欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  科技

【E20200101-1】Centos 7.x 关闭防火墙(firewall)和SELinux

程序员文章站 2022-03-29 10:41:22
## 一、准备工作### 1.1、服务器准备操作系统:centos 7.x### 1.2、安装好用的文本编辑工具nano```linux# yum -y install nano```## 二、关闭SELinux### 2.1、查看SELinux状态#### 2.1.1、第一种:查看SELinux状... ......

一、准备工作

1.1、服务器准备

操作系统:centos 7.x

1.2、安装好用的文本编辑工具nano

# yum -y install nano

二、关闭selinux

2.1、查看selinux状态

2.1.1、第一种:查看selinux状态方法

# /usr/sbin/sestatus
selinux status:                 enabled
selinuxfs mount:                /sys/fs/selinux
selinux root directory:         /etc/selinux
loaded policy name:             targeted
current mode:                   enforcing
mode from config file:          enforcing
policy mls status:              enabled
policy deny_unknown status:     allowed
max kernel policy version:      31

2.1.2、第二种:查看selinux状态方法

# getenforce
enforcing

2.2、临时关闭selinux

# setenforce 0

2.2.1、临时关闭后第一种方法查看selinux状态

# /usr/sbin/sestatus
selinux status:                 enabled
selinuxfs mount:                /sys/fs/selinux
selinux root directory:         /etc/selinux
loaded policy name:             targeted
current mode:                   permissive    //注意这里是 permissive
mode from config file:          enforcing
policy mls status:              enabled
policy deny_unknown status:     allowed
max kernel policy version:      31

2.2.2、临时关闭后第二种方法查看selinux状态

# getenforce
permissive

2.2.3、临时关闭后可以再次打开selinux

# setenforce 1

2.3、永久关闭selinux

2.3.1、修改配置文件/etc/sysconfig/selinux

# nano /etc/sysconfig/selinux

selinux=enforcing 改为 selinux=disabled

# this file controls the state of selinux on the system.
# selinux= can take one of these three values:
#     enforcing - selinux security policy is enforced.
#     permissive - selinux prints warnings instead of enforcing.
#     disabled - no selinux policy is loaded.
# ↓↓↓↓这里修改成disabled
selinux=disabled   
# selinuxtype= can take one of three values:
#     targeted - targeted processes are protected,
#     minimum - modification of targeted policy. only selected processes are protected.
#     mls - multi level security protection.
selinuxtype=targeted

2.3.2、重启后新配置生效

# reboot

2.3.3、临时关闭后第一种方法查看selinux状态

# /usr/sbin/sestatus
selinux status:                 disabled

2.3.4、临时关闭后第二种方法查看selinux状态

# getenforce
disabled

三、关闭防火墙firewall

3.1、查看防火墙状态

# systemctl status firewalld

防火墙开启状态下显示如下

● firewalld.service - firewalld - dynamic firewall daemon
   loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
//这行是我添加的备注↓↓↓注意这里的 active (running) 
   active: active (running) since wed 2020-01-01 17:05:47 cst; 9s ago
     docs: man:firewalld(1)
 main pid: 6787 (firewalld)
   cgroup: /system.slice/firewalld.service
           └─6787 /usr/bin/python2 -es /usr/sbin/firewalld --nofork --nopid

jan 01 17:05:47 izuf65lq1u9ra1ohnf5kebz systemd[1]: starting firewalld - dynamic firewall daemon...
jan 01 17:05:47 izuf65lq1u9ra1ohnf5kebz systemd[1]: started firewalld - dynamic firewall daemon.

3.2、关闭防火墙

# systemctl stop firewalld

3.3、关闭后查看状态

# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   active: inactive (dead)
     docs: man:firewalld(1)

jan 01 17:05:47 izuf65lq1u9ra1ohnf5kebz systemd[1]: starting firewalld - dynamic firewall daemon...
jan 01 17:05:47 izuf65lq1u9ra1ohnf5kebz systemd[1]: started firewalld - dynamic firewall daemon.
jan 01 17:11:58 izuf65lq1u9ra1ohnf5kebz systemd[1]: stopping firewalld - dynamic firewall daemon...
jan 01 17:11:58 izuf65lq1u9ra1ohnf5kebz systemd[1]: stopped firewalld - dynamic firewall daemon.

3.4、关闭防火墙开机自启动

# systemctl disable firewalld.service

3.5、关闭防火墙开机自启动后查看防火墙状态

# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   active: inactive (dead)
     docs: man:firewalld(1)

jan 01 17:05:47 izuf65lq1u9ra1ohnf5kebz systemd[1]: starting firewalld - dynamic firewall daemon...
jan 01 17:05:47 izuf65lq1u9ra1ohnf5kebz systemd[1]: started firewalld - dynamic firewall daemon.
jan 01 17:11:58 izuf65lq1u9ra1ohnf5kebz systemd[1]: stopping firewalld - dynamic firewall daemon...
jan 01 17:11:58 izuf65lq1u9ra1ohnf5kebz systemd[1]: stopped firewalld - dynamic firewall daemon.

eword 原创学习笔记
文档编号:e20200101-1
文档标签:centos、防火墙、firewall、selinux
转载请注明出处: