Monthly Archives: December 2016

Ports and SELINUX example. We want our webserver to listen to a non default port. 1. Configure httpd to listen to a non default port – say 8999. After a default install of httpd port 80 is the port that … Continue reading →

cat stopaudit grep $1 /var/log/audit/audit.log | audit2allow -M $1 sed -i -e s/allow/dontaudit/ ${1}.te checkmodule -M -m -o $1.mod $1.te semodule_package -o $1.pp -m $1.mod semodule -i $1.pp ./stopaudit httpd

cat allow.sh grep $1 /var/log/audit/audit.log | audit2allow -M $1 checkmodule -M -m -o $1.mod $1.te semodule_package -o $1.pp -m $1.mod semodule -i $1.pp ./allow.sh httpd

systemctl # systemctl Start/stop or enable/disable services Activates a service immediately: # systemctl start foo.service Deactivates a service immediately: # systemctl stop foo.service Restarts a service: # systemctl restart foo.service Shows status of a service including whether it is running … Continue reading →

Subject (processes) and Objects (files) have a security context. (Process contexts are called domains, file contexts are called labels) Context type Apache uses a DocumentRoot that has “httpd_sys_content_t” as type. ls -Zd /var/www/html drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /var/www/html Apache’s httpd … Continue reading →