【CentOS 7】关闭防火墙、SELinux
xixuefeng
Linux, OS
2017-11-16 9:21:56
1,717 次浏览
firewalld, SELinux
【CentOS 7】关闭防火墙、SELinux已关闭评论
一、关闭防火墙
1:查看防火墙状态
1 2 3 |
[root@Yjiu ~]# firewall-cmd --state running [root@Yjiu ~]# |
2:查看防火墙服务是否开机自动启动
1 2 3 |
[root@Yjiu ~]# systemctl is-enabled firewalld.service enabled [root@Yjiu ~]# |
3:stop 防火墙
1 2 3 4 5 |
[root@Yjiu ~]# systemctl stop firewalld.service [root@Yjiu ~]# [root@Yjiu ~]# firewall-cmd --state not running [root@Yjiu ~]# |
4:禁用开机自动启动
1 2 3 4 5 6 7 |
[root@Yjiu ~]# systemctl disable firewalld.service Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service. [root@Yjiu ~]# [root@Yjiu ~]# systemctl is-enabled firewalld.service disabled [root@Yjiu ~]# |
二:关闭SELinux
1:查看SELinux 状态
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
[root@Yjiu ~]# getenforce Enforcing [root@Yjiu ~]# 或 [root@Yjiu ~]# /usr/sbin/sestatus -v SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 28 Process contexts: Current context: unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Init context: system_u:system_r:init_t:s0 /usr/sbin/sshd system_u:system_r:sshd_t:s0-s0:c0.c1023 File contexts: Controlling terminal: unconfined_u:object_r:user_devpts_t:s0 /etc/passwd system_u:object_r:passwd_file_t:s0 /etc/shadow system_u:object_r:shadow_t:s0 /bin/bash system_u:object_r:shell_exec_t:s0 /bin/login system_u:object_r:login_exec_t:s0 /bin/sh system_u:object_r:bin_t:s0 -> system_u:object_r:shell_exec_t:s0 /sbin/agetty system_u:object_r:getty_exec_t:s0 /sbin/init system_u:object_r:bin_t:s0 -> system_u:object_r:init_exec_t:s0 /usr/sbin/sshd system_u:object_r:sshd_exec_t:s0 [root@Yjiu ~]# |
2:关闭
1 2 3 4 |
[root@Yjiu ~]# vi /etc/selinux/config SELINUX=enforcing 改为 SELINUX=disabled |
3:重启计算机后生效
4:如果暂时无法重启计算机,那么可以先做如下设置,临时关闭
1 2 3 4 5 |
[root@Yjiu ~]# setenforce 0 [root@Yjiu ~]# [root@Yjiu ~]# getenforce Permissive [root@Yjiu ~]# |
===============================================================================
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
firewall-cmd --state systemctl is-enabled firewalld.service systemctl stop firewalld.service firewall-cmd --state systemctl disable firewalld.service systemctl is-enabled firewalld.service getenforce sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config setenforce 0 getenforce |