uncleflo
Registered since September 28th, 2017
Has a total of 4246 bookmarks.
Showing top Tags within 30 bookmarks
howto information development guide reference administration design website software solution service product online business uk tool company linux code server system application web list video marine create data experience description tutorial explanation technology build blog article learn world project boat download windows security lookup free performance javascript technical network control beautiful support london tools course file research purchase library programming image youtube example php construction html opensource quality install community computer profile feature power browser music platform mobile work user process database share manage hardware professional buy industry internet dance advice installation developer 3d search material camera access customer travel test standard review documentation css money engineering webdesign engine develop device photography digital api speed source program management phone discussion question event client story simple water marketing app content yacht setup package fast idea interface account communication cheap compare script study market easy live google resource operation startup monitor training
Tag selected: selinux.
Looking up selinux tag. Showing 30 results. Clear
How do I allow MySQL connections through SELinux? - Server Fault
Saved by uncleflo on July 11th, 2019.
I'd like to for once leave SELinux running on a server for the alleged increased security. I usually disable SELinux to get anything to work. How do I tell SELinux to allow MySQL connections? The most I've found in the documentation is this line from mysql.com: If you are running under Linux and Security-Enhanced Linux (SELinux) is enabled, make sure you have disabled SELinux protection for the mysqld process.
fedora permission firewall subscribe overflow answer solution question connection database access administration documentation apache server selinux linux howto infrastructure mysql mariadb
14.4. Introduction to SELinux
Saved by uncleflo on March 26th, 2015.
SELinux (Security Enhanced Linux) is a Mandatory Access Control system built on Linux's LSM (Linux Security Modules) interface. In practice, the kernel queries SELinux before each system call to know whether the process is authorized to do the given operation. SELinux uses a set of rules — collectively known as a policy — to authorize or forbid operations. Those rules are difficult to create. Fortunately, two standard policies (targeted and strict) are provided to avoid the bulk of the configuration work. With SELinux, the management of rights is completely different from traditional Unix systems. The rights of a process depend on its security context. The context is defined by the identity of the user who started the process, the role and the domain that the user carried at that time. The rights really depend on the domain, but the transitions between domains are controlled by the roles. Finally, the possible transitions between roles depend on the identity.
debian selinux introduction administrator handbook documentation howto role user type identity unix linux security system module interface access policy
44.2. Administrator Control of SELinux
Saved by uncleflo on March 26th, 2015.
In addition to the tasks often performed by users in Section 44.1, “End User Control of SELinux”, SELinux administrators could be expected to perform a number of additional tasks. These tasks typically require root access to the system. Such tasks are significantly easier under the targeted policy. For example, there is no need to consider adding, editing, or deleting Linux users from the SELinux users, nor do you need to consider roles. This section covers the types of tasks required of an administrator who maintains Red Hat Enterprise Linux running SELinux.
centos selinux linux security firewall server redhat administrator system control task root access documentation operating context
Linux Tech Talks: Overview of the LSM and SELinux internal structure and workings
Saved by uncleflo on March 26th, 2015.
Kernel services for which LSM has inserted hooks and structures to allow access control managed by 3rd party module. SELinux plays an important role during the early stages of system start-up. Because all processes must be labeled with their correct domain, init performs some essential operations early in the boot process to maintain synchronization between labeling and policy enforcement.
linux structure working module selinux howto guide operation domain management system log namespace sequence administration explanation internal kernel security
Administrator Control of SELinux
Saved by uncleflo on March 26th, 2015.
Administrators can expect to do most of the same things that users do in Section 5.1 End User Control of SELinux, plus a number of additional tasks that are usually done only at the root level. Using the targeted policy makes tasks measurably easier for the administrator. For example, there is no need to consider adding, editing, or deleting Linux users from the SELinux users, nor do you need to consider roles.
selinux redhat control administration user task linux role measure configure view file system status enterprise guide howto documentation
Chapter 3. SELinux Contexts
Saved by uncleflo on November 14th, 2014.
