Pages

Sunday, 8 November 2020

CentOS下semanage命令的安装

 

安装:

  1. yum install policycoreutils-python

semanage使用方法:

  1. /usr/sbin/semanage:

  2. semanage [ -S store ] -i [ input_file | - ]

  3. semanage [ -S store ] -o [ output_file | - ]

  4. semanage {boolean|login|user|port|interface|module|node|fcontext} -{l|D|E} [-n]

  5. semanage login -{a|d|m} [-sr] login_name | %groupname

  6. semanage user -{a|d|m} [-LrRP] selinux_name

  7. semanage port -{a|d|m} [-tr] [ -p proto ] port | port_range

  8. semanage interface -{a|d|m} [-tr] interface_spec

  9. semanage module -{a|d|m} [--enable|--disable] module

  10. semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] addr

  11. semanage fcontext -{a|d|m} [-efrst] file_spec

  12. semanage boolean -{d|m} [--on|--off|-1|-0] -F boolean | boolean_file

  13. semanage permissive -{d|a|l} type

  14. semanage dontaudit [ on | off ]

  15. Primary Options:

  16.     -a, --add        Add a OBJECT record NAME

  17.     -d, --delete     Delete a OBJECT record NAME

  18.     -m, --modify     Modify a OBJECT record NAME

  19.         -i, --input      Input multiple semange commands in a transaction

  20.         -o, --output     Output current customizations as semange commands

  21.     -l, --list       List the OBJECTS

  22.     -E, --extract    extract customizable commands

  23.     -C, --locallist  List OBJECTS local customizations

  24.     -D, --deleteall  Remove all OBJECTS local customizations

  25.     -h, --help       Display this message

  26.     -n, --noheading  Do not print heading when listing OBJECTS

  27.         -S, --store      Select and alternate SELinux store to manage

  28. Object-specific Options (see above):

  29.     -f, --ftype      File Type of OBJECT

  30.         "" (all files)

  31.         -- (regular file)

  32.         -d (directory)

  33.         -c (character device)

  34.         -b (block device)

  35.         -s (socket)

  36.         -l (symbolic link)

  37.         -p (named pipe)

  38.         -F, --file       Treat target as an input file for command, change multiple settings

  39.     -p, --proto      Port protocol (tcp or udp) or internet protocol version of node (ipv4 or ipv6)

  40.     -M, --mask       Netmask

  41.         -e, --equal      Substitue source path for dest path when labeling

  42.     -P, --prefix     Prefix for home directory labeling

  43.     -L, --level      Default SELinux Level (MLS/MCS Systems only)

  44.     -R, --roles      SELinux Roles (ex: "sysadm_r staff_r")

  45.     -s, --seuser     SELinux User Name

  46.     -t, --type       SELinux Type for the object

  47.     -r, --range      MLS/MCS Security Range (MLS/MCS Systems only)

  48.         --enable         Enable a module

  49.         --disable        Disable a module
at

No comments:

Post a Comment