實驗環境:CentOS 7 Minimal Installation 64bit(1511)
semanage命令是用來查詢與修改SELinux默認目錄的安全上下文。命令介紹這裏推薦最爲完整的在線中文版man手冊 http://man.linuxde.net/semanage
CentOS系統自帶的chcon工具只能修改文件、目錄等的文件類型和策略,沒法對端口、消息接口和網絡接口等進行管理,semanage能有效勝任SELinux的相關配置工做。python
[root@localhost ~]# semanage
-bash: semanage: command not found
[root@localhost ~]# yum install semanage
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.bit.edu.cn
* extras: mirrors.btte.net
* updates: mirrors.btte.net
No package semanage available.
Error: Nothing to do
[root@localhost ~]# yum provides semanage
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.bit.edu.cn
* extras: mirrors.btte.net
* updates: mirrors.btte.net
policycoreutils-python-2.2.5-20.el7.x86_64 : SELinux policy core python utilities
Repo : base
Matched from:
Filename : /usr/sbin/semanagelinux
安裝,這裏直接使用tab鍵補全功能能夠方便的找到要安裝的包。tab補全功能參考http://blog.csdn.net/capricorn90/article/details/52558280安全
[root@localhost ~]# yum -y install policycoreutils-python.x86_64bash
命令經常使用格式網絡
#管理登陸linux的用戶和SELinux侷限的用戶之間的映射ide
semanage login [-S store] -{a|d|m|l|n|D} [-sr] login_name | %groupname工具
#管理策略模塊spa
semanage module [-S store] -{a|d|l} [-m [–enable | –disable] ] module_name.net
管理網絡端口類型定義orm
semanage port [-S store] -{a|d|m|l|n|D} [-tr] [-p proto] port | port_range