Processes and files are labeled with an SELinux context that contains additional information, such as an SELinux user, role, type, and, optionally, a level. When running SELinux, all of this information is used to make access control decisions. In Red Hat Enterprise Linux, SELinux provides a combination of Role-Based Access Control (RBAC), Type Enforcement (TE), and, optionally, Multi-Level Security (MLS). The following is an example showing SELinux context. SELinux contexts are used on processes, Linux users, and files, on Linux operating systems that run SELinux. Use the ls -Z command to view the SELinux context of files and directories.
selinux context label contain information user role type optional security enterprise linux enforce access control decision identity policy authorize process session manage package install guide
Managing Confined Services
Saved by uncleflo on September 12th, 2013.
This book provides assistance to advanced users and administrators when using and configuring Security-Enhanced Linux (SELinux). It focuses on Red Hat Enterprise Linux and describes the components of SELinux as they pertain to services an advanced user or administrator might need to configure. Also included are real-world examples of configuring those services and demonstrations of how SELinux complements their operation.
selinux cern guide howto confined service administrator configuration linux component advanced redhat book lookup
iptables Tips and Tricks: CSF Configuration – SoftLayer Blog
Saved by uncleflo on September 12th, 2013.
In our last “iptables Tips and Tricks” installment, we talked about Advanced Policy Firewall (APF) configuration, so it should come as no surprise that in this installment, we’re turning our attention to ConfigServer Security & Firewall (CSF). Before we get started, you should probably run through the list of warnings I include at the top of the APF blog post and make sure you have your Band-Aid ready in case you need it.
iptables csf lfd configuration advanced detail guide administration blog development centos selinux firewall security configserver policy tip trick howto
libsemanage.semanage_exec_prog: Child process /sbin/setfiles did not exit cleanly. | Indefinite Retention
Saved by uncleflo on September 6th, 2013.
Today I ran yum on a new virtual machine and noticed this error in the output. A quick look at /proc/swaps shows that this machine does not have any swap space configured. I’m running RHEL 6.3 from the default image in a micro instance on AWS. So Let’s set up a 1GB swap file and turn it on.
technology centos redhat swap memory selinux files execute program machine virtual output configure yum install failure child process
Gentoo Linux Documentation -- Modifying the Gentoo Hardened SELinux Policy
Saved by uncleflo on August 30th, 2013.
By default, Gentoo provides a generic, yet tightly controlled policy which is deemed a good start policy for the majority of users. However, the purpose behind a Mandatory Access Control system is to put the security administrator in control. As such, a handbook on SELinux without information on how to write policies wouldn't be complete. In this chapter, we'll talk a bit about the language behind SELinux policies and give some pointers on how to create your own policies, roles, etc.
gentoo linux selinux guide information howto system modify change policy book language interpretation module role user allow
None
Saved by uncleflo on August 27th, 2013.
Who’s afraid of SELinux? Well, if you are, you shouldn’t be! Thanks to the introduction of new GUI tools, customizing your system’s protection by creating new policy modules is easier than ever. In this article, Dan Walsh gently walks you through the policy module creation process. A lot of people think that building a new SELinux policy is magic, but magic tricks never seem quite as difficult once you know how they’re done. This article explains how I build a policy module and gives you the step-by-step process for using the tools to build your own.
guide selinux system module redhat policy security linux howto administration
None
Saved by uncleflo on August 27th, 2013.
What SELinux is: In a nutshell: A machine that tells you permission is denied, Implementation: A kernel module + (a lot of) supporting utilities + (a lot of) configuration files, The kernel module is asked for permissions before certain operations are about to happen (``hooks''), Fine-grained, SELinux doesn't care about classic user names and groups. The goals of this lecture: Make the existing docs understandable. Explain the basics of writing rules. Show how to play around with SELinux without compromising the system's security. Demonstrate a quick method for limiting an application's permissions to minimum, by making an SELinux module. This page is the HTML version of a lecture I gave in Haifux on December 8th, 2008. Alternatively, you can download the slides as pdf.
guide selinux presentation tutorial documentation policy security linux howto administration reference introduction
None
Saved by uncleflo on August 27th, 2013.
The following section uses an actual example to demonstrate building a local policy module to address an issue with the current policy. This issue involves the ypbind init script, which executes the setsebool command, which in turn tries to use the terminal. This is generating the following denial:
guide information explanation tutorial security linux beginner selinux noob redhat terminal basic centos policy
None
Saved by uncleflo on August 24th, 2013.
