On Tue, November 21, 2017 12:02 pm, Gordon Messmer wrote:
> On 11/21/2017 08:42 AM, david wrote:
>> SELINUX is disabled.
> ...
>> Any suggestions?
>
> Yeah, https://stopdisablingselinux.com/
Ha-ha! I like it!
Does anybody remember LIDS:
https://en.wikipedia.org/wiki/Linux_Intrusion_Detection_System
The name is a bit deceptive. In short, LIDS is Linux kernel patch that
(roughly speaking) does the following: after boot process finishes, and
all services have been started root user is demoted to user nobody ;-) You
can only do administration on cold powered off system - i.e. off line.
Alas, LIDS didn't make into main stream kernel. Its competitor (?) SElinux
made it instead, and SElinux is child's play compared to LIDS IMHO...
Every time SElinux is mentioned in one respect or another it makes my day,
as I remember LIDS ;-)
I hope, someone has few loughs with me here.
Valeri
>
> Also, you *could* run "systemctl edit httpd.service" and enter two lines:
>
> [Service]
> PrivateTmp=false
>
> ... if you specifically need to share /tmp. The alternative is probably
> to mount a new tmpfs to a new directory somewhere under /var/lib for
> globally shared ephemeral files.
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos
>
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
