linux selinux 常用命令 查看是否有被selinux阻挡 sudo cat /var/log/audit/audit.log | grep denied boolean 查看boolean状态 sudo sestatus -b sudo sestatus -b | grep -i sendmail 设置boolean sudo setsebool -P $boolean名 $1或0 常用boolean boolean名 意义 httpd_can_network_connect 允许httpd反向代理 httpd_can_sendmail 允许httpd发送邮件 semanager 安装semanager sudo yum install -y policycoreutils-python Centos 8 sudo yum
centos Centos7 apache使用freeipa pki提供证书 安装apache和mod_nss sudo yum install httpd mod_nss -y 配置mod_nss sudo sh -c "echo 'Listen 443' >> /etc/httpd/conf.d/nssconfig.conf" sudo sh -c "echo 'NSSCipherSuite +aes_128_sha_256,+aes_256_sha_256,+ecdhe_ecdsa_aes_128_gcm_sha_256,+ecdhe_ecdsa_
centos SELinux boolean操作 查询boolean状态 sudo sestatus -b 或者 sudo sestatus -b | grep -i sendmail 设置boolean sudo setsebool -P $boolean名 $1或0 如允许httpd发送邮件 sudo setsebool -P httpd_can_sendmail 1
centos selinux 允许apache访问文件 yum install -y policycoreutils-python semanage fcontext -a -t httpd_sys_content_t /path/to/file restorecon -v /path/to/file semanage fcontext -a -t httpd_sys_content_t "/path/to/dir(/.*)?" restorecon -R -v /path/to/dir