When we first designed targeted policy, we defined a domain that allowed users and administrators to login and have the same access privileges they would have had if SELinux was disabled. Similarly, we wanted to allow third party applications to be installed and run without requiring the administrator/user to write special policy rules for these applications. They would just work.
idea application crack security type blog hacker kernel linux selinux break hack rule administrator context fedora
RHEL / CentOS Linux: Mount and Access NTFS Partition
Saved by uncleflo on August 23rd, 2013.
How to enable NTFS support on CentOS Linux version 5 or 6? How do I mount ntfs partition under RHEL 5 or 6?
centos question answer solution partition mount access monitor install ntfs disk format user redhat selinux file system support enable administration server hardware
Stop Disabling SELinux
Saved by uncleflo on August 6th, 2013.
Seriously, stop disabling SELinux. Learn how to use it before you blindly shut it off. Every time you run setenforce 0, you make Dan Walsh weep. Dan is a nice guy and he certainly doesn't deserve that.
2012 Red Hat Summit: SELinux For Mere Mortals
Saved by uncleflo on August 6th, 2013.
While Security-Enhanced Linux (SELinux) is an incredibly powerful tool for securing Linux servers, it has a reputation for being difficult to configure. As a result, many system administrators would simply turn it off. Fortunately, the incredible amount of work completed by the SELinux community in recent years has made SELinux much more system administrator-friendly. In this session, Thomas Cameron explains the basics of SELinux, which include configuring, analyzing, and correcting SELinux errors, as well as writing basic policies to enable non-SELinux-aware applications to work on SELinux-protected systems. Real-world examples will be used to better demonstrate how to use SELinux.
protection lecture simple tool class explained linux howto powerful beginner selinux redhat basic youtube command server configure video administration
CentOS 6.4 Samba Server - Fedora 18 Samba Client Simple Example
Saved by uncleflo on July 24th, 2013.
CentOS 6.4 Samba Server - Fedora 18 Samba Client Simple Example From CentOS 6.4 Server
centos server samba howto selinux firewall configuration samba4 permission description guide enterprise fedora client host
None
Saved by uncleflo on July 23rd, 2013.
Every process has a label every object on the system has a label. Files, Directories, network ports. The SELinux policy controls how process labels interact with other labels on the system. The kernel enforces the policy rules.
selinux control allow file description paper policy permission linux management network administration
None
Saved by uncleflo on July 23rd, 2013.
Security-Enhanced Linux (SELinux) is a mandatory access control (MAC) security mechanism implemented in the kernel. SELinux was first introduced in CentOS 4 and significantly enhanced in CentOS 5 and 6. These enhancements mean that content varies as to how to approach SELinux over time to solve problems.
guide selinux allow description centos label security linux solution howto administration
None
Saved by uncleflo on July 23rd, 2013.
"The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards". In Fedora, the httpd package provides the Apache HTTP Server. Run rpm -q httpd to see if the httpd package is installed. If it is not installed and you want to use the Apache HTTP Server, run the following command as the root user to install it.
install port guide allow development secure apache permission web linux howto selinux open httpd source http description server management
None
Saved by uncleflo on July 22nd, 2013.
Does anyone know which sebool it is to allow httpd write access to /home/user/html? When I disable selinux echo 0 > /selinux/enforce I can write, so definitely selinux. Just don't know which one is the right one without opening a big hole and Google isn't being much help.
information allow root secure apache permission manage linux enhanced access solution selinux folder httpd file bool public
None
Saved by uncleflo on July 14th, 2013.
I'm trying to use semanage command to configure certain elements of SELinux policy without requiring modification to or recompilation from policy sources under RHEL 6 server. But, I'm not able to find out this command and/or package name. How do I install semanage command under RedHat Enterprise Linux?
install application executable package discover yum provider manage security script linux online selinux software redhat file centos rpm server fedora
Chapter 5. Working with SELinux - Red Hat Customer Portal
Saved by uncleflo on January 5th, 2013.
The following sections give a brief overview of the main SELinux packages in Red Hat Enterprise Linux; installing and updating packages; which log files are used; the main SELinux configuration file; enabling and disabling SELinux; SELinux modes; configuring Booleans; temporarily and persistently changing file and directory labels; overriding file system labels with the mount command; mounting NFS file systems; and how to preserve SELinux contexts when copying and archiving files and directories.
reference selinux information guide section redhat enterprise linux install package file system fs knowledge doc howto
