临时关闭
[root@localhost ~]# setenforce 0
临时开启
[root@localhost ~]# setenforce 1
Enforcing //开启状态
Permissive //关闭状态
永久关闭
[root@localhost ~]# vim /etc/selinux/config
将SELINUX的值设置为disabled
查看状态
[root@localhost ~]# getenforce
查看所有设置项
[root@localhost ~]# getsebool -a
查找特定内容,比如zabbix
[root@localhost ~]# getsebool -a|grep zabbix
httpd_can_connect_zabbix --> off
zabbix_can_network --> off
放开防火墙限制
[root@localhost ~]# setsebool -P httpd_can_connect_zabbix on
[root@localhost ~]# setsebool -P zabbix_can_network on
[root@localhost ~]# setsebool -P httpd_can_network_connect on
再次查看
[root@localhost ~]# getsebool -a|grep zabbix
httpd_can_connect_zabbix --> on
zabbix_can_network --> on
查看/home/目录selinux信息
[root@localhost ~]# ls -Zd /home/
drwxr-xr-x. root root system_u:object_r:home_root_t:s0 /home/
改安全标签
[root@localhost ~]# chcon -u system_u -t httpd_sys_content_t /home/
如果不知道属于哪个标签,查看selinux日志
[root@localhost ~]# tail -f /var/log/audit/audit.log
生成semodule
[root@localhost ~]# cat /var/log/audit/audit.log | grep zabbix_server | grep denied | audit2allow -M zabbix-server_setrlimit
******************** IMPORTANT ***********************
To make this policy package active, execute:
semodule -i zabbix-server_setrlimit.pp
导入semodule
[root@localhost ~]# semodule -i zabbix-server_setrlimit.pp
查看semodule
[root@localhost ~]# semodule -l
