|
|
Sponsored Content
Top Forums
UNIX for Dummies Questions & Answers
Apache help
Post 302086501 by ranjita.c on Thursday 24th of August 2006 09:50:32 AM
08-24-2006
|
|
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
how must httpd.conf be configured
to exec the php files? (2 Replies)
Discussion started by: user666
2 Replies
2. UNIX for Dummies Questions & Answers
How do you tell which apache version is currently running.
the situation is that I got multiply httpd.conf files on a solaris 2.6 server and I need to tell which version is what? I have checked the httpd.conf but no joy
Thanks in Advance (3 Replies)
Discussion started by: hassan2
3 Replies
3. IP Networking
I want to have multiple domains to be configured in apache web server on redhat linux
Please help me
Vijay (2 Replies)
Discussion started by: Vijayanand
2 Replies
4. IP Networking
I want to have multiple domains to be configured in apache web server on redhat linux
can i have that without DNS server configured. What all i have to do for that.What all to configure ?
And importantly
i want the site be accessed by name rather IP address.
Please help me
... (1 Reply)
Discussion started by: Vijayanand
1 Replies
5. IP Networking
I want to have multiple domains to be configured in apache web server on redhat linux
can i have that without DNS server being configured. What all i have to do for that.What all to configure ?
please note that i need to access the site by its name not by IP . I want this in a LAN . I dont... (4 Replies)
Discussion started by: Vijayanand
4 Replies
6. UNIX for Dummies Questions & Answers
on my webserver, and im sure many of you who also run one see this all the time, but the majority of my access log is filled with attempted exploits from computers compromised by some virus (NIMBDA?) and anyway i know this is harmless to an apache/linux webserver, but its annoying, anyway, on... (5 Replies)
Discussion started by: norsk hedensk
5 Replies
7. UNIX for Advanced & Expert Users
I am tring to configure Apache so that it displays the ip address of
users browsing the web in the header.
mod_header is installed on my apache as default.
I tried including the following in httpd.conf file but no joy
Header set remoteip %{REMOTE_ADDR}
I have also tried
Header add... (3 Replies)
Discussion started by: hassan2
3 Replies
8. Web Development
Hi,
I'm new to developing modules for Apache. I understand the basics now and can develop something simple which allows a 'GET' request to happen, but what I want to do is actually 'POST' information to my site. I know the basic POST Request works and I can see that it is post by looking at... (2 Replies)
Discussion started by: fishman2001
2 Replies
9. Red Hat
Process not running: /opt/java15/jdk/bin/java -classpath /opt/apache/apache-ant-1.7.0-mod/lib/ant-la
Have no idea on what the below error message is:
Process not running: /opt/java15/jdk/bin/java -classpath /opt/apache/apache-ant-1.7.0-mod/lib/ant-launcher.jar org.apache.tools.ant.launch.Launcher -buildfile build.xml dist.
Any help? (3 Replies)
Discussion started by: gull05
3 Replies
LEARN ABOUT CENTOS
openshift_app_selinux
openshift_app_selinux(8) SELinux Policy openshift_app openshift_app_selinux(8) NAME
openshift_app_selinux - Security Enhanced Linux Policy for the openshift_app processes DESCRIPTION
Security-Enhanced Linux secures the openshift_app processes via flexible mandatory access control. The openshift_app processes execute with the openshift_app_t SELinux type. You can check if you have these processes running by executing the ps command with the -Z qualifier. For example: ps -eZ | grep openshift_app_t ENTRYPOINTS
The openshift_app_t SELinux type can be entered via the gpg_exec_t, user_cron_spool_t, bin_t, usr_t, openshift_file_type, shell_exec_t, httpd_exec_t file types. The default entrypoint paths for the openshift_app_t domain are the following: All executeables with the default executable label, usually stored in /usr/bin and /usr/sbin. /usr/bin/gpg(2)?, /usr/lib/gnupg/.*, /usr/bin/gpgsm, /var/spool/at(/.*)?, /var/spool/cron, /usr/.*, /opt/.*, /emul/.*, /export(/.*)?, /usr/doc(/.*)?/lib(/.*)?, /usr/inclu.e(/.*)?, /usr/share/doc(/.*)?/README.*, /usr, /opt, /emul, /bin/d?ash, /bin/zsh.*, /bin/ksh.*, /usr/bin/d?ash, /usr/bin/zsh.*, /usr/bin/ksh.*, /bin/esh, /bin/mksh, /bin/sash, /bin/tcsh, /bin/yash, /bin/bash, /bin/fish, /bin/bash2, /usr/bin/esh, /usr/bin/sash, /usr/bin/tcsh, /usr/bin/yash, /usr/bin/fish, /usr/bin/mksh, /usr/bin/bash, /sbin/nologin, /usr/sbin/sesh, /usr/bin/bash2, /usr/sbin/smrsh, /usr/bin/scponly, /usr/sbin/nologin, /usr/libexec/sesh, /usr/sbin/scponlyc, /usr/bin/git-shell, /usr/libexec/git-core/git-shell, /usr/sbin/httpd(.worker)?, /usr/sbin/apache(2)?, /usr/lib/apache-ssl/.+, /usr/sbin/apache-ssl(2)?, /usr/share/jetty/bin/jetty.sh, /usr/sbin/nginx, /usr/sbin/thttpd, /usr/sbin/php-fpm, /usr/sbin/cherokee, /usr/sbin/lighttpd, /usr/sbin/httpd.event, /usr/bin/mon- grel_rails, /usr/sbin/htcacheclean PROCESS TYPES
