In centos, selinux is the abbreviation of "Security Enhanced Linux", which is a security-enhanced Linux, a Linux kernel module, and a security subsystem of Linux; the main function of SELinux is to minimize the system Resources accessible to the service process.
The operating environment of this article: centos 7 system, Dell G3 computer.
Security-Enhanced Linux (Security-Enhanced Linux) checks SELinux, which is a Linux kernel module and a security subsystem of Linux.
The structure and configuration of SELinux are very complex, and there are a lot of conceptual things, which are difficult to learn. Many Linux system administrators turn off SELinux because they find it troublesome. If you can master SELinux proficiently and use it correctly, the entire system can basically reach the point of "indestructible", but you must also remember that there is no absolute security.
The main function of SELinux is to minimize the resources accessible to the service process in the system
SELinux has three working modes, namely:
1. enforcing: forced mode . Behaviors that violate SELinux rules will be blocked and recorded in the log
2. permissive: permissive mode. Violations of SELinux rules are only logged. Generally used for debugging
3. disabled: Turn off SELinux
Security Enhanced Linux (SELinux) is an access control service that strengthens access control to system resources based on security policies. On the basis of system security, solve the access control problem of "May
The full name of SELinux is Security Enhanced Linux, which is security-enhanced Linux. Before SELinux, the root account could arbitrarily access all documents and services; if a file was set to 777, any user could access or even delete it; this method was called DAC (active access mechanism) and was very unsafe.
Selinux status viewing and configuration:
Selinux configuration file location:/etc/selinux/config, it also has a link in/etc/sysconfig/selinux
Use config file to configure selinux (modifying the status of selinux through the configuration file is a permanent modification and will not take effect until the system is restarted)
The content of the file is as follows:
Recommended tutorial: "centos tutorial"
The above is the detailed content of What is selinux in centos. For more information, please follow other related articles on the PHP Chinese website!