Difference between revisions of "User:Chris Tyler/Chris Tyler's Guide to Surviving OPS235 Assignment 2 with SELinux Enabled"
Chris Tyler (talk | contribs) (Created page with 'OPS235 Assignment 2 can be tricky with SELinux enabled. Here are some tips to get you through... == MediaWiki and SELinux == * Switch SELinux to permissive mode during Medi…') |
Chris Tyler (talk | contribs) (→diskfree.cgi Script) |
||
(2 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
[[OPS235 Assignment 2]] can be tricky with SELinux enabled. Here are some tips to get you through... | [[OPS235 Assignment 2]] can be tricky with SELinux enabled. Here are some tips to get you through... | ||
− | == MediaWiki and SELinux == | + | == SELinux Tips == |
+ | === MediaWiki and SELinux === | ||
* Switch SELinux to permissive mode during MediaWiki configuration: <code>setenforce 0</code> | * Switch SELinux to permissive mode during MediaWiki configuration: <code>setenforce 0</code> | ||
Line 7: | Line 8: | ||
* Switch SELinux to enforcing mode after MediaWiki configuration: <code>setenforce 1</code> | * Switch SELinux to enforcing mode after MediaWiki configuration: <code>setenforce 1</code> | ||
− | == diskfree.cgi Script == | + | === diskfree.cgi Script === |
* The permissions on the file <code>/var/log/httpd/suexec.log</code> and the directory <code>/var/log/httpd</code> may need to be adjusted: | * The permissions on the file <code>/var/log/httpd/suexec.log</code> and the directory <code>/var/log/httpd</code> may need to be adjusted: | ||
Line 13: | Line 14: | ||
chown apache:apache /var/log/httpd/suexec.log | chown apache:apache /var/log/httpd/suexec.log | ||
chmod 0755 /var/log/httpd | chmod 0755 /var/log/httpd | ||
− | chmod | + | chmod 0660 /var/log/httpd/suexec.log |
− | * Use a SELinux file context of <code>httpd_user_script_exec_t</code> on your script | + | * Use a SELinux file context of <code>httpd_user_script_exec_t</code> on your <code>diskfree.cgi</code> script |
− | * Permanently enable the SELinux boolean <code>httpd_enable_homedirs</code> | + | * Permanently enable the SELinux boolean <code>httpd_enable_homedirs</code> using the <code>setsebool</code> command with appropriate options. |
+ | |||
+ | == General Tips == | ||
+ | |||
+ | * If Apache is not doing what you expect, look in the log files in <code>/var/log/httpd</code> | ||
+ | * Check your clock. If you clock is off, the error message times listed in /var/log/httpd may be wrong too. |
Latest revision as of 17:35, 9 April 2012
OPS235 Assignment 2 can be tricky with SELinux enabled. Here are some tips to get you through...
SELinux Tips
MediaWiki and SELinux
- Switch SELinux to permissive mode during MediaWiki configuration:
setenforce 0
- Once configured, copy the LocalSettings.php file from
/var/www/wiki/config
to/var/www/wiki
as directed by the message on the screen. - Switch SELinux to enforcing mode after MediaWiki configuration:
setenforce 1
diskfree.cgi Script
- The permissions on the file
/var/log/httpd/suexec.log
and the directory/var/log/httpd
may need to be adjusted:
touch /var/log/httpd/suexec.log chown apache:apache /var/log/httpd/suexec.log chmod 0755 /var/log/httpd chmod 0660 /var/log/httpd/suexec.log
- Use a SELinux file context of
httpd_user_script_exec_t
on yourdiskfree.cgi
script - Permanently enable the SELinux boolean
httpd_enable_homedirs
using thesetsebool
command with appropriate options.
General Tips
- If Apache is not doing what you expect, look in the log files in
/var/log/httpd
- Check your clock. If you clock is off, the error message times listed in /var/log/httpd may be wrong too.