skip to main | skip to sidebar

Linux Tutorial for Beginners

Pages

  • Home
 
  • RSS
  • Twitter
Tuesday, March 6, 2012

Apache and SELinux File Labels

Posted by Raju Gupta at 2:39 AM – 15 comments
 

Take a look at the SELinux settings associated with Apache. To review, SELinux settings, as they relate to a service, mostly fall into two categories: boolean settings and file labels. Start with the file labels.

Apache and SELinux File Labels

The default file labels for Apache configuration files are consistent, as shown in the output to the ls -Z /etc/httpd and ls -Z /var/www commands. Individual files use the same contexts as their directory. For web sites where scripts read and or append data to web forms, you’d consider the last two contexts, which support read/write (rw) and read/append (ra) access.

Create a Special Web Directory
In many cases, you’ll create dedicated directories for each virtual web site. It’s better to segregate the files for each web site in its own directory tree. But with SELinux, you can’t just create a special web directory. You’ll want to make sure that new directory at least matches the SELinux contexts of the default /var/www directory. Run the ls -Z /var/www command. Note the SELinux contexts. For most directories, the user context is system_u and the type is http_sys_content_t. For a newly created /www directory, you could just change the SELinux contexts with the following commands. The -R applies the changes recursively, so the new contexts are applied to files and subdirectories.

# chcon -R -u system_u /www/
# chcon -R -t httpd_sys_content_t /www/

Of course, if scripts are required for the associated web site, you’ll want to run the following command to make sure the SELinux changes survive a relabel:

# semanage fcontext -a -s system_u -t httpd_sys_content_t /www/

This command creates a file_contexts.local file in the /etc/selinux/targeted/ contexts/files directory. If there’s also a cgi-bin/ subdirectory, you’ll want to set up appropriate contexts for that subdirectory as well with the following command:

# semanage fcontext -a -s system_u -t httpd_sys_script_exec_t  /www/cgi-bin/

The differences in the file contexts are shown in Table

Directory
SELinux Context Type
/etc/httpd, /etc/httpd/conf, /etc/httpd/conf.d, /var/run/httpd
httpd_config_t
/usr/lib64/httpd/modules
httpd_modules_t
/var/log/httpd
httpd_log_t
/var/www, /var/www/error, /var/www/html, /var/www/icons,
/var/www/manual, /var/www/usage
httpd_sys_content_t
/var/www/cgi-bin
httpd_sys_script_exec_t
n/a
httpd_sys_content_rw_t
n/a
httpd_sys_content_ra_t


Labels: Apache, SELinux Email This BlogThis! Share to Twitter Share to Facebook

15 Responses so far.

  1. Deepika says:
    March 18, 2018 at 10:16 PM

    Very good informative article. Thanks for sharing such nice article, keep on up dating such good articles.
    NO.1 API DEVELOPMENT SERVICES | MASSIL TECHNOLOGIES

  2. JohnHarris says:
    June 24, 2018 at 11:39 PM

    Last time, I introduced you to SELinux: what it is, what it can do, and really why you need it (or a system like it). It is especially important with reported (and fixed) security vulnerabilities on the rise, and each year brings more reports, and more updates for end-users to install. This data tells us that we are in greater need of proactive security measures now than we ever were before. And this is where software like SELinux fits in.
    3V0-624 exam dumps for free

  3. Deepika says:
    October 10, 2018 at 11:09 PM

    Excellent informative blog, keep for sharing.

