1,576
edits
Changes
no edit summary
{{Admon/caution|THIS IS AN OLD VERSION OF THE ASSIGNMENT|'''This is an archived version. Do not use this in your OPS235 course.'''}}
[[category:OPS235]][[Category:rchan]]
= Turning Firewall On/Off on CentOS 7 =
Max kernel policy version: 28
</pre>
= Listing the RUN-TIME configurable parameter for SELinux =
* getsebool -a
<pre>
abrt_anon_write --> off
abrt_handle_event --> off
abrt_upload_watch_anon_write --> on
antivirus_can_scan_system --> off
antivirus_use_jit --> off
auditadm_exec_content --> on
authlogin_nsswitch_use_ldap --> off
authlogin_radius --> off
authlogin_yubikey --> off
awstats_purge_apache_log_files --> off
boinc_execmem --> on
...
</pre>
== List of SELinux run-time configurable parameter that control Apache server (httpd)==
* getsebool -a | grep httpd
<pre>
httpd_anon_write --> off
httpd_builtin_scripting --> on
httpd_can_check_spam --> off
httpd_can_connect_ftp --> off
httpd_can_connect_ldap --> off
httpd_can_connect_mythtv --> off
httpd_can_connect_zabbix --> off
httpd_can_network_connect --> off
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_relay --> off
httpd_can_sendmail --> off
httpd_dbus_avahi --> off
httpd_dbus_sssd --> off
httpd_dontaudit_search_dirs --> off
httpd_enable_cgi --> on
httpd_enable_ftp_server --> off
httpd_enable_homedirs --> off
httpd_execmem --> off
httpd_graceful_shutdown --> on
httpd_manage_ipa --> off
httpd_mod_auth_ntlm_winbind --> off
httpd_mod_auth_pam --> off
httpd_read_user_content --> off
httpd_run_preupgrade --> off
httpd_run_stickshift --> off
httpd_serve_cobbler_files --> off
httpd_setrlimit --> off
httpd_ssi_exec --> off
httpd_sys_script_anon_write --> off
httpd_tmp_exec --> off
httpd_tty_comm --> off
httpd_unified --> off
httpd_use_cifs --> off
httpd_use_fusefs --> off
httpd_use_gpg --> off
httpd_use_nfs --> off
httpd_use_openstack --> off
httpd_use_sasl --> off
httpd_verify_dns --> off
</pre>
= How to turn on/off a SELinux run-time parameter=
== To turn on a run-time parameter ==
For Current session
* setsebool httpd_can_network_connect_db on
For good (even after a reboot)
* setsebool -P httpd_can_network_connect_db on
== To turn off a run-time parameter ==
For the current session
* setsebool httpd_can_network_connect_db off
For good (even after a reboot)
* setsebool -P httpd_can_network_connect_db off
