精华内容
下载资源
问答
  • Enforcing HTTPS

    2020-12-25 17:10:22
    <div><p>Added link for enforcing HTTPS on Cloud Foundry</p><p>该提问来源于开源项目:jhipster/jhipster.github.io</p></div>
  • Enforcing signing

    2021-01-08 12:06:40
    <div><p>We are starting to get contributions from the community. Should we start enforcing signing, eg GPG?</p><p>该提问来源于开源项目:codeigniter4/CodeIgniter4</p></div>
  • 在Android的root相关的文章里经常会看到关于SElinux,Android4.3以后引进...目前 SELinux 支持三种模式,分别如下: •enforcing:强制模式,代表 SELinux 运作中,且已经正确的开始限制 domain/type 了; •perm

    在Android的root相关的文章里经常会看到关于SElinux,Android4.3以后引进SElinux。

    SELinux 的启动、关闭与查看

    1、并非所有的 Linux distributions 都支持 SELinux
    目前 SELinux 支持三种模式,分别如下:

    •enforcing:强制模式,代表 SELinux 运作中,且已经正确的开始限制 domain/type 了;

    •permissive:宽容模式:代表 SELinux 运作中,不过仅会有警告讯息并不会实际限制 domain/type 的存取。这种模式可以运来作为 SELinux 的 debug 之用;

    •disabled:关闭,SELinux 并没有实际运作。

    2,查看SELinux的模式

    # getenforce Enforcing <==就显示出目前的模式为 Enforcing
    

    3,查看 SELinux 的政策 (Policy)

    [root@master oracle]# sestatus
    SELinux status: enabled <==是否启动 SELinux
    SELinuxfs mount: /selinux <==SELinux 的相关文件资料挂载点
    Current mode: enforcing <==目前的模式
    Mode from config file: enforcing <==设定档指定的模式
    Policy version: 21
    Policy from config file: targeted <==目前的政策为何?
    

    4,通过配置文件调整SELinux的参数

    [root@www ~]# vi /etc/selinux/config 
    SELINUX=enforcing <==调整 enforcing|disabled|permissive 
    SELINUXTYPE=targeted <==目前仅有 targeted 与 strict 
    

    5,SELinux 的启动与关闭

    【重要常识】上面是预设的政策与启动的模式!你要注意的是,如果改变了政策则需要重新开机;如果由 enforcing 或 permissive 改成 disabled ,或由 disabled 改成其他两个,那也必须要重新开机。这是因为 SELinux 是整合到核心里面去的, 你只可以在 SELinux 运作下切换成为强制 (enforcing) 或宽容 (permissive) 模式,不能够直接关闭 SELinux 的!
    同时,由 SELinux 关闭 (disable) 的状态到开启的状态也需要重新开机啦!所以,如果刚刚你发现 getenforce 出现 disabled 时, 请到上述文件修改成为 enforcing 吧!

    【重点】如果要启动SELinux必须满足以下两个点:
    所以,如果你要启动 SELinux 的话,请将上述的 SELINUX=enforcing 设定妥当,并且指定 SELINUXTYPE=targeted 这一个设定, 并且到 /boot/grub/menu.lst 这个文件去,看看核心有无关闭 SELinux 了呢?

    [root@www ~]# vi /boot/grub/menu.lst 
    default=0 
    timeout=5 
    splashimage=(hd0,0)/grub/splash.xpm.gz 
    hiddenmenu 
    title CentOS (2.6.18-92.el5) 
          root (hd0,0) 
          kernel /vmlinuz-2.6.18-92.el5 ro root=LABEL=/1 rhgb quiet selinux=0 
          initrd /initrd-2.6.18-92.el5.img 
    
    

    如果要启动 SELinux ,则不可以出现 selinux=0 的字样在 kernel 后面!

    【问题】通过上面的学习我们知道,如果将启动着的SELinux改为禁用,需要重启电脑,我们不想重启电脑又不想开启SELinux该怎么办呢?
    【答案】将强制模式改为宽松模!

