zoukankan      html  css  js  c++  java
  • Debina 系统,安装配置SELINUX

    原文: https://wiki.debian.org/SELinux/Setup

    配置步骤原文:

    ```

    2. Steps to setup SELinux

    The following steps describe how to install and configure SELinux together with the default policy which enables SELinux for the most important parts of your system (e.g. most Internet-facing daemons, see the policies section below for alternative policies):

    1. If you are not using the standard linux kernel provided by debian with an ext2/3/4, you have to make sure that you are using a SELinux capable kernel and filesystem (see the prerequisites section below).

    2. Get the default policy and the basic set of SELinux utilities by running apt-get install selinux-basics selinux-policy-default auditd.

    3. If using Ubuntu, download this _load_selinux_policy script (this is a slightly modified version of the script included in the Ubuntu 'selinux' package), place it in /usr/share/initramfs-tools/scripts/init-bottom/ then run update-initramfs -u (Upstart in Debian loads the SELinux policy automatically, but Upstart in Ubuntu does not. See https://bugs.launchpad.net/upstart/+bug/595774)

    4. Run selinux-activate to configure GRUB and PAM and to create /.autorelabel

    5. Reboot, it will take a while to label the filesystems on boot and then it will automatically reboot a second time when that is complete.
    6. Run check-selinux-installation to check that everything has been setup correctly and to catch common SELinux problems. (Note: in wheezy the warning about /etc/pam.d/login is a false positive)

    You should now have a working SELinux system, which is in permissive mode. This means that the selinux policy is not enforced, but denials are logged. You can see all would-be denials since the last reboot with a small explanation for each with audit2why -al. If no critical audit errors appear in your syslog and you feel comfortable with SELinux, enable enforcing mode temporarily by running setenforce 1 or permanently by adding enforcing=1 to the kernel command line in /etc/default/grub and then rebooting one last time.

    If you want to learn how to work with your newly configured SELinux system (relabelling files, moving files, checking the security context of files, etc), the Fedora Project SELinux FAQ documentation by RedHat may be useful.

     ```

    太长不看系列:

    1. 安装软件: apt-get install selinux-basics selinux-policy-default auditd

    2. 重新生成内核initrd文件: update-initramfs -u

    3. 重新配置GRUB: selinux-activate  (启动参数会自动加上 security=selinux)

    4.  重启,第一次重启,selinux会给文件打上标签,过程会有几分钟,之后会自动重启

    5. 结束,check-selinux-installation 检查配置情况

  • 相关阅读:
    查看线程
    shiro+多tomcat+redis实现session共享
    win11系统设置笔记本合盖上不休眠
    nvm切换node版本出现乱码 exit status 1:
    nvm安装vuecli
    SQL Server Management 2012 启动错误及解决:Cannot find one or more componets
    SQL Server 2012 连接 Oracle 11gR2 Database
    SQL Server 数据库跨区域时间问题
    SSIS 同步不同数据库的不同两张表
    Reporting Service 不能发送订阅报表的问题
  • 原文地址:https://www.cnblogs.com/longbigbeard/p/15192518.html
Copyright © 2011-2022 走看看