    Best System Integration services | Massil Technologies

  4. for ict 99 says:
    October 10, 2019 at 7:30 PM

    Great Article
    Cyber Security Projects for CSE Students


    JavaScript Training in Chennai



    Project Centers in Chennai




    JavaScript Training in Chennai

  5. DOĞAN CAN says:
    June 23, 2021 at 8:20 PM

    instagram takipçi satın al - instagram takipçi satın al - tiktok takipçi satın al - instagram takipçi satın al - instagram beğeni satın al - instagram takipçi satın al - instagram takipçi satın al - instagram takipçi satın al - instagram takipçi satın al - binance güvenilir mi - binance güvenilir mi - binance güvenilir mi - binance güvenilir mi - instagram beğeni satın al - instagram beğeni satın al - polen filtresi - google haritalara yer ekleme - btcturk güvenilir mi - binance hesap açma - kuşadası kiralık villa - tiktok izlenme satın al - instagram takipçi satın al - sms onay - paribu sahibi - binance sahibi - btcturk sahibi - paribu ne zaman kuruldu - binance ne zaman kuruldu - btcturk ne zaman kuruldu - youtube izlenme satın al - torrent oyun - google haritalara yer ekleme - altyapısız internet - bedava internet - no deposit bonus forex - erkek spor ayakkabı - webturkey.net - minecraft premium hesap - karfiltre.com - tiktok jeton hilesi - tiktok beğeni satın al - microsoft word indir - misli indir

  6. Unknown says:
    July 26, 2021 at 6:01 AM

    instagram takipçi satın al
    instagram takipçi satın al
    takipçi satın al
    instagram takipçi satın al
    takipçi satın al
    aşk kitapları
    tiktok takipçi satın al
    instagram beğeni satın al
    youtube abone satın al
    twitter takipçi satın al
    tiktok beğeni satın al
    tiktok izlenme satın al
    twitter takipçi satın al
    tiktok takipçi satın al
    youtube abone satın al
    tiktok beğeni satın al
    instagram beğeni satın al
    trend topic satın al
    trend topic satın al
    youtube abone satın al
    beğeni satın al
    tiktok izlenme satın al
    sms onay
    youtube izlenme satın al
    tiktok beğeni satın al
    sms onay
    sms onay
    perde modelleri
    instagram takipçi satın al
    takipçi satın al
    tiktok jeton hilesi
    pubg uc satın al
    sultanbet
    marsbahis
    betboo
    betboo
    betboo

  7. Unknown says:
    July 27, 2021 at 6:21 PM

    instagram takipçi satın al
    ucuz takipçi
    takipçi satın al
    https://takipcikenti.com
    https://ucsatinal.org
    instagram takipçi satın al
    https://perdemodelleri.org
    https://yazanadam.com
    instagram takipçi satın al
    balon perdeler
    petek üstü perde
    mutfak tül modelleri
    kısa perde modelleri
    fon perde modelleri
    tül perde modelleri
    https://atakanmedya.com
    https://fatihmedya.com
    https://smmpaketleri.com
    https://takipcialdim.com
    https://yazanadam.com
    yasaklı sitelere giriş
    aşk kitapları
    yabancı şarkılar
    sigorta sorgula
    https://cozumlec.com
    word indir ücretsiz
    tiktok jeton hilesi
    rastgele görüntülü sohbet
    erkek spor ayakkabı
    fitness moves
    gym workouts
    https://marsbahiscasino.org
    http://4mcafee.com
    http://paydayloansonlineare.com

  8. aditya says:
    August 16, 2021 at 11:16 PM

    I read that Post and got it fine and informative.

    techwithgeeks
    talesbuzz
    whizzherald
    alternativestips
    romsmania
    shindigweb
    DNS Server Not Responding

  9. Unknown says:
    August 18, 2021 at 3:41 PM

    marsbahis
    betboo
    sultanbet
    marsbahis
    betboo
    sultanbet

  10. Admin says:
    October 12, 2021 at 3:10 AM

    dent hangi borsada
    sc coin hangi borsada
    btt coin hangi borsada
    hnt coin hangi borsada
    elf coin hangi borsada
    psg coin hangi borsada
    mdt coin hangi borsada
    dot coin hangi borsada
    mit coin hangi borsada

  11. Unknown says:
    February 7, 2022 at 3:16 AM

    tiktok jeton hilesi
    tiktok jeton hilesi
    referans kimliği nedir
    gate güvenilir mi
    tiktok jeton hilesi
    paribu
    btcturk
    bitcoin nasıl alınır
    yurtdışı kargo

  12. Unknown says:
    April 6, 2022 at 11:59 AM

    seo fiyatları
    saç ekimi
    dedektör
    instagram takipçi satın al
    ankara evden eve nakliyat
    fantezi iç giyim
    sosyal medya yönetimi
    mobil ödeme bozdurma
    kripto para nasıl alınır

