Shulou(Shulou.com)06/01 Report--

Centosde startup process and security reinforcement selinux is like, I believe that many inexperienced people do not know what to do, so this paper summarizes the causes of the problem and solutions, through this article I hope you can solve this problem.

Centos6 boot flow 1, power-on POST self-test, load the hardware information of BIOS, get the first boot device 2, read the boot information of the boot loader (grub) in the first boot device MBR 3, load the core operating system information, the core begins to decompress, and try to drive all hardware devices 4, the core executes the init program And get the default running information 5, init program execution / etc/rc.d/rc.sysinit file 6, boot core plug-in module 7, init execution run each batch file (scripts) 8, init execution / etc/rc.d/rc.local9, execution / bin/login program, wait for a while to log in 10, log in and start to control the host with shell. As shown in the figure

MBR (Master Boot Recorder), which we call the master boot record. How does BIOS find bootable devices? We know that when partitioning, the first sector of the hard disk is the stored MBR. If the device is a bootable device, then the last two bytes of the sector must be 55/AA, so when looking for a bootable device, if you find that the last two bytes of the device are this, then the device is a bootable device. BIOS executes its boot code when it finds a bootable device. Because MBR occupies 512 bytes of the first sector, and the partition table takes up 164,464 bytes, plus the last two flag bytes, the boot code of MBR is the first 446bytes of MBR. Of course, these 446 bytes are too small to complete the boot program of the entire operating system. So what may be stored in these 446 bytes is some code to start the bootstrap program. GRUB is a boot loader, which will boot the operating system. The boot loader is the first real software that the computer runs during startup. After passing the BISO self-test, the computer reads and runs the boot bootstrap program in the foremost sector on the boot medium, that is, the hard disk main boot sector (MBR). Here, MBR occupies 512 bytes of the first sector. But it actually takes up only 446 bytes, and the other 64 bytes are given to DPT (the Disk Partition Table hard disk partition table). The last two bytes "55 hundred AA" is the end of the partition. The boot loader is responsible for loading the operating system in the boot hard disk partition. If the boot loader does not work properly, it will cause the operating system to not start properly, resulting in the paralysis of the entire computer. Usually, each operating system writes its own initiator on the hard disk (MBR) during installation, so that it can boot through its own custom boot script and add startup items.

Security reinforcement selinuxselinux is a kind of security policy mechanism. There are four types of operations in selinux: trict: in centos5, each process is controlled by selinux; targeted: used to protect common network services, only a limited number of processes are controlled by selinux, and centos5 protects 88 services; minimunm: modify targetd in centos7, only for selected network services; mls: provide security for MLS (multilevel security) mechanism. The general setting defaults to targeted type and does not need to be modified. Selinux has three operating states: enforce: mandatory, each restricted process must be restricted; permissive: allowed, each restricted process violation will not be prohibited, but will be recorded in the audit log; disabled: disabled. # the description of the selinux security label the security label becomes the security context, that is, the content value: the unconfined_u:object_r:httpd_sys_content_t:s0 security context consists of five elements in the format: user:role:type:sensitivity:category (the category part is not visible,) unconfined_u: represents the user location and indicates the type of user logged into the system. Such as root,user_u,system_u, most local processes are free (unconfined) processes Object_r: represents role location, defines the purpose of files, processes and users: file: object_r, process and user: system_r; httpd_sys_content_t: represents type location, specifies data type, rules define which process type to access which file Target policy is based on type implementation, multi-service sharing: public_content_t S0: represents the sensitivity location, the need to restrict access, the hierarchical security level defined by the organization, such as unclassified, secret,top,secret, each object has and only has two sensitivity, with a score of 0-15, with the lowest S0. The Target policy defaults to Secrets0. Category: for a specific organization that is divided into non-hierarchical categories, such as FBI Secret,NSA secret, an object can have multiple categroy,c0-c1023 with a total of 1024 categories. Target strategy does not use ategory to read the above content. Have you mastered the centosde startup process and how to secure selinux? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.