I'm a programmer of too many years to mention, but I'm only just starting my journey into unix based systems. I'm staring out with the Raspberry pi as they're inexpensive and have the built in GPIO which is always good fun. It's running the default Raspbian system.
Unix scripting is completely new to me, while I'm geo'll run atting used to it slowly I'm struggling with one problem, I'm not even sure if it's the right thing to do.
I want to change settings in a conf file. Example:
I'll run a sh to change Another Setting to 27.
Now, I can achieve this in two ways, I can have a bunch of files with different settings and rename/copy the one I want at the time. Or I can search the file and change the setting. The second is the preferred method as it's much more flexible.
How practical is it to write script that will search a file for settings and change them? Is parsing files something that's often done with scripts, if so, what commands do I need to get acquainted with? Or do people jump to python or other methods for such things?
All input welcome.
Thanks.
Moderator's Comments:
Please use CODE tags as required by forum rules!
Last edited by RudiC; 11-27-2017 at 11:06 AM..
Reason: Added CODE tags.
We just moved to a new office so few things changed on our LAN. I am on Solaris and trying to find the files that hold the configuration for connecting to the servers. I changed the IP addresses to reflect the new addresses but still I get this error:
“unknown sendmail : unable to qualify my own... (3 Replies)
Currently our Apache log files are huge, I want to put say a month's time limit on this, then when it hits the end of the month I would like it to start over writing.
Does anyone know where the config file is for this and what its called? I also want to do exactly the same on wtmp config (who... (1 Reply)
Does anyone have a list of key config files and the respective paths for HP-UX? Or does anyone know where I can get a list similar to this?
Thanks,
TOdd (0 Replies)
Under Leopard, I like to conveniently open Terminal windows onto remote systems. I've created several settings files in Terminal, one for each remote system that I want to access. To open window, I right-click on the Terminal icon in the Dock, expand the "New Window" menu item, and select the... (0 Replies)
Hi,
I want to use a config file as the base file and parse over the values of country and city parameters in the config file and generate separate config files as explained below.
I will be using the config file as mentioned below:
(config.txt)
country:a,b
city:1,2
type:b1... (1 Reply)
Hi I am new to shell scripting. There is a requirement to write a shell script to meet follwing needs.Prompt reply shall be highly appreciated.
script that will compare two config files and produce 2 outputs - actual config file and a report indicating changes made.
OS :Susi linux ver 10.3.
... (4 Replies)
Hi,
I have 2 perl SubRoutines (sub 1 and sub 2). I created two perl modules for these (Sub1.pm and Sub2.pm).
How can I include these in a config file (say Config.cfg) and call the config file in my main script Rename.pl to use the 2 subroutines?
Right now here are the content of Config.cfg... (1 Reply)
(copied directly from my other thread about something else)
At the moment, I just use...
cat config_file|grep var_name|cut -d'=' -f2
... which is fine for what I've been doing, but I'm not sure what to
do when there are a variable number of entries and I want it go through
them like a... (7 Replies)
Hi,
Having trouble in our network we would like to implement a second "ip-helper" (to have DHCP redondancy) to do so we have to take all the network elements config (switches and routers) , finds where the particular config is and add a second line. To do so we need to have a list where this... (1 Reply)
Hi Team,
My new build configuration always looking for the files from the build where i copied from.
please help me to resolve this.
I am using Visual studio 2008.It has Qt 4.8. plugins,qml,C++ development
I created new debug_new build configuration with additional preprocessor from the... (1 Reply)
Discussion started by: SA_Palani
1 Replies
LEARN ABOUT DEBIAN
httpd_selinux
httpd_selinux(8) httpd Selinux Policy documentation httpd_selinux(8)NAME
httpd_selinux - Security Enhanced Linux Policy for the httpd daemon
DESCRIPTION
Security-Enhanced Linux secures the httpd server via flexible mandatory access control.
FILE_CONTEXTS
SELinux requires files to have an extended attribute to define the file type. Policy governs the access daemons have to these files.
