• Enforcing HTTPS

    2020-12-25 17:10:22
    <div><p>Added link for enforcing HTTPS on Cloud Foundry</p><p>该提问来源于开源项目:jhipster/jhipster.github.io</p></div>
  • Enforcing signing

    2021-01-08 12:06:40
    <div><p>We are starting to get contributions from the community. Should we start enforcing signing, eg GPG?</p><p>该提问来源于开源项目:codeigniter4/CodeIgniter4</p></div>
  • 在Android的root相关的文章里经常会看到关于SElinux,Android4.3以后引进...目前 SELinux 支持三种模式,分别如下: •enforcing:强制模式,代表 SELinux 运作中,且已经正确的开始限制 domain/type 了; •perm


    SELinux 的启动、关闭与查看

    1、并非所有的 Linux distributions 都支持 SELinux
    目前 SELinux 支持三种模式,分别如下:

    •enforcing:强制模式,代表 SELinux 运作中,且已经正确的开始限制 domain/type 了;

    •permissive:宽容模式:代表 SELinux 运作中,不过仅会有警告讯息并不会实际限制 domain/type 的存取。这种模式可以运来作为 SELinux 的 debug 之用;

    •disabled:关闭,SELinux 并没有实际运作。


    # getenforce Enforcing <==就显示出目前的模式为 Enforcing

    3,查看 SELinux 的政策 (Policy)

    [root@master oracle]# sestatus
    SELinux status: enabled <==是否启动 SELinux
    SELinuxfs mount: /selinux <==SELinux 的相关文件资料挂载点
    Current mode: enforcing <==目前的模式
    Mode from config file: enforcing <==设定档指定的模式
    Policy version: 21
    Policy from config file: targeted <==目前的政策为何?


    [root@www ~]# vi /etc/selinux/config 
    SELINUX=enforcing <==调整 enforcing|disabled|permissive 
    SELINUXTYPE=targeted <==目前仅有 targeted 与 strict 

    5,SELinux 的启动与关闭

    【重要常识】上面是预设的政策与启动的模式!你要注意的是,如果改变了政策则需要重新开机;如果由 enforcing 或 permissive 改成 disabled ,或由 disabled 改成其他两个,那也必须要重新开机。这是因为 SELinux 是整合到核心里面去的, 你只可以在 SELinux 运作下切换成为强制 (enforcing) 或宽容 (permissive) 模式,不能够直接关闭 SELinux 的!
    同时,由 SELinux 关闭 (disable) 的状态到开启的状态也需要重新开机啦!所以,如果刚刚你发现 getenforce 出现 disabled 时, 请到上述文件修改成为 enforcing 吧!

    所以,如果你要启动 SELinux 的话,请将上述的 SELINUX=enforcing 设定妥当,并且指定 SELINUXTYPE=targeted 这一个设定, 并且到 /boot/grub/menu.lst 这个文件去,看看核心有无关闭 SELinux 了呢?

    [root@www ~]# vi /boot/grub/menu.lst 
    title CentOS (2.6.18-92.el5) 
          root (hd0,0) 
          kernel /vmlinuz-2.6.18-92.el5 ro root=LABEL=/1 rhgb quiet selinux=0 
          initrd /initrd-2.6.18-92.el5.img 

    如果要启动 SELinux ,则不可以出现 selinux=0 的字样在 kernel 后面!


    [root@www ~]# setenforce [0|1] 

    0 :转成 permissive 宽容模式;
    1 :转成 Enforcing 强制模式

    范例一:将 SELinux 在 Enforcing 与 permissive 之间切换与查看

    [root@www ~]# setenforce 0 
    [root@www ~]# getenforce Permissive 
    [root@www ~]# setenforce 1 
    [root@www ~]# getenforce Enforcing


    [root@master oracle]# ps aux -Z 
    system_u:system_r:init_t root 1 0.0 0.4 2060 520 ? Ss May07 0:02 init [5 system_u:system_r:kernel_t root 2 0.0 0.0 0 0 ? S< May07 0:00 [migra] system_u:system_r:kernel_t root 11 0.0 0.0 0 0 ? S< May07 0:00 [kacpi] system_u:system_r:auditd_t root 4022 0.0 0.4 12128 560 ? S<sl May07 0:01 auditd system_u:system_r:auditd_t root 4024 0.0 0.4 13072 628 ? S<sl May07 0:00 /sbin/a system_u:system_r:restorecond_t root 4040 0.0 4.4 10284 5556 ? Ss May07 0:00 /usr/sb 



    修改/etc/selinux/config文件中的SELINUX="" 为 disabled ,然后重启。
    如果不想重启系统,使用命令setenforce 0

    setenforce 1 设置SELinux 成为enforcing模式
    setenforce 0 设置SELinux 成为permissive模式

    /usr/bin/setstatus -v

    SELinux status:                 enabled
    SELinuxfs mount:                /selinux
    Current mode:                   permissive
    Mode from config file:          enforcing
    Policy version:                 21
    Policy from config file:        targeted



    1、/usr/sbin/sestatus -v ##如果SELinux status参数为enabled即为开启状态

    SELinux status: enabled

    2、getenforce ##也可以用这个命令检查



    setenforce 0  ##设置SELinux 成为permissive模式
    ##setenforce 1 设置SELinux 成为enforcing模式


