Difference between revisions of "Tung selinux conf"

From CDOT Wiki
Jump to: navigation, search
(Blanked the page)
 
Line 1: Line 1:
<b><big><big>Configuring SELinux Boolean</big></big></b>
 
  
 
<b><big>Introduction</big></b>
 
 
<big><font face=Georgia>
 
SELinux stands for Security-Enhanced Linux. Because Linux is built by collection of open source, it causes security problems. Unlike Window, software is build by trusted professionals. In Linux, the source code is written by some unknown people who may be hackers or criminals, so a system administrator must restrict what a open source software can do. Different from Window, software is written by expert. In Linux, most open source is written amateurs or students, so it may contains serious bugs that will damage your system. The system must be protect by SElinux.
 
 
This page teaches how to control what insecure Apache server can do. </font></big>
 
 
 
<big><b>Changing SELinux boolean</b></big>
 
 
1. Unlike Window, all tools are integrated. You must install one by one in Linux. Install SELinux GUI tool: <b><code><font color=green >yum install policycoreutils-gui </font></code></b>
 
 
 
 
2. Open <b>“SELinux Management”</b> from system panel
 
 
[[ File:Selinux panel.png | border ]]
 
 
 
 
 
3. Click Boolean section.
 
 
[[ File:Selinux gui boolean.png | border ]]
 
 
 
 
 
4. Allow Apache Server to access files in user's public_html directory and display them. Change boolean <b>httpd_enable_homedirs</b> to 1: Check the checkbox
 
 
[[ File:Selinux enable homedirs.png | border ]]
 
 
 
 
 
5. Allow Apache Server to execute cgi script in user's public_html directory. Change boolean <b>httpd_enable_cgi</b> to 1: Check the checkbox
 
 
[[ File:Selinux enable cgi.png | border ]]
 
 
 
 
 
 
 
 
 
[[File:Fat penguin1.png]]
 

Latest revision as of 00:13, 31 July 2011