[CentOS 8] 초기 세팅 | 방화벽과 SELinux 설정

CentOS를 이용한 서비스 구축을 위한 서버 초기 세팅으로 OS 기본 방화벽과 SELinux 서비스를 비활성화한다.

 

대부분의 네트워크 환경에서는 전용 네트워크 방화벽에 있기 때문에 서버에서 제공하는 OS 기본 방화벽은 서버 부하 감소 목적으로 사용하지 않는 것을 추천한다. 

 

1. 초기 세팅 | 방화벽

# 방화벽 서비스 상태 확인 (초기 상태는 방화벽 서비스 동작 중)
[root@localhost ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2020-07-01 08:54:39 KST; 2min 15s ago
     Docs: man:firewalld(1)
 Main PID: 867 (firewalld)
    Tasks: 2 (limit: 5030)
   Memory: 1.3M
   CGroup: /system.slice/firewalld.service
           └─867 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork --nopid

Jul 01 08:54:36 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
Jul 01 08:54:39 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.

# 방화벽 서비스 중지
[root@localhost ~]# systemctl stop firewalld

# 방화벽 서비스 비활성화 (서버 재시작해도 서비스가 자동 실행되지 않는다)
[root@localhost ~]# systemctl disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

 

2. 초기 세팅 | SELinux

# SELinux 동작 상태 확인
[root@localhost ~]# getenforce
Enforcing

# SELinux 비활성화 설정
[root@localhost ~]# vi /etc/selinux/config

# 설정 변경 전 Config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

# 설정 변경 후 Config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

# SELinux 적용 (서버 재부팅은 필수)
[root@localhost ~]# reboot