Shulou(Shulou.com)06/02 Report--

When it comes to security, everyone thinks of firewalls and file system permissions. In the actual work environment, our security configuration in Linux will involve four levels. Let's think about a scenario where you want to store a file on Baidu disk. This action needs to consider the following four permissions.

1 firewall # firewall-cmd...

When you access the server, you will first go through the firewall.

2 service # vim / etc/*.conf

When you access the service of Baidu disk, you can only access your own Baidu disk.

3 filesystem # chown, chmod, setfacl

When we store the file on Baidu disk, you need to have local write permission on the server.

4 selinux # vim / etc/selinux/config

Selinux is a security enhancement, and he has done another layer of security protection on the basis of the above three security.

The security enhancement of Selinux on the port, we call it the port port label. When configuring the apache service, we modified the default service port and the service could not be started. To add the port number you want to use in the semanage port port tag, the service can start normally.

Selinux's security enhancements in services, we call him bealoon Boolean. When configuring the samba service, if you want to share the user's home directory, you must turn on the Boolean value of samba_enable_home_dirs. Users can only access their own home directory share.

Selinux's security enhancements on the file system, we call him fcontext context relationship. When configuring samba services, if you share a top-level directory, such as "/ common". If you want to give him read and write access to this folder, you must change the context of the folder to "samba_share_t".

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.