I am new to selinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Greetings,

I’ve been tasked to setup selinux on a web hosting server where users will have accounts, able to ftp, able to shell, and able to store their web content.

This server will have some of its services running unconventionally. This is how I am approaching selinux and please comment if something concerns you on my way of configuring selinux.

 

I am the developer of this server but I’m also doing system administration duties. All my code works as expected when the server is in permissive mode; however, I do see the failed AVC denials in audit.log.

 

Here are my steps:

 

1.       Run all my tests on the code I have written, which will write to the audit.log.

2.       Do a audit2why –a, to see the errors and the recommended solution.

3.       Run all the setsebool commands that was recommended.

4.       Then I’ll grep the “Missing type enforcement (TE) allow rule” AVC errors and pipe them to a file.

5.       I’ll create a module from the file and then ‘ semodule –i’  the module.

 

Any comments will be greatly appreciated.

 

Rod Simioni

Software Development Engineer II

Verio, Inc.


This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio Inc. makes no warranty that this email is error or virus free. Thank you.

[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux