on 6/28/2007 3:13 PM, Karl Larsen wrote: > Matthew J. Roth wrote: >> Karl Larsen wrote: >>> This tells me that init is running a selinux demon and I know how to >>> stop that I think. I looked at /etc/rc.d/init.d/ but no selinux >>> switch. So I ask where in hell is it? >>> >>> [root@k5d init.d]# whereis selinux >>> selinux: /etc/selinux /usr/include/selinux /usr/share/selinux >>> /usr/share/man/man8/selinux.8.gz >>> [root@k5d init.d]# >>> >>> So there is some reading that needs doing. >> Karl, >> >> The SELinux settings are contained in "/etc/sysconfig/selinux". I >> have SELinux disabled, and the file looks like this: >> >> [root@server ~]# cat /etc/sysconfig/selinux >> # This file controls the state of SELinux on the system. >> # SELINUX= can take one of these three values: >> # enforcing - SELinux security policy is enforced. >> # permissive - SELinux prints warnings instead of enforcing. >> # disabled - SELinux is fully disabled. >> SELINUX=disabled >> # SELINUXTYPE= type of policy in use. Possible values are: >> # targeted - Only targeted network daemons are protected. >> # strict - Full SELinux protection. >> SELINUXTYPE=targeted >> >> Note that any changes to this file require a reboot to take affect. >> "sestatus" can then be used to verify the change: >> >> [root@server ~]# sestatus >> SELinux status: disabled >> >> Matthew Roth >> InterMedia Marketing Solutions >> Software Engineer and Systems Developer >> > Boy! What a gold mine of information! No reason for anyone to complain > about selinux any more. I did what is above and it was easy with the joe > editor. But I need to set it to put the original in /tmp/ :-) I'm > tired of rm *~ which works but geeze. > > Then a reboot and a test: > > [root@k5d ~]# sestatus > SELinux status: disabled > [root@k5d ~]# > > So I can't complain about it again. It sure was a lot less obvious in FC4. > > Karl > Good for you!!!! What you just did was something like: Build a house. Put everything valuable that you own into it. Disable all of the locks. Open all of the windows and doors. And then walk away. Makes it really easy for the 'bad guys' to steal, or break, your stuff. Like that guy at the University that you mentioned earlier. -- David
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list