Take a look at the
SELinux settings associated with Apache. To review, SELinux settings, as they
relate to a service, mostly fall into two categories: boolean settings and file
labels. Start with the file labels.
Apache and SELinux
File Labels
The default file
labels for Apache configuration files are consistent, as shown in the output to the ls -Z /etc/httpd and ls -Z /var/www commands. Individual
files use the
same
contexts as their directory. For web sites where scripts read and or append data to web
forms, you’d consider the last two contexts, which support read/write (rw)
and read/append (ra) access.
Create a Special Web Directory
In many cases, you’ll create
dedicated directories for each virtual web site. It’s better to
segregate the files for each web site in its own directory tree. But with
SELinux, you can’t just create a special web
directory. You’ll want to make sure that new directory
at least matches the SELinux contexts of the default /var/www directory. Run
the ls -Z /var/www command. Note
the SELinux contexts. For most directories,
the user context is system_u and the type is http_sys_content_t. For a newly
created /www directory, you could just change the SELinux contexts with the following
commands. The -R applies the
changes recursively, so the new contexts are
applied to files and subdirectories.
# chcon -R -u system_u /www/
# chcon -R -t httpd_sys_content_t /www/
Of course, if scripts are required for the associated web
site, you’ll want to run the following command to make sure the SELinux changes
survive a relabel:
# semanage fcontext -a -s system_u -t
httpd_sys_content_t /www/
This command creates a
file_contexts.local file in the /etc/selinux/targeted/ contexts/files directory.
If there’s also a cgi-bin/ subdirectory, you’ll want to set up appropriate contexts
for that subdirectory as well with the following command:
# semanage fcontext -a -s system_u -t
httpd_sys_script_exec_t /www/cgi-bin/
The differences in the file contexts
are shown in
Table
|
Directory
|
SELinux Context
Type
|
|
/etc/httpd,
/etc/httpd/conf, /etc/httpd/conf.d, /var/run/httpd
|
httpd_config_t
|
|
/usr/lib64/httpd/modules
|
httpd_modules_t
|
|
/var/log/httpd
|
httpd_log_t
|
|
/var/www,
/var/www/error, /var/www/html, /var/www/icons,
/var/www/manual,
/var/www/usage
|
httpd_sys_content_t
|
|
/var/www/cgi-bin
|
httpd_sys_script_exec_t
|
|
n/a
|
httpd_sys_content_rw_t
|
|
n/a
|
httpd_sys_content_ra_t
|
Very good informative article. Thanks for sharing such nice article, keep on up dating such good articles.
NO.1 API DEVELOPMENT SERVICES | MASSIL TECHNOLOGIES
Last time, I introduced you to SELinux: what it is, what it can do, and really why you need it (or a system like it). It is especially important with reported (and fixed) security vulnerabilities on the rise, and each year brings more reports, and more updates for end-users to install. This data tells us that we are in greater need of proactive security measures now than we ever were before. And this is where software like SELinux fits in.
3V0-624 exam dumps for free
Excellent informative blog, keep for sharing.
Best System Integration services | Massil Technologies
Great Article
Cyber Security Projects for CSE Students
JavaScript Training in Chennai
Project Centers in Chennai
JavaScript Training in Chennai
great content! smartparaphrasingtool.com I found your blog on google and loved reading it greatly. It is a great post indeed. Much obliged to you and good. keep it up..
Rolex propose une replique rolex montres large gamme de modèles, des montres professionnelles fausses rolex cosmograph daytona montres aux montres classiques, qui s'adaptent à tous les poignets. Choisissez votre modèle préféré, la matière, la lunette, le cadran et le bracelet pour explorer la collection Rolex et trouver la montre qui vous convient.
instagram takipçi satın al - instagram takipçi satın al - tiktok takipçi satın al - instagram takipçi satın al - instagram beğeni satın al - instagram takipçi satın al - instagram takipçi satın al - instagram takipçi satın al - instagram takipçi satın al - binance güvenilir mi - binance güvenilir mi - binance güvenilir mi - binance güvenilir mi - instagram beğeni satın al - instagram beğeni satın al - polen filtresi - google haritalara yer ekleme - btcturk güvenilir mi - binance hesap açma - kuşadası kiralık villa - tiktok izlenme satın al - instagram takipçi satın al - sms onay - paribu sahibi - binance sahibi - btcturk sahibi - paribu ne zaman kuruldu - binance ne zaman kuruldu - btcturk ne zaman kuruldu - youtube izlenme satın al - torrent oyun - google haritalara yer ekleme - altyapısız internet - bedava internet - no deposit bonus forex - erkek spor ayakkabı - webturkey.net - minecraft premium hesap - karfiltre.com - tiktok jeton hilesi - tiktok beğeni satın al - microsoft word indir - misli indir
instagram takipçi satın al
instagram takipçi satın al
takipçi satın al
instagram takipçi satın al
takipçi satın al
aşk kitapları
tiktok takipçi satın al
instagram beğeni satın al
youtube abone satın al
twitter takipçi satın al
tiktok beğeni satın al
tiktok izlenme satın al
twitter takipçi satın al
tiktok takipçi satın al
youtube abone satın al
tiktok beğeni satın al
instagram beğeni satın al
trend topic satın al
trend topic satın al
youtube abone satın al
beğeni satın al
tiktok izlenme satın al
sms onay
youtube izlenme satın al
tiktok beğeni satın al
sms onay
sms onay
perde modelleri
instagram takipçi satın al
takipçi satın al
tiktok jeton hilesi
pubg uc satın al
sultanbet
marsbahis
betboo
betboo
betboo
instagram takipçi satın al
ucuz takipçi
takipçi satın al
https://takipcikenti.com
https://ucsatinal.org
instagram takipçi satın al
https://perdemodelleri.org
https://yazanadam.com
instagram takipçi satın al
balon perdeler
petek üstü perde
mutfak tül modelleri
kısa perde modelleri
fon perde modelleri
tül perde modelleri
https://atakanmedya.com
https://fatihmedya.com
https://smmpaketleri.com
https://takipcialdim.com
https://yazanadam.com
yasaklı sitelere giriş
aşk kitapları
yabancı şarkılar
sigorta sorgula
https://cozumlec.com
word indir ücretsiz
tiktok jeton hilesi
rastgele görüntülü sohbet
erkek spor ayakkabı
fitness moves
gym workouts
https://marsbahiscasino.org
http://4mcafee.com
http://paydayloansonlineare.com
I read that Post and got it fine and informative.
techwithgeeks
talesbuzz
whizzherald
alternativestips
romsmania
shindigweb
DNS Server Not Responding
marsbahis
betboo
sultanbet
marsbahis
betboo
sultanbet
dent hangi borsada
sc coin hangi borsada
btt coin hangi borsada
hnt coin hangi borsada
elf coin hangi borsada
psg coin hangi borsada
mdt coin hangi borsada
dot coin hangi borsada
mit coin hangi borsada