  13. Unknown says:
    April 29, 2022 at 7:24 PM

    mmorpg oyunları
    instagram takipçi satın al
    tiktok jeton hilesi
    TİKTOK JETON HİLESİ
    antalya saç ekimi
    referans kimliği nedir
    instagram takipçi satın al
    İnstagram takipci satın al
    Metin2 Pvp Serverler

  14. Unknown says:
    May 17, 2022 at 6:44 PM

    yeni perde modelleri
    sms onay
    VODAFONE MOBİL ÖDEME BOZDURMA
    nft nasıl alınır
    ANKARA EVDEN EVE NAKLİYAT
    trafik sigortası
    dedektor
    Kurma websitesi
    Aşk Kitapları

  15. Unknown says:
    July 2, 2022 at 10:41 AM

    bostansepeti.com
    site kurma
    ürünler
    vezirsosyalmedya.com
    postegro
    sosyal medya yönetimi
    surucukursuburada.com

Leave a Reply

Newer Post Older Post
Subscribe to: Post Comments (Atom)

Our Blogs

  • Java Programs with Output
  • C Programming Tutorial
  • Language Tutorial
  • Android Development Tutorial
  • Web Development Tutorial
  • Popular
  • Recent
  • Archives

Popular Posts

  • How to create limited shell
    We want to limit the activities or command to run for specific user then, how to limit a shell? here are the steps to create limited shel...
  • Apache and SELinux File Labels
    Take a look at the SELinux settings associated with Apache. To review, SELinux settings, as they relate to a service, mostly fall into tw...
  • Advantages & Disadvantages of Kerberos
    Advantages of Kerberos Most conventional network services use password-based authentication schemes. Such schemes require a user to au...
  • Apache Configuration File Security Option
    you’ll examine the security options available in the main Apache configuration file, httpd.conf. That file can be modified to secure the e...
  • AWS VPC Overview
    What is VPC ? A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. It is logically isolated from other vir...
  • SSH login without password
    The following steps can be used to ssh from one system to another without specifying a password: 1. On the client run the following com...
  • How to automatically chroot jail selected ssh user logins
    1. Creating basic chroot environment First we need to create a simple chroot environment. Our chroot environment will consist of a bash she...
  • Apache Installation and Configuration through source code
    In this example we extract the source code to a directory under /usr/local/src/ cp httpd-2.0.46.tar.gz /usr/local/src cd /usr/local/src...
  • Tcpdump command with some examples
    To print all packets arriving at or departing from sundown: tcpdump host sundown To print traffic between helios and either hot or ace: ...
  • How to Create the Kerberos database
    Create the database with the following command.  [root@coma ~] kdb5_util create -s This will prompt you for a password. You will ...
Powered by Blogger.

Archives

  • ►  2014 (1)
    • ►  May (1)
  • ►  2013 (4)
    • ►  February (4)
  • ▼  2012 (89)
    • ►  November (1)
    • ▼  March (4)
      • Apache Configuration File Security Option
      • Apache and SELinux File Labels
      • Apache Port and Firewalls
      • Apache Log Files Details
    • ►  February (36)
    • ►  January (48)
 

Followers

Labels

  • Apache (8)
  • aws (1)
  • Bridge (1)
  • cloud computing (1)
  • Configuration (1)
  • dhcp server (7)
  • DNS (8)
  • File system (11)
  • Fping (1)
  • Iptable basic (3)
  • KDC slave server (1)
  • Kerberos (14)
  • kerberos configuration (5)
  • kerberos database (1)
  • LaTeX (1)
  • Ldap basic (2)
  • Linux aliases (1)
  • Linux Commands (4)
  • Linux History (2)
  • Linux Installation (3)
  • Linux kernel (3)
  • Linux shell (2)
  • Linux software (2)
  • Lvm (1)
  • Mail Server (3)
  • Network Script (1)
  • PHP (1)
  • Raid (6)
  • SELinux (1)
  • Sendmail (3)
  • ssh (2)
  • Tcpdump example (1)
  • Virtualization (5)
  • Webmin (1)
  • Yum (2)
 
 
© 2011 Linux Tutorial for Beginners | Designs by Web2feel & Fab Themes

Bloggerized by DheTemplate.com - Main Blogger