zoukankan      html  css  js  c++  java

  • Linux 高级安全SELinux的关闭

    Linux有一个高级安全组件,如果开启会输出打了的日志文件messages.如下:

    导致/var/log/messages 达到11g

    root@cpp11 ~]# df -l
    文件系统               1K-块        已用     可用 已用% 挂载点
    /dev/cciss/c0d0p5     14877060  12559852   1549304  90% /
    /dev/cciss/c0d0p6      9920592   2951964   6456560  32% /usr
    /dev/cciss/c0d0p2    236533252   8872680 215451576   4% /home
    /dev/cciss/c0d0p1       497829     31091    441036   7% /boot
    tmpfs                  4087756         0   4087756   0% /dev/shm

    -rw------- 1 root root 11552168167 04-30 09:56 messages

    Apr 30 10:17:38 cpp11 setroubleshoot:      SELinux is preventing /sbin/ifconfig (ifconfig_t) "read write" to socket:[15913] (initrc_t).      For complete SELinux messages. run sealert -l 692945d4-87c8-4885-b6c7-9f58bb7feeae
    Apr 30 10:17:38 cpp11 setroubleshoot:      SELinux is preventing /sbin/ethtool (ifconfig_t) "read write" to socket:[15913] (initrc_t).      For complete SELinux messages. run sealert -l 692945d4-87c8-4885-b6c7-9f58bb7feeae
    Apr 30 10:17:51 cpp11 snmpd[3461]: Connection from UDP: [127.0.0.1]:50693
    Apr 30 10:17:51 cpp11 snmpd[3461]: Received SNMP packet(s) from UDP: [127.0.0.1]:50693
    Apr 30 10:18:06 cpp11 snmpd[3461]: Connection from UDP: [127.0.0.1]:50696
    Apr 30 10:18:06 cpp11 snmpd[3461]: Received SNMP packet(s) from UDP: [127.0.0.1]:50696
    Apr 30 10:18:08 cpp11 setroubleshoot:      SELinux is preventing /sbin/ethtool (ifconfig_t) "read write" to socket:[15913] (initrc_t).      For complete SELinux messages. run sealert -l 692945d4-87c8-4885-b6c7-9f58bb7feeae
    Apr 30 10:18:08 cpp11 setroubleshoot:      SELinux is preventing /sbin/ifconfig (ifconfig_t) "read write" to socket:[15913] (initrc_t).      For complete SELinux messages. run sealert -l 692945d4-87c8-4885-b6c7-9f58bb7feeae
    Apr 30 10:18:08 cpp11 last message repeated 2 times
    Apr 30 10:18:08 cpp11 setroubleshoot:      SELinux is preventing /sbin/ethtool (ifconfig_t) "read write" to socket:[15913] (initrc_t).      For complete SELinux messages. run sealert -l 692945d4-87c8-4885-b6c7-9f58bb7feeae
    Apr 30 10:18:08 cpp11 setroubleshoot:      SELinux is preventing /sbin/ifconfig (ifconfig_t) "read write" to socket:[15913] (initrc_t).      For complete SELinux messages. run sealert -l 692945d4-87c8-4885-b6c7-9f58bb7feeae

    解决方法:关闭SELinux

    1、临时关闭(不用重启机器):
    setenforce 0 
    ##设置SELinux 成为permissive模式 
    setenforce 1 
    ##设置SELinux 成为enforcing模式 
    2、修改配置文件需要重启机器: 
    修改/etc/selinux/config 文件 将SELINUX=enforcing改为SELINUX=disabled
  • 相关阅读:
    数据库迁移至ASM
    获取数据库或SHEME的DDL语句
    membership配置数据库(SQL2000)
    DIV+CSS到底是什么?
    如何更改表的所有者权限
    windows server 2003 上“您要访问的网页有问题,无法显示。HTTP 500 内部服务器错误。”的问题解决方案!
    瞎忙
    瞎忙
    如何更改表的所有者权限
    DIV+CSS到底是什么?
  • 原文地址:https://www.cnblogs.com/helloweblogic/p/3700929.html
Copyright © 2011-2022 走看看