Selinux

Only available on StudyMode
  • Topic: Linux, Mandatory access control, Apache HTTP Server
  • Pages : 28 (7859 words )
  • Download(s) : 28
  • Published : April 20, 2013
Open Document
Text Preview
Blueprints

First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server

Blueprints

First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server

Note Before using this information and the product it supports, read the information in “Notices” on page 17.

First Edition (August 2009) © Copyright IBM Corporation 2009. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

Contents
Introduction . . . . . . . . . . . . . v First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server . . . . . . . . . . . . . 1 Scope, requirements, and support Security-Enhanced Linux overview Access control: MAC and DAC SELinux basics. . . . . . SELinux and Apache . . . . Installing and running HTTPD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1 1 2 5 5 HTTPD and context types . . . . . . . . . 5 HTTPD and SELinux Booleans . . . . . . . 8 Configuring HTTPD security using SELinux . . . . 9 Securing Apache (static content only) . . . . . 9 Hardening CGI scripts with SELinux . . . . . 12

Appendix. Related information and downloads . . . . . . . . . . . . . 15 Notices . . . . . . . . . . . . . . 17 Trademarks . . . . . . . . . . . . . . 18

© Copyright IBM Corp. 2009

iii

iv

Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server

Introduction
This blueprint provides a brief introduction to basic Security-Enhanced Linux (SELinux) commands and concepts, including Boolean variables. In addition, the paper shows you how to increase the security of the Apache Web server with SELinux by using these concepts. Key tools and technologies discussed in this demonstration include security-enhanced Linux (SELinux), mandatory access control (MAC), getenforce, sestatus, getsebool, and setsebool.

Intended audience
This blueprint is intended for Linux system or network administrators who want to learn more about securing their systems with SELinux. You should be familiar with installing and configuring Linux distributions, networks, and the Apache Web server.

Scope and purpose
This paper provides a basic overview of SELinux, SELinux Boolean variables, and hardening Apache on Red Hat Enterprise Linux (RHEL) 5.3. For more information about configuring RHEL 5.3, see the documentation supplied with your installation media or the distribution Web site. For more information about SELinux, see “Related information and downloads,” on page 15.

Software requirements
This blueprint is written and tested using Red Hat Enterprise Linux (RHEL) 5.3.

Hardware requirements
The information contained in this blueprint is tested on different models of IBM System x and System p hardware. For a list of hardware supported by RHEL 5.3, see the documentation supplied with your Linux distribution.

Author names
Robert Sisk

Other contributors
Monza Lui Kersten Richter Robb Romans

IBM Services
Linux offers flexibility, options, and competitive total cost of ownership with a world class enterprise operating system. Community innovation integrates leading-edge technologies and best practices into Linux. IBM® is a leader in the Linux community with over 600 developers in the IBM Linux Technology Center working on over 100 open source projects in the community. IBM supports Linux on all IBM servers, storage, and middleware, offering the broadest flexibility to match your business needs.

© Copyright IBM Corp. 2009

v

For more information about IBM and Linux, go to ibm.com/linux

(https://www.ibm.com/linux)

IBM Support
Questions and comments regarding this documentation can be posted on the developerWorks Security Blueprint Community Forum: http://www.ibm.com/developerworks/forums/forum.jspa?forumID=1271

The IBM developerWorks® discussion forums let you ask questions, share knowledge, ideas, and...
tracking img