Debian->CentOS

Doran L. Barton fozz at hypermoo.com
Tue Aug 31 23:13:22 MDT 2010


On Monday, August 30, 2010 07:56:50 pm Von Fugal wrote:
> > - CentOS ships SELinux
> 
> Hrmm, I hope there's not too much involved with that. I am clueless about
> SELinux.

SELinux rocks, but some really basic pointers can help.

First of all, if you run into something that isn't working and you suspect 
it's because of SELinux, you can temporarily put SELinux into "permissive 
mode":

	sudo /usr/sbin/setenforce 0

(Use 1 in place of the 0 to turn it back on.)

If you decide you want to run in permissive mode all the time, simply edit 
/etc/sysconfig/selinux, change SELINUXTYPE=permissive, and reboot.

RHEL/CentOS's default SELinux configuration compartmentalizes various daemons 
like Samba and Apache which is really nice in the event that there is some 
kind of security breach because then the attacker is limited in what kind of 
damage they can wreak. 

If you want to tweak how SELinux affects Apache, see the httpd_selinux man 
page. For Samba, the samba_selinux man page. NFS, nfs_selinux, and so on.

Stuart Jansen gave a presentation for PLUG in 2008 on SELinux. Video of this 
presentation is available here: http://opensourcetv.tv/video/16.html

-- 
Doran L. Barton <fozz at hypermoo.com>
Open-source developer, sysadmin, consultant, and all-around geeky dude
 "I sick and stay in bed with a clod."
    -- Memo sent inside Japanese company in London
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
Url : http://plug.org/pipermail/plug/attachments/20100831/fbdbf712/attachment.bin 


More information about the PLUG mailing list