Skip to main content

SElinux is your Friend?

SElinux is much more involved than I originally had assumed. However, it should not be feared.
# sealert -a /var/log/audit/audit.log

[root@desktop9 audit]# ls -lZd /var/www/html/
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /var/www/html/

user : role : type : sens : cat

# audit2allow
Command to convert audit log to policy updates to allow the tasks that were previously denied.

append { selinux | enforcing } = 0 on the kernel line in grub

IF... you happen to disable and re-enable SElinux, it will require a "relabel -RF" of the entire filesystem.

I'm actually becoming enamored with SElinux... seriously cool stuff.

To update your context, you should use
# semanage fcontext -a
and not just chcon. If you happen to do a restorecon using chcon, it will revert the content back to it's original intended context.

# man -k selinux
# man -k _selinux
-- Check out this location
# /etc/selinux/targeted/contexts/files

# gesebool -a
# semanage boolean -l

-- Prep work - copy a directory to /var/www/html and attempt to access it.
# tail /var/log/messages (look for the UUID to review)
# sealert -l a19fa6d0-90d6-4c8c-8d2f-d964d77a5965
# /sbin/restorecon '/var/www/html/web_content/index.html' (fixes the one file)
# semanage fcontext -a -f "" -t httpd_sys_content_t '/var/www/html/web_content/*' (adds context)
# restorecon -RFvv /var/www/html/web_content/ (fixes the entire directory)


< THIS PAGE NEEDS UPDATES >

Comments

Post a Comment

Popular posts from this blog

RHN Satellite Server (spacewalk) repomd.xml not found

"repomd.xml not found" If you add a channel, or if your RHN cache gets corrupted, and one of your guests complains that it cannot find repomd.xml for jb-ews-2-x86_64-server-5-rpm (for example) - you need to rebuild your repodata cache. Normally this is an automated job - which is exemplified by the fact that you have obviously built out your entire Satellite environment and never had to do any of the steps you are about to do. So - some prep work: Open 3 terminals to your Satellite Server and run: # Term 1 cd /var/cache/rhn watch "ls -l | wc -l" # Term 2 pwd cd /var/log/rhn tail -f rhn_taskomatic_daemon.log # Term 3 satellite-sync --channel=jb-ews-2-x86_64-server-5-rpm Once the satellite-sync has completed, you >should< see the count increment by one.  If you are unlucky (like me) you will not. You then need to login to the Satellite WebUI as the satellite admin user. Click on the Admin tab (at the top) Task Schedules (on the left) fin
Post a Comment
Read more

Install RHEL 7 on old HP DL380 g5

Someone at work had been running RHEL on an HP DL380 G5 and blew it up.  After several attempts at doing an installation that made me conclude the hardware was actually bad... I kept digging for the answer. Attempt install and Anaconda could not find any disks - try a Drivers Disk (dd.img) both cciss and hpsa.   -- once we did that, when the system would reboot it would say it could not find a disk. hmmm. Boot from your installation media and interrupt the startup at grub. Add hpsa.hpsa_allow_any=1 hpsa.hpsa_simple_mode=1 to the line starting with linuxefi press CTRL-X to boot. Once the system restarts after the install, you need to once again interrupt the startup and add the line from above. After the system starts, edit /etc/default/grub and add those 2 parameters to the end of the line starting with GRUB_CMDLINE_LINUX (which likely has quiet at the end of the line currently). then run # cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg.orig # grub2-mkconfig -o /boot/grub2
Post a Comment
Read more

MOTD with colors! (also applies to shell profiles)

I'm not sure why I had never looked into this before, but this evening I became obsessed with discovering how to present different colored text in the /etc/motd. A person had suggested creating a shell script (rather than using special editing modes in vi, or something) and I agree that is the simplest way of getting this accomplished quickly. This most noteworthy portion of this script is the following: RESET="\033[0m" that puts the users shell back to the original color. I typically like a green text on black background. Also - a great reference for the different colors and font-type (underscore, etc...) https://wiki.archlinux.org/index.php/Color_Bash_Prompt I found this example on the web and I wish I could recall where so that I could provide credit to that person. #!/bin/bash #define the filename to use as output motd="/etc/motd" # Collect useful information about your system # $USER is automatically defined HOSTNAME=`uname -n` KERNEL=`un
1 comment
Read more