本文基于Linux上CentOS 7版本进行演示
一.关闭SElinux
1.临时关闭
2.永久关闭
二.关闭防火墙(firewalld服务)
1.查看防火墙状态
2.关闭防火墙
使用setenforce 0命令临时关闭SElinux
[root@sulibao ~]# setenforce 0
setenforce: SELinux is disabled
查看状态是否关闭
[root@sulibao ~]# getenforce
Disabled
(1)修改配置文件/etc/selinux/config
[root@sulibao ~]# vim /etc/selinux/config
(2)将文件内SELINUX=XX这行改为 SELINUX=disabled或者SELINUX=permissive,然后保存退出,重启生效
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
(3)重启过后使用getenforce查看SElinux状态,为Disabled或permissive即可认为关闭成功
[root@sulibao ~]# getenforce
Disabled
systemctl status firewalld,active为running表示正在运行
[root@sulibao ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
[root@sulibao ~]# systemctl restart firewalld
[root@sulibao ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2023-01-06 13:32:07 CST; 2s ago
Docs: man:firewalld(1)
Main PID: 28795 (firewalld)
Tasks: 2
CGroup: /system.slice/firewalld.service
└─28795 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid
Jan 06 13:32:06 sulibao systemd[1]: Starting firewalld - dynamic firewall daemon...
Jan 06 13:32:07 sulibao systemd[1]: Started firewalld - dynamic firewall daemon.
Jan 06 13:32:07 sulibao firewalld[28795]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a ...ng it now.
Hint: Some lines were ellipsized, use -l to show in full.
systemctl stop firewalld 此次关闭,下次不关闭
systemctl disable firewalld 禁用,永久关闭
[root@sulibao ~]# systemctl stop firewalld
[root@sulibao ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
查看firewalld服务状态,active为dead,此时已经永久关闭
[root@sulibao ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)