# vim /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: #enforcing - SELinux security policy is enforced. #permissive - SELinux prints warnings instead of enforcing. #disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of three two values: #targeted - Targeted processes are protected, #minimum - Modification of targeted policy. Only selected processes are protected. #mls - Multi Level Security protection. SELINUXTYPE=targeted
将SELINUX=enforcing修改为SELINUX=disabled。
重启linux系统,然后使用getenforce命令查看当前的SELINUX状态:
# getenforce Disabled
我使用的Linux发行版是CentOS,CentOS 7的默认防火墙工具是firewalld,Cent OS6的默认防火墙工具是iptables。
首先,需要知道当前系统安装的防火墙工具的是firewalld,还是iptableslinux常用命令linux常用命令,可以使用下面的命令进行验证:
# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2018-07-12 10:50:29 CST; 6min agoDocs: man:firewalld(1) Main PID: 726 (firewalld) CGroup: /system.slice/firewalld.service└─726 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
可以看到Active: active (running),说明默认的firewalld已经在运行了。
# systemctl status iptables Unit iptables.service could not be found.
说明没有安装iptables。
关闭防火墙:
# systemctl stop firewalld
此时如果重新执行systemctl status firewalld,可以看到状态为:Active: inactive (dead)
禁止开机启动:
# systemctl disable firewalld Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
打开防火墙
# systemctl start firewalld
设置开机启动
# systemctl enable smb.serviceln -s '/usr/lib/systemd/system/smb.service' '/etc/systemd/system/multi-user.target.wants/smb.service'。created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.。created symlink from /etc/systemd/system/multi-user.target.wants/zabbix-agent.service to /usr/lib/systemd/system/zabbix-agent.service.。
以后有时间再写防火墙规则的查看、增加、删除。
