一, 准备工作
1.1, 服务器准备
操作系统: CentOS 7.x
1.2, 安装好用的文本编辑工具 nano
# yum -y install nano
二, 关闭 SELinux
2.1, 查看 SELinux 状态
2.1.1, 第一种: 查看 SELinux 状态方法
- # /usr/sbin/sestatus
- SELinux status: enabled
- SELinuxfs mount: /sys/fs/selinux
- SELinux root directory: /etc/selinux
- Loaded policy name: targeted
- Current mode: enforcing
- Mode from config file: enforcing
- Policy MLS status: enabled
- Policy deny_unknown status: allowed
- Max kernel policy version: 31
2.1.2, 第二种: 查看 SELinux 状态方法
# getenforce Enforcing
2.2, 临时关闭 SELinux
# setenforce 0
2.2.1, 临时关闭后第一种方法查看 SELinux 状态
- # /usr/sbin/sestatus
- SELinux status: enabled
- SELinuxfs mount: /sys/fs/selinux
- SELinux root directory: /etc/selinux
- Loaded policy name: targeted
- Current mode: permissive // 注意这里是 permissive
- Mode from config file: enforcing
- Policy MLS status: enabled
- Policy deny_unknown status: allowed
- Max kernel policy version: 31
2.2.2, 临时关闭后第二种方法查看 SELinux 状态
# getenforce Permissive
2.2.3, 临时关闭后可以再次打开 SELinux
# setenforce 1
2.3, 永久关闭 SELinux
2.3.1, 修改配置文件 / etc/sysconfig/selinux
# nano /etc/sysconfig/selinux
selinux=enforcing 改为 selinux=disabled
- # This file controls the state of SELinux on the system.
- # SELINUX= can take one of these three values:
- # enforcing - SELinux security policy is enforced.
- # permissive - SELinux prints warnings instead of enforcing.
- # disabled - No SELinux policy is loaded.
- # ↓↓↓↓这里修改成 disabled
- SELINUX=disabled
- # SELINUXTYPE= can take one of three values:
- # targeted - Targeted processes are protected,
- # minimum - Modification of targeted policy. Only selected processes are protected.
- # mls - Multi Level Security protection.
- SELINUXTYPE=targeted
2.3.2, 重启后新配置生效
# reboot
2.3.3, 临时关闭后第一种方法查看 SELinux 状态
- # /usr/sbin/sestatus
- SELinux status: disabled
2.3.4, 临时关闭后第二种方法查看 SELinux 状态
# getenforce Disabled
三, 关闭防火墙 firewall
3.1, 查看防火墙状态
# systemctl status firewalld
防火墙开启状态下显示如下
● firewalld.service - firewalld - dynamic firewall daemon
- Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
- // 这行是我添加的备注↓↓↓注意这里的 active (running)
- Active: active (running) since Wed 2020-01-01 17:05:47 CST; 9s ago
- Docs: man:firewalld(1)
- Main PID: 6787 (firewalld)
- CGroup: /system.slice/firewalld.service
└─6787 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid
- Jan 01 17:05:47 iZuf65lq1u9ra1ohnf5kebZ systemd[1]: Starting firewalld - dynamic firewall daemon...
- Jan 01 17:05:47 iZuf65lq1u9ra1ohnf5kebZ systemd[1]: Started firewalld - dynamic firewall daemon.
3.2, 关闭防火墙
# systemctl stop firewalld
3.3, 关闭后查看状态
# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
- Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
- Active: inactive (dead)
- Docs: man:firewalld(1)
- Jan 01 17:05:47 iZuf65lq1u9ra1ohnf5kebZ systemd[1]: Starting firewalld - dynamic firewall daemon...
- Jan 01 17:05:47 iZuf65lq1u9ra1ohnf5kebZ systemd[1]: Started firewalld - dynamic firewall daemon.
- Jan 01 17:11:58 iZuf65lq1u9ra1ohnf5kebZ systemd[1]: Stopping firewalld - dynamic firewall daemon...
- Jan 01 17:11:58 iZuf65lq1u9ra1ohnf5kebZ systemd[1]: Stopped firewalld - dynamic firewall daemon.
3.4, 关闭防火墙开机自启动
# systemctl disable firewalld.service
3.5, 关闭防火墙开机自启动后查看防火墙状态
# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
- Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
- Active: inactive (dead)
- Docs: man:firewalld(1)
- Jan 01 17:05:47 iZuf65lq1u9ra1ohnf5kebZ systemd[1]: Starting firewalld - dynamic firewall daemon...
- Jan 01 17:05:47 iZuf65lq1u9ra1ohnf5kebZ systemd[1]: Started firewalld - dynamic firewall daemon.
- Jan 01 17:11:58 iZuf65lq1u9ra1ohnf5kebZ systemd[1]: Stopping firewalld - dynamic firewall daemon...
- Jan 01 17:11:58 iZuf65lq1u9ra1ohnf5kebZ systemd[1]: Stopped firewalld - dynamic firewall daemon.
Eword 原创学习笔记
文档编号: E20200101-1
来源: https://www.cnblogs.com/shylock/p/e202001011centos-7x-gan-bi-fang-huo-qiang-firewal.html