
title Enterprise Linux Enterprise Linux Server (2.6.18-92.el5PAE)
root (hd0,0)
kernel /boot/vmlinuz-2.6.18-92.el5PAE ro root=LABEL=/ rhgb quiet selinux=0

initrd /boot/initrd-2.6.18-92.el5PAE.img
title Enterprise Linux Enterprise Linux Server (2.6.18-92.el5)
root (hd0,0)
kernel /boot/vmlinuz-2.6.18-92.el5 ro root=LABEL=/ rhgb quiet selinux=0

initrd /boot/initrd-2.6.18-92.el5.img

Method 4: Disable Only a Specific Service in SELinux – HTTP/Apache

If you are not interested in disability the whole SELinux, you can also disable SELinux only for a specific service. For example, do disable SELinux for HTTP/Apache service, modify the httpd_disable_trans variable in the /etc/selinux/targeted/booleans file.
 
Set the httpd_disable_trans variable to 1 as shown below.

# grep httpd /etc/selinux/targeted/booleans
httpd_builtin_scripting=1
httpd_disable_trans=1

httpd_enable_cgi=1
httpd_enable_homedirs=1
httpd_ssi_exec=1
httpd_tty_comm=0
httpd_unified=1

 
Set SELinux boolean value using setsebool command as shown below. Make sure to restart the HTTP service after this change.

# setsebool httpd_disable_trans 1

# service httpd restart
禁用selinux_如何临时或永久禁用或启用SELinux
cunjiu9486的博客
10-12 3601
禁用selinuxI have a fedora desktop. I want to run some services but I get an error about SELinux. How can I disable SELinux? Selinux is a security mechanism used generally Linux systems. It has support ...
启用SELinux时遇到的问题
windowsxpwyd的专栏
05-16 7846
一台CentOS5.7的机器,原来只是在公司内部访问,SELinux是禁用的状态,现需要搭建成FTP服务器并发布到外网上去,为了安全,启用SELinux。编辑/etc/selinux/config文件,将SELINUX=disabled改为SELINUX=permissive,保存后重启系统。(SELinux从禁用状态转变为启用时,需要重启系统以重新标记文件的上下文,红帽建议先将SELinux的值
解决openssh,openssl升级出现的坑
热门推荐
工具人的博客
06-15 6万+
openssh漏洞,openssl升级最新版
[转]How to disable SELinux
Braveo的专栏
08-03 9263
 参考两个文章:http://www.haw-haw.org/node/30:这个文章主要是说怎样disableSELinuxhttp://www.crypt.gen.nz/selinux/disable_selinux.html:这个文章比较细的说明了相关问题。我把两个都copy到这里来文章一:selinux是个新东东在linux kernel 2.6的系统(如as4、fc3)里常见一
How to Disable SELinux
shenyan008的专栏
01-09 1624
How to Disable SELinux You've setup a new system, or installed something new on your Linuxsystem and its not working. You get the feeling that SELinux is thecause of the problem. This page was writte
How to Disable SELinux Temporarily or Permanently
weixin_42603784的博客
11-04 211
RedHat linux操作系统中默认开启了防火墙,SELinux也处于启动状态,一般状态为enforing.致使很多服务端口默认是关闭的,所以好多服务明明配置文件正确,等验证时有时连ping也ping不通,我发现这个是因为我在centos7中使用privoxy工具流量转发将socks的代理转为http协议的,配置文件跟我之前在ubuntu上的一模一样,但是privoxy服务却始终起不起来,我的防火墙是关闭状态的,查看privoxy日志就如下图所示 非常的奇怪,报了个没有权限,我在root用户下怎么会没有
[zz]How to Disable SELinux
weixin_30338497的博客
10-07 118
How to Disable SELinux You've setup a new system, or installed something new on your Linux system and its not working. You get the feeling that SELinux is the cause of the problem. This page was writ...
yum install -y wget tar 已加载插件:fastestmirror, langpacks Determining fastest mirrors Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=stock error was 14: curl#7 - "Failed connect to mirrorlist.centos.org:80; 拒绝连接" One of the configured repositories failed (未知), and yum doesn't have enough cached data to continue. At this point the only safe thing yum can do is fail. There are a few ways to work "fix" this: 1. Contact the upstream for the repository and get them to fix the problem. 2. Reconfigure the baseurl/etc. for the repository, to point to a working upstream. This is most often useful if you are using a newer distribution release than is supported by the repository (and the packages for the previous distribution release still work). 3. Run the command with the repository temporarily disabled yum --disablerepo=<repoid> ... 4. Disable the repository permanently, so yum won't use it by default. Yum will then just ignore the repository until you permanently enable it again or use --enablerepo for temporary usage: yum-config-manager --disable <repoid> or subscription-manager repos --disable=<repoid> 5. Configure the failing repository to be skipped, if it is unavailable. Note that yum will try to contact the repo. when it runs most commands, so will have to try and fail each time (and thus. yum will be be much slower). If it is a very temporary problem though, this is often a nice compromise: yum-config-manager --save --setopt=<repoid>.skip_if_unavailable=true Cannot find a valid baseurl for repo: base/7/x86_64 怎么解决
03-11
好的,我需要解决用户遇到的CentOS 7 YUM源无法连接的问题,具体错误是curl#7 - Failed connect to mirrorlist.centos.org。首先,我要回想一下之前提供的引用内容,看看有哪些解决方案已经被提及了。 根据引用[3]...
二维码工具(1).zip
最新发布
09-13
二维码工具(1).zip
基于ZXing修改的二维码扫描器.zip
09-12
基于ZXing修改的二维码扫描器.zip
在网页上生成二维码.zip
09-12
在网页上生成二维码.zip
四级流水线8位booth算法乘法器,有无符号都支持(verilog),含testbench(system verilog)
09-12
乘法器包含三个.v文件 乘法器可进行有符号与无符号的8位乘法计算,但是需要提前输入乘数是否为有符号的标识 【 顶层multiplier_8_special.v:对乘法器进行分割段数 booth2_pp_decoder.v:使用booth算法,将乘数进行转换 mult_pp_adder.v:执行部分积加法。(这里经过了部分优化,但是仍直接使用了‘+’符号,如果是asic设计,需要更加具体,也能进一步优化) tb_mult8_special.v:(tesetbench):仿真激励文件:20*4组随机数测试数据,会返回验证时出错的数据的部分原因。(system verilog) 】 经过初步仿真验证,无问题 经过vivado某个ultrascale型号的fpga实现过后能达到500mhz以上频率,资源使用量为120lut左右 此模块为tpu设计中的一个底层模块,(作为多复用单元,可以处理浮点数据的一个部分)后续会逐步上传tpu的其他部分以及功能原理介绍 注:sys_enable:模块启动信号,sys_enable=0时会暂停并暂存数据。 valid:valid=1输入乘数有效,valid=0无效则会不计算这个数据。
无限特征选择_一种基于图的特征过滤方法_Infinite Feature Selection_ a Graph-base
09-12
无限特征选择_一种基于图的特征过滤方法_Infinite Feature Selection_ a Graph-based Feature Filtering Approach.zip
达芬奇手术机器人阻抗控制的MATLAB仿真_MATLAB simulation of Impedance control
09-12
达芬奇手术机器人阻抗控制的MATLAB仿真_MATLAB simulation of Impedance control on da Vinci Surgical Robot.zip
自己写的二维码App.zip
09-13
自己写的二维码App.zip
基于离散菲涅耳变换和其他特性的正交啁啾频分复用的MATLAB实现_MATLAB implementation of Or
09-12
基于离散菲涅耳变换和其他特性的正交啁啾频分复用的MATLAB实现_MATLAB implementation of Orthogonal Chirp Division Multiplexing w Discrete Fresnel Transform and Other Properties.zip
二维码生成(13).zip
09-12
二维码生成(13).zip
Android开发人员不得不收集的工具类集合 _ 支付宝支付 _ 微信支付(统一下单) _ 微信分享 _ 一键集成UCr
09-12
Android开发人员不得不收集的工具类集合 _ 支付宝支付 _ 微信支付(统一下单) _ 微信分享 _ 一键集成UCrop选择圆形头像 _ 一键集成二维码和条形码的扫描与生成 _ 常用Dialog _ WebView的封装可播放视频 _ 仿斗鱼滑动验证码 _ Toast封装 _ 震动 _ GPS _ Location定位 _ 压缩与加密 _ 图片缩放 _ Exif 图片添加地理位置信息(经纬度) _ 编译运行一下说不定会找到惊喜.zip
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值