SELinux httpd policy is very flexible allowing users to setup their web services in as secure a method as possible.
The following file contexts types are defined for httpd:
httpd_sys_content_t
- Set files with httpd_sys_content_t if you want httpd_sys_script_exec_t scripts and the daemon to read the file, and disallow other non
sys scripts from access.
httpd_sys_script_exec_t
- Set cgi scripts with httpd_sys_script_exec_t to allow them to run with access to all sys types.
httpd_sys_content_rw_t
- Set files with httpd_sys_content_rw_t if you want httpd_sys_script_exec_t scripts and the daemon to read/write the data, and disallow
other non sys scripts from access.
httpd_sys_content_ra_t
- Set files with httpd_sys_content_ra_t if you want httpd_sys_script_exec_t scripts and the daemon to read/append to the file, and disallow
other non sys scripts from access.
httpd_unconfined_script_exec_t
- Set cgi scripts with httpd_unconfined_script_exec_t to allow them to run without any SELinux protection. This should only be used for a
very complex httpd scripts, after exhausting all other options. It is better to use this script rather than turning off SELinux protection
for httpd.
NOTE
With certain policies you can define additional file contexts based on roles like user or staff. httpd_user_script_exec_t can be defined
where it would only have access to "user" contexts.
SHARING FILES
If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and pub-
lic_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the pub-
lic_content_rw_t domain, you must set the appropriate boolean. allow_DOMAIN_anon_write. So for httpd you would execute:
setsebool -P allow_httpd_anon_write=1
or
setsebool -P allow_httpd_sys_script_anon_write=1
BOOLEANS
SELinux policy is customizable based on least access required. SELinux can be setup to prevent certain http scripts from working. httpd
policy is extremely flexible and has several booleans that allow you to manipulate the policy and run httpd with the tightest access possi-
ble.
httpd can be setup to allow cgi scripts to be executed, set httpd_enable_cgi to allow this
setsebool -P httpd_enable_cgi 1
SELinux policy for httpd can be setup to not allowed to access users home directories. If you want to allow access to users home directo-
ries you need to set the httpd_enable_homedirs boolean and change the context of the files that you want people to access off the home dir.
setsebool -P httpd_enable_homedirs 1
chcon -R -t httpd_sys_content_t ~user/public_html
SELinux policy for httpd can be setup to not allow access to the controlling terminal. In most cases this is preferred, because an
intruder might be able to use the access to the terminal to gain privileges. But in certain situations httpd needs to prompt for a password
to open a certificate file, in these cases, terminal access is required. Set the httpd_tty_comm boolean to allow terminal access.
setsebool -P httpd_tty_comm 1
httpd can be configured to not differentiate file controls based on context, i.e. all files labeled as httpd context can be read/write/exe-
cute. Setting this boolean to false allows you to setup the security policy such that one httpd service can not interfere with another.
setsebool -P httpd_unified 0
SELinu policy for httpd can be configured to turn on sending email. This is a security feature, since it would prevent a vulnerabiltiy in
http from causing a spam attack. I certain situations, you may want http modules to send mail. You can turn on the httpd_send_mail bool-
ean.
setsebool -P httpd_can_sendmail 1
httpd can be configured to turn off internal scripting (PHP). PHP and other
loadable modules run under the same context as httpd. Therefore several policy rules allow httpd greater access to the system then is needed if you only use external cgi scripts.
setsebool -P httpd_builtin_scripting 0
SELinux policy can be setup such that httpd scripts are not allowed to connect out to the network. This would prevent a hacker from break-
ing into you httpd server and attacking other machines. If you need scripts to be able to connect you can set the httpd_can_network_con-
nect boolean on.
setsebool -P httpd_can_network_connect 1
system-config-selinux is a GUI tool available to customize SELinux policy settings.
AUTHOR
This manual page was written by Dan Walsh <dwalsh@redhat.com>.
SEE ALSO selinux(8), httpd(8), chcon(1), setsebool(8)dwalsh@redhat.com 17 Jan 2005 httpd_selinux(8)