Yadda ake Kunna ko Kashe ƙimar Boolean SELinux
Linux Ingantaccen Tsaro (SELinux) shine tsarin tsaro don kulawar samun dama ta tilas (MAC) wanda aka aiwatar a cikin kernel na Linux. Aiki ne mai sassauƙa da aka ƙera don haɓaka tsaro na tsarin gabaɗaya: yana ba da damar sarrafa ikon da aka sanya ta amfani da manufar da aka ɗora akan tsarin wanda masu amfani da al'ada ko shirye-shiryen rashin ɗabi'a bazai canza su ba.
Labarin da ke gaba ya bayyana a sarari game da SELinux da yadda ake aiwatar da shi a cikin tsarin Linux ɗin ku.
- Aiwatar da Ikon Samun Dama tare da SELinux ko AppArmor a cikin Linux
A cikin wannan labarin, za mu nuna muku yadda ake kunna ko kashe ƙimar Boolean SELinux a cikin rarrabawar CentOS, RHEL da Fedora Linux.
Don duba duk SELinux booleans, yi amfani da umarnin getsebool tare da ƙarancin umarni.
Lura: SELinux dole ne ya kasance a cikin yanayin kunnawa don lissafin duk booleans.
# getsebool -a | less
Don duba duk ƙimar boolean don takamaiman shirin (ko daemon), yi amfani da grep utility, umarni mai zuwa yana nuna muku duka httpd booleans.
# getsebool -a | grep httpd
Don kunna (1)
ko kashe (0)
SELinux booleans, zaku iya amfani da shirin setsebool kamar yadda aka bayyana a ƙasa.
Kunna ko Kashe ƙimar Boolean SELinux
Idan kana da sabar yanar gizo a kan tsarin ku, za ku iya ba da izinin rubutun HTTPD don rubuta fayiloli a cikin kundin adireshi mai suna public_content_rw_t
ta hanyar kunna allow_httpd_sys_script_anon_write
boolean.
# getsebool allow_httpd_sys_script_anon_write # setsebool allow_httpd_sys_script_anon_write on OR # setsebool allow_httpd_sys_script_anon_write 1
Hakanan, don kashe ko kashe sama da ƙimar Boolean SELinux, gudanar da umarni mai zuwa.
# setsebool allow_httpd_sys_script_anon_write off # setsebool allow_mount_anyfile off OR # setsebool allow_httpd_sys_script_anon_write 0 # setsebool allow_mount_anyfile 0
Kuna iya samun ma'anar duk SELinux booleans a https://wiki.centos.org/TipsAndTricks/SelinuxBooleans
Kar a manta karanta waɗannan labarai masu alaƙa da tsaro.
- Yadda ake kashe SELinux na ɗan lokaci ko na dindindin a cikin RHEL/CentOS
- Muhimman Abubuwan Kula da Samun Dama tare da SELinux
- Jagorar Mega don Hardening da Securing CentOS 7
A cikin wannan labarin, mun bayyana yadda ake kunna ko kashe ƙimar Boolean SELinux a cikin rarrabawar CentOS, RHEL da Fedora. Idan kuna da wasu tambayoyi, yi tambaya ta hanyar sharhi daga ƙasa.