    修改/etc/selinux/config 文件



  • Once those services have been verified the mode will be changed to <code>enforcing</code>. The changes here were tested in the <code>enforcing</code> mode</p><p>该提问来源于开源项目:...
  • be_enforcing add

    2021-01-06 04:26:21
    be_enforcing" があったらいいな。 ということでつくってみました。 - Permissiveモードであるか確認する <code>be_permissive - Disabledモードであるか確認する <code>be_disabled</code></p> 有効か否か、と...
  • <p>Problem: Testing allocation logic requires setting ENFORCING=true, which is dangerous Solution: Remove ENFORCING from the equation <h2>Checklist before merging Pull Requests <ul><li>[ ] ...
  • <p>I am actually working on enforcing security of my proxified containers by adding important security headers as CSP. CSP is not easy to implement but it's worth the pain. For now i am focused on...
  • <p>The armed, aggressive fleet at the centre of the screenshot is not enforcing supply propagation. The issue happened first time on turn 124. I attach files for turns 122 and 124. <h3>Expected ...
  • <div><p>Chromium started enforcing some Certificate Transparency policies by default in M53, and refuses to load certain websites when the CT verification fails while establishing the TLS connection; ...
  • Enforcing STARTTLS

    2021-01-09 18:52:39
    <div><p>As far as I can see, STARTTLS is used if advertised by the server. But I can not see any option to enforce STARTTLS (so either connect via STARTTLS or do not connect at all)....
  • <div><p>ESlint provides rulesets for enforcing and checking JSDoc comments. <code>valid-jsdoc</code> and <code>require-jsdoc</code></p> <p>https://eslint.org/docs/rules/valid-jsdoc ...
  • <div><p>Rather than setting selinux to permissive on all nodes, leave selinux enforcing and specify the unconfined spc_t container type for the kube-addons containers. For more on spc_t, see: ...
  • <div><p>Twitter Enforcing HTTPS on all api calls</p><p>该提问来源于开源项目:hwi/HWIOAuthBundle</p></div>
  • <div><p><strong>What this PR does / why we need it</strong>: An example on enforcing readiness and liveness probes</p><p>该提问来源于开源项目:open-policy-agent/gatekeeper</p></div>
  • <div><p>lets have an attribute for enforcing or permissiving SELinuxon RHEL/Centos. Implementation like suggested in issue: https://github.com/dev-sec/chef-os-hardening/issues/106</p><p>该提问来源于...
  • <ul><li>connects to #4393 guestbook not enforcing reqd fields</li></ul> <h2>Pull Request Checklist <ul><li>[x] Unit <a href="http://guides.dataverse.org/en/latest/developers/testing.html">tests[x] NA...
  • I chose to default to <code>enforcing</code> as I don't want the defaults here to actually walk back the configuration that RHEL and friends ship with. <p>Signed-off-by: Jared Ledvina </p><p>该...
  • If selinux is set to enforcing, the containers will report permission denied attempting to execute the entrypoint scripts at test/entrypoint-netaccess.sh and test/entrypoint.sh. </p> <p>The solution ...
  • <p>Note: I implemented this to have proper joint limit enforcing in </p><pre><code>ros_control_boilerplate</code></pre> when using velocity-resolved simulation mode. My fix for davetcoleman/ros_...
  • I wonder if an enhancement on the following line would be secure and possible: instead of enforcing the google account to be in the hosted domain a flag would instruct the google authenticator to ...
  • <ul><li>Add TimeoutSeconds in the RevisionSpec API.</li><li>Implement the feature of enforcing timeout of Revision.</li></ul> <p>The logic of enforcing timeout is: 1) For the case that a route points ...
  • <p>It would be usefull to have a safeguard , enforcing the consumer container to stop to prevent losing message in an unexpected behavior concerning this exception.</p><p>该提问来源于开源项目:...
  • This patch uses runuser command instead of su in order to properly run the pgsql resource agent in SELinux enforcing mode.</p><p>该提问来源于开源项目:ClusterLabs/resource-agents</p></div>
  • <div><p>Not sure if this is a django-nonrel isssue or a vanilla django issue, but it seems CharField limitation enforcing isn't happening. <p>On GAE (dev server).. Here's a test model with a ...
  • <div><p>New test to check that composer can work with SELinux in enforcing mode on the host system.</p><p>该提问来源于开源项目:weldr/lorax</p></div>
  • <div><p>With SELinux Enforcing, with the new hostmount-anyuid scc for system:serviceaccount:logging:aggregated-logging-fluentd, fluentd is not able to read/write /var/log on the host.</p><p>该提问来源...
  • <p>and enforcing SNI: <pre><code>sslContextFactory.setSniRequired(true);</code></pre> <p>I get the following error: <pre><code>java.lang.IllegalStateException: No SNI Key managers when SNI is ...
  • <div><p>This PR adds a namespace enforcing wrapper for client.Client. This helps while dealing with namespace-scoped objects, where the namespace value need not be specified in every operation. <p>...
  • enforcing" a strict code style, at which point this behaviour would become part of rustc anyway). <p>My proposal thus is to add a lint that first scans all files of a crate and creates an ordering...



1 2 3 4 5 ... 20
收藏数 5,700
精华内容 2,280