    [root@www ~]# setenforce [0|1] 
    

    选项与参数:
    0 :转成 permissive 宽容模式;
    1 :转成 Enforcing 强制模式

    范例一:将 SELinux 在 Enforcing 与 permissive 之间切换与查看

    [root@www ~]# setenforce 0 
    [root@www ~]# getenforce Permissive 
    [root@www ~]# setenforce 1 
    [root@www ~]# getenforce Enforcing
    

    6,查看已启动程序的type设定

    [root@master oracle]# ps aux -Z 
    LABEL USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND 
    system_u:system_r:init_t root 1 0.0 0.4 2060 520 ? Ss May07 0:02 init [5 system_u:system_r:kernel_t root 2 0.0 0.0 0 0 ? S< May07 0:00 [migra] system_u:system_r:kernel_t root 11 0.0 0.0 0 0 ? S< May07 0:00 [kacpi] system_u:system_r:auditd_t root 4022 0.0 0.4 12128 560 ? S<sl May07 0:01 auditd system_u:system_r:auditd_t root 4024 0.0 0.4 13072 628 ? S<sl May07 0:00 /sbin/a system_u:system_r:restorecond_t root 4040 0.0 4.4 10284 5556 ? Ss May07 0:00 /usr/sb 
    

    说明:其实这些东西我们都不用管,都是SELinux内置的。只要学会在强制和宽松模式间转换就行了!

    小结附:

    关闭SELinux的方法:
    修改/etc/selinux/config文件中的SELINUX="" 为 disabled ,然后重启。
    如果不想重启系统,使用命令setenforce 0

    注:
    setenforce 1 设置SELinux 成为enforcing模式
    setenforce 0 设置SELinux 成为permissive模式
    在lilo或者grub的启动参数中增加:selinux=0,也可以关闭selinux


    查看selinux状态:
    /usr/bin/setstatus -v
    如下:

    SELinux status:                 enabled
    SELinuxfs mount:                /selinux
    Current mode:                   permissive
    Mode from config file:          enforcing
    Policy version:                 21
    Policy from config file:        targeted
    

    getenforce/setenforce查看和设置SELinux的当前工作模式


    查看SELinux状态:

    1、/usr/sbin/sestatus -v ##如果SELinux status参数为enabled即为开启状态

    SELinux status: enabled

    2、getenforce ##也可以用这个命令检查

    关闭SELinux:

    1、临时关闭(不用重启机器):

    
    setenforce 0  ##设置SELinux 成为permissive模式
    
    ##setenforce 1 设置SELinux 成为enforcing模式
    

    2、修改配置文件需要重启机器:

    修改/etc/selinux/config 文件

    将SELINUX=enforcing改为SELINUX=disabled

    重启机器即可

    展开全文
  • Once those services have been verified the mode will be changed to <code>enforcing</code>. The changes here were tested in the <code>enforcing</code> mode</p><p>该提问来源于开源项目:...
  • be_enforcing add

    2021-01-06 04:26:21
    be_enforcing" があったらいいな。 ということでつくってみました。 - Permissiveモードであるか確認する <code>be_permissive - Disabledモードであるか確認する <code>be_disabled</code></p> 有効か否か、と...
  • <p>Problem: Testing allocation logic requires setting ENFORCING=true, which is dangerous Solution: Remove ENFORCING from the equation <h2>Checklist before merging Pull Requests <ul><li>[ ] ...
  • <p>I am actually working on enforcing security of my proxified containers by adding important security headers as CSP. CSP is not easy to implement but it's worth the pain. For now i am focused on...
  • <p>The armed, aggressive fleet at the centre of the screenshot is not enforcing supply propagation. The issue happened first time on turn 124. I attach files for turns 122 and 124. <h3>Expected ...
  • <div><p>Chromium started enforcing some Certificate Transparency policies by default in M53, and refuses to load certain websites when the CT verification fails while establishing the TLS connection; ...
  • Enforcing STARTTLS

