Linux 高级安全SELinux的关闭

时间：2014-05-01 13:40:13 收藏：0 阅读：529

Linux有一个高级安全组件，如果开启会输出打了的日志文件messages.如下：

导致/var/log/messages 达到11g

root@cpp11 ~]# df -l
文件系统               1K-块        已用     可用已用% 挂载点
/dev/cciss/c0d0p5     14877060 12559852   1549304 90% /
/dev/cciss/c0d0p6      9920592   2951964   6456560 32% /usr
/dev/cciss/c0d0p2    236533252   8872680 215451576   4% /home
/dev/cciss/c0d0p1       497829     31091    441036   7% /boot
tmpfs                  4087756         0   4087756   0% /dev/shm

-rw------- 1 root root 11552168167 04-30 09:56 messages

Apr 30 10:17:38 cpp11 setroubleshoot:      SELinux is preventing /sbin/ifconfig (ifconfig_t) "read write" to socket:[15913] (initrc_t).      For complete SELinux messages. run sealert -l 692945d4-87c8-4885-b6c7-9f58bb7feeae
Apr 30 10:17:38 cpp11 setroubleshoot:      SELinux is preventing /sbin/ethtool (ifconfig_t) "read write" to socket:[15913] (initrc_t).      For complete SELinux messages. run sealert -l 692945d4-87c8-4885-b6c7-9f58bb7feeae
Apr 30 10:17:51 cpp11 snmpd[3461]: Connection from UDP: [127.0.0.1]:50693
Apr 30 10:17:51 cpp11 snmpd[3461]: Received SNMP packet(s) from UDP: [127.0.0.1]:50693
Apr 30 10:18:06 cpp11 snmpd[3461]: Connection from UDP: [127.0.0.1]:50696
Apr 30 10:18:06 cpp11 snmpd[3461]: Received SNMP packet(s) from UDP: [127.0.0.1]:50696
Apr 30 10:18:08 cpp11 setroubleshoot:      SELinux is preventing /sbin/ethtool (ifconfig_t) "read write" to socket:[15913] (initrc_t).      For complete SELinux messages. run sealert -l 692945d4-87c8-4885-b6c7-9f58bb7feeae
Apr 30 10:18:08 cpp11 setroubleshoot:      SELinux is preventing /sbin/ifconfig (ifconfig_t) "read write" to socket:[15913] (initrc_t).      For complete SELinux messages. run sealert -l 692945d4-87c8-4885-b6c7-9f58bb7feeae
Apr 30 10:18:08 cpp11 last message repeated 2 times
Apr 30 10:18:08 cpp11 setroubleshoot:      SELinux is preventing /sbin/ethtool (ifconfig_t) "read write" to socket:[15913] (initrc_t).      For complete SELinux messages. run sealert -l 692945d4-87c8-4885-b6c7-9f58bb7feeae
Apr 30 10:18:08 cpp11 setroubleshoot:      SELinux is preventing /sbin/ifconfig (ifconfig_t) "read write" to socket:[15913] (initrc_t).      For complete SELinux messages. run sealert -l 692945d4-87c8-4885-b6c7-9f58bb7feeae

解决方法：关闭SELinux

1、临时关闭（不用重启机器）：

setenforce 0

##设置SELinux 成为permissive模式

setenforce 1

##设置SELinux 成为enforcing模式

2、修改配置文件需要重启机器：

修改/etc/selinux/config 文件将SELINUX=enforcing改为SELINUX=disabled

Linux 高级安全SELinux的关闭,码迷,mamicode.com