Debian->CentOS
Doran L. Barton
fozz at hypermoo.com
Tue Aug 31 23:13:22 MDT 2010
On Monday, August 30, 2010 07:56:50 pm Von Fugal wrote:
> > - CentOS ships SELinux
>
> Hrmm, I hope there's not too much involved with that. I am clueless about
> SELinux.
SELinux rocks, but some really basic pointers can help.
First of all, if you run into something that isn't working and you suspect
it's because of SELinux, you can temporarily put SELinux into "permissive
mode":
sudo /usr/sbin/setenforce 0
(Use 1 in place of the 0 to turn it back on.)
If you decide you want to run in permissive mode all the time, simply edit
/etc/sysconfig/selinux, change SELINUXTYPE=permissive, and reboot.
RHEL/CentOS's default SELinux configuration compartmentalizes various daemons
like Samba and Apache which is really nice in the event that there is some
kind of security breach because then the attacker is limited in what kind of
damage they can wreak.
If you want to tweak how SELinux affects Apache, see the httpd_selinux man
page. For Samba, the samba_selinux man page. NFS, nfs_selinux, and so on.
Stuart Jansen gave a presentation for PLUG in 2008 on SELinux. Video of this
presentation is available here: http://opensourcetv.tv/video/16.html
--
Doran L. Barton <fozz at hypermoo.com>
Open-source developer, sysadmin, consultant, and all-around geeky dude
"I sick and stay in bed with a clod."
-- Memo sent inside Japanese company in London
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
Url : http://plug.org/pipermail/plug/attachments/20100831/fbdbf712/attachment.bin
More information about the PLUG
mailing list