    2021-01-09 18:52:39
    <div><p>As far as I can see, STARTTLS is used if advertised by the server. But I can not see any option to enforce STARTTLS (so either connect via STARTTLS or do not connect at all)....
  • <div><p>ESlint provides rulesets for enforcing and checking JSDoc comments. <code>valid-jsdoc</code> and <code>require-jsdoc</code></p> <p>https://eslint.org/docs/rules/valid-jsdoc ...
  • <div><p>Rather than setting selinux to permissive on all nodes, leave selinux enforcing and specify the unconfined spc_t container type for the kube-addons containers. For more on spc_t, see: ...
  • <div><p>Twitter Enforcing HTTPS on all api calls</p><p>该提问来源于开源项目:hwi/HWIOAuthBundle</p></div>
  • <div><p><strong>What this PR does / why we need it</strong>: An example on enforcing readiness and liveness probes</p><p>该提问来源于开源项目:open-policy-agent/gatekeeper</p></div>
  • <div><p>lets have an attribute for enforcing or permissiving SELinuxon RHEL/Centos. Implementation like suggested in issue: https://github.com/dev-sec/chef-os-hardening/issues/106</p><p>该提问来源于...
  • <ul><li>connects to #4393 guestbook not enforcing reqd fields</li></ul> <h2>Pull Request Checklist <ul><li>[x] Unit <a href="http://guides.dataverse.org/en/latest/developers/testing.html">tests[x] NA...
  • I chose to default to <code>enforcing</code> as I don't want the defaults here to actually walk back the configuration that RHEL and friends ship with. <p>Signed-off-by: Jared Ledvina </p><p>该...
  • If selinux is set to enforcing, the containers will report permission denied attempting to execute the entrypoint scripts at test/entrypoint-netaccess.sh and test/entrypoint.sh. </p> <p>The solution ...
  • <p>Note: I implemented this to have proper joint limit enforcing in </p><pre><code>ros_control_boilerplate</code></pre> when using velocity-resolved simulation mode. My fix for davetcoleman/ros_...
  • I wonder if an enhancement on the following line would be secure and possible: instead of enforcing the google account to be in the hosted domain a flag would instruct the google authenticator to ...
  • <ul><li>Add TimeoutSeconds in the RevisionSpec API.</li><li>Implement the feature of enforcing timeout of Revision.</li></ul> <p>The logic of enforcing timeout is: 1) For the case that a route points ...
  • <p>It would be usefull to have a safeguard , enforcing the consumer container to stop to prevent losing message in an unexpected behavior concerning this exception.</p><p>该提问来源于开源项目:...
  • This patch uses runuser command instead of su in order to properly run the pgsql resource agent in SELinux enforcing mode.</p><p>该提问来源于开源项目:ClusterLabs/resource-agents</p></div>
  • <div><p>Not sure if this is a django-nonrel isssue or a vanilla django issue, but it seems CharField limitation enforcing isn't happening. <p>On GAE (dev server).. Here's a test model with a ...
  • <div><p>New test to check that composer can work with SELinux in enforcing mode on the host system.</p><p>该提问来源于开源项目:weldr/lorax</p></div>
  • <div><p>With SELinux Enforcing, with the new hostmount-anyuid scc for system:serviceaccount:logging:aggregated-logging-fluentd, fluentd is not able to read/write /var/log on the host.</p><p>该提问来源...
  • <p>and enforcing SNI: <pre><code>sslContextFactory.setSniRequired(true);</code></pre> <p>I get the following error: <pre><code>java.lang.IllegalStateException: No SNI Key managers when SNI is ...
  • <div><p>This PR adds a namespace enforcing wrapper for client.Client. This helps while dealing with namespace-scoped objects, where the namespace value need not be specified in every operation. <p>...
  • enforcing" a strict code style, at which point this behaviour would become part of rustc anyway). <p>My proposal thus is to add a lint that first scans all files of a crate and creates an ordering...

空空如也

空空如也

1 2 3 4 5 ... 20
收藏数 5,700
精华内容 2,280
关键字:

enforcing