zoukankan      html  css  js  c++  java
  • Debina 系统,安装配置SELINUX

    原文: https://wiki.debian.org/SELinux/Setup

    配置步骤原文:

    ```

    2. Steps to setup SELinux

    The following steps describe how to install and configure SELinux together with the default policy which enables SELinux for the most important parts of your system (e.g. most Internet-facing daemons, see the policies section below for alternative policies):

    1. If you are not using the standard linux kernel provided by debian with an ext2/3/4, you have to make sure that you are using a SELinux capable kernel and filesystem (see the prerequisites section below).

    2. Get the default policy and the basic set of SELinux utilities by running apt-get install selinux-basics selinux-policy-default auditd.

    3. If using Ubuntu, download this _load_selinux_policy script (this is a slightly modified version of the script included in the Ubuntu 'selinux' package), place it in /usr/share/initramfs-tools/scripts/init-bottom/ then run update-initramfs -u (Upstart in Debian loads the SELinux policy automatically, but Upstart in Ubuntu does not. See https://bugs.launchpad.net/upstart/+bug/595774)

    4. Run selinux-activate to configure GRUB and PAM and to create /.autorelabel

    5. Reboot, it will take a while to label the filesystems on boot and then it will automatically reboot a second time when that is complete.
    6. Run check-selinux-installation to check that everything has been setup correctly and to catch common SELinux problems. (Note: in wheezy the warning about /etc/pam.d/login is a false positive)

    You should now have a working SELinux system, which is in permissive mode. This means that the selinux policy is not enforced, but denials are logged. You can see all would-be denials since the last reboot with a small explanation for each with audit2why -al. If no critical audit errors appear in your syslog and you feel comfortable with SELinux, enable enforcing mode temporarily by running setenforce 1 or permanently by adding enforcing=1 to the kernel command line in /etc/default/grub and then rebooting one last time.

    If you want to learn how to work with your newly configured SELinux system (relabelling files, moving files, checking the security context of files, etc), the Fedora Project SELinux FAQ documentation by RedHat may be useful.

     ```

    太长不看系列:

    1. 安装软件: apt-get install selinux-basics selinux-policy-default auditd

    2. 重新生成内核initrd文件: update-initramfs -u

    3. 重新配置GRUB: selinux-activate  (启动参数会自动加上 security=selinux)

    4.  重启,第一次重启,selinux会给文件打上标签,过程会有几分钟,之后会自动重启

    5. 结束,check-selinux-installation 检查配置情况

  • 相关阅读:
    shell数组
    正则表达式整数
    云计算的三种服务模式(IaaS/PaaS/SaaS)
    云计算通信协议
    LVS 核心组件和专业术语
    nginx
    【转】mybatis调用mssql有输入输出参数那种..
    OAuth2.0 在 SSO中的应用~
    Git 本地安装
    【转】Android开发之ListView+EditText-要命的焦点和软键盘问题解决办法
  • 原文地址:https://www.cnblogs.com/longbigbeard/p/15192518.html
Copyright © 2011-2022 走看看