SELinux defines process types (domains) for each process running on the system You can see the context of a process using the -Z option to ps Policy governs the access confined processes have to files. SELinux openshift_app policy is very flexible allowing users to setup their openshift_app processes in as secure a method as possible. The following process types are defined for openshift_app: openshift_app_t Note: semanage permissive -a openshift_app_t can be used to make the process type openshift_app_t permissive. SELinux does not deny access to permissive process types, but the AVC (SELinux denials) messages are still generated. BOOLEANS
SELinux policy is customizable based on least access required. openshift_app policy is extremely flexible and has several booleans that allow you to manipulate the policy and run openshift_app with the tightest access possible. If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd server, you must turn on the authlo- gin_nsswitch_use_ldap boolean. Disabled by default. setsebool -P authlogin_nsswitch_use_ldap 1 If you want to deny any process from ptracing or debugging any other processes, you must turn on the deny_ptrace boolean. Enabled by default. setsebool -P deny_ptrace 1 If you want to allow all domains to use other domains file descriptors, you must turn on the domain_fd_use boolean. Enabled by default. setsebool -P domain_fd_use 1 If you want to allow all domains to have the kernel load modules, you must turn on the domain_kernel_load_modules boolean. Disabled by default. setsebool -P domain_kernel_load_modules 1 If you want to allow all domains to execute in fips_mode, you must turn on the fips_mode boolean. Enabled by default. setsebool -P fips_mode 1 If you want to enable reading of urandom for all domains, you must turn on the global_ssp boolean. Disabled by default. setsebool -P global_ssp 1 If you want to allow confined applications to run with kerberos, you must turn on the kerberos_enabled boolean. Enabled by default. setsebool -P kerberos_enabled 1 If you want to allow system to run with NIS, you must turn on the nis_enabled boolean. Disabled by default. setsebool -P nis_enabled 1 If you want to allow confined applications to use nscd shared memory, you must turn on the nscd_use_shm boolean. Disabled by default. setsebool -P nscd_use_shm 1 If you want to allow openshift to access nfs file systems without labels, you must turn on the openshift_use_nfs boolean. Disabled by default. setsebool -P openshift_use_nfs 1 NSSWITCH DOMAIN
If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd server for the openshift_app_t, you must turn on the authlogin_nsswitch_use_ldap boolean. setsebool -P authlogin_nsswitch_use_ldap 1 If you want to allow confined applications to run with kerberos for the openshift_app_t, you must turn on the kerberos_enabled boolean. setsebool -P kerberos_enabled 1 MANAGED FILES
The SELinux process type openshift_app_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions. anon_inodefs_t hugetlbfs_t /dev/hugepages /lib/udev/devices/hugepages /usr/lib/udev/devices/hugepages nfs_t openshift_rw_file_t /var/lib/openshift/.*/data(/.*)? /var/lib/stickshift/.*/data(/.*)? openshift_tmp_t /var/lib/openshift/.*/.tmp(/.*)? /var/lib/openshift/.*/.sandbox(/.*)? /var/lib/stickshift/.*/.tmp(/.*)? /var/lib/stickshift/.*/.sandbox(/.*)? openshift_tmpfs_t security_t /selinux COMMANDS
semanage fcontext can also be used to manipulate default file context mappings. semanage permissive can also be used to manipulate whether or not a process type is permissive. semanage module can also be used to enable/disable/install/remove policy modules. semanage boolean can also be used to manipulate the booleans system-config-selinux is a GUI tool available to customize SELinux policy settings. AUTHOR
This manual page was auto-generated using sepolicy manpage . SEE ALSO
selinux(8), openshift_app(8), semanage(8), restorecon(8), chcon(1), sepolicy(8) , setsebool(8) openshift_app 14-06-10 openshift_app_selinux(8)