Search found 102 matches

by jyoung
2016/12/29 18:14:40
Forum: CentOS 7 - Security Support
Topic: /home/www-data/.bash_profile: Permission denied
Replies: 2
Views: 1230

Re: /home/www-data/.bash_profile: Permission denied

This does sound SELinux related. You shouldn't have your web server trying to read data from /home, ever. That said, this boolean should do the trick: semanage boolean --modify --on httpd_enable_homedirs sesearch -A -C -s httpd_t -t user_home_t Found 9 semantic av rules: allow daemon user_home_t : f...
by jyoung
2016/05/12 19:04:53
Forum: CentOS 6 - Security Support
Topic: New SELinux Policy
Replies: 3
Views: 1998

Re: New SELinux Policy

How about this? It's not exactly a tutorial but it's the most approachable method that I've found. A combination of this and looking at the refpolicy is how I learned to write what I do. Introducing sepolicy: http://danwalsh.livejournal.com/61107.html Creating a confined administrator: http://danwal...
by jyoung
2016/04/24 21:20:39
Forum: CentOS 6 - Security Support
Topic: [SOLVED] sudo and su both do not work
Replies: 2
Views: 1801

Re: [SOLVED] sudo and su both do not work

What guidelines or recommendations require or suggest that you should mount your root volume or /usr as nosuid? Mounting remote filesystems that way makes sense, but not local ones. In fact, if you've partitioned/LVM'ed your system in such a way that supports it, I'd mount everything other than /usr...
by jyoung
2016/04/20 12:05:19
Forum: CentOS 7 - General Support
Topic: add roles
Replies: 5
Views: 2723

Re: add roles

yum install httpd for apache (web server) is there a list of all the roles I can be of reference? :) Thanks Jeff Try something like this: # yum grouplist Then, for example # yum groupinstall "Web Server" That's the closest thing that I can think of to what you're asking. That said, there's likely a...
by jyoung
2016/03/17 18:39:58
Forum: CentOS 7 - General Support
Topic: excluding Office Suite installation in kick start
Replies: 8
Views: 1202

Re: excluding Office Suite installation in kick start

How about this?

Code: Select all

yum grouplist -v | grep -i office
Pick the group name that you need to exclude?
by jyoung
2016/03/17 18:23:15
Forum: CentOS 7 - Security Support
Topic: systemd-nspawn chroot on steroids and SElinux
Replies: 3
Views: 3192

Re: systemd-nspawn chroot on steroids and SElinux

I'm on Fedora 23 with the following policies installed: rpm -qa | grep selinux-policy selinux-policy-targeted-3.13.1-158.9.fc23.noarch selinux-policy-3.13.1-158.9.fc23.noarch selinux-policy-devel-3.13.1-158.9.fc23.noarch You can write or generate policy to take care of your problem if you'd like, be...
by jyoung
2016/02/21 20:05:16
Forum: CentOS 7 - Software Support
Topic: semanage fcontext not changing user
Replies: 2
Views: 1039

Re: semanage fcontext not changing user

SELinux, at least by default, works with type enforcement on a CentOS system. The user piece of the file's context that you're trying to change isn't of a great deal of importance to you.
by jyoung
2015/11/22 21:31:24
Forum: CentOS 6 - Security Support
Topic: 460 Attacks from 127.0.0.1
Replies: 14
Views: 4117

Re: 460 Attacks from 127.0.0.1

That's not my point. You're running nginx, php-fpm and memcached on your dedicated server. With the information that you've provided, the number of connections to your loopback address doesn't seem abnormal.
by jyoung
2015/11/22 21:15:23
Forum: CentOS 6 - Security Support
Topic: 460 Attacks from 127.0.0.1
Replies: 14
Views: 4117

Re: 460 Attacks from 127.0.0.1

Looks like we're just talking about a busy web server...
by jyoung
2015/11/22 20:50:35
Forum: CentOS 6 - Security Support
Topic: 460 Attacks from 127.0.0.1
Replies: 14
Views: 4117

Re: 460 Attacks from 127.0.0.1

How about the output of this?

Code: Select all

sudo netstat -tupn | grep 127.0.0.1 | gawk '{print $NF}' | uniq -c

Go to advanced search