1.系统安装
系统安装完成后,系统当前的SELinux配置为:
| # cat /etc/selinux/config SELINUX=enforcing SELINUXTYPE=targeted |
2.SELinux环境准备
| # yum install setools policycoreutils.x86_64 selinux-policy-mls.noarch setroubleshoot.x86_64 setools-console -y |
3.SELinux配置
修改SELINUXTYPE为mls模式。
| # cat /etc/selinux/config SELINUX=enforcing SELINUXTYPE=mls |
修改完成,执行命令
| # fixfiles -B onboot # reboot |
4.Linux用户创建
| # useradd -G wheel sysadm # useradd -G wheel secadm # useradd -G wheel auditadm |
用户密码登录设置
| passwd sysadm passwd secadm passwd auditadm |
5.创建SELinux用户
创建命令
| # semanage user -a -L s0 -r s0-s0:c0.c1023 -R secadm_r secadm_u # semanage user -a -L s0 -r s0-s0:c0.c1023 -R sysadm_r sysadm_u # semanage user -a -L s0 -r s0-s0:c0.c1023 -R auditadm_r auditadm_u |
如果需要用户可以登录ssh,需要添加sysadm_r角色,设置ssh_sysadm_login布尔变量为on。
| # semanage user -m -L s0 -r s0-s15:c0.c1023 secadm_u -R "secadm_r sysadm_r" # setsebool -P ssh_sysadm_login on |
# semanage user -l
SELinux中默认创建的默认用户以及角色:
| User |
Default role |
Additional roles |
| unconfined_u |
unconfined_r |
system_r |
| guest_u |
guest_r |
|
| xguest_u |
xguest_r |
|
| user_u |
user_r |
|
![排序链表[中等]](https://img-blog.csdnimg.cn/direct/2352d0d9fb4346a1b8386002d583e345.png)
