Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [selinux]

NSA Security-Enhanced Linux (SELinux) is an implementation of a flexible mandatory access control architecture in the Linux operating system.

The SELinux architecture provides general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement®, Role- Based Access Control, and Multi-Level Security. Background information and technical documentation about SELinux can be found at http://www.nsa.gov/selinux.

681 questions
7
votes
2 answers

How to log executions of specific commands on Linux no matter where it came from?

Dangerous commands like rm , kill and systemctl stop can be hidden outside bash inputs - i.e. - a malicious user can easily hide them inside a python script using os module and just run the python script as a proxy to hide what they really intended…
George Y
  • 528
  • 6
  • 16
7
votes
3 answers

TFTP uploads failing

I am running TFTPD via xinetd on a Centos 5.4 server. I am able to access files via tftp fine, so I know the service is running ok. However, whenever I try and upload a file I get a 0 Permission denied message. I have already created the file in…
dunxd
  • 9,632
  • 22
  • 81
  • 118
6
votes
4 answers

Why won't MariaDB start after upgrade (NO_NEW_PRIVILEGES)

After upgrade of my debian(testing, jessie to stretch) server on DigitalOcean, MariaDB won't start with service mariadb start. I tried to purge all mariadb-* and mysql-* packages, delete configs and data, and reinstall them, but…
Spikolynn
  • 245
  • 1
  • 2
  • 11
6
votes
1 answer

SELinux: manually changing files in /etc/selinux/targeted/contexts/files/

I'm setting up a CentOS 7 server in which the /home directory has to be located on another partition and then mounted with bind-mount. So: /data/homes should be bind-mounted to /home. The problem is with making sure that SELinux contexts are applied…
ItalyPaleAle
  • 455
  • 5
  • 18
6
votes
1 answer

How should I configure SELinux when running nginx inside Docker

There's a good article in Docker's documentation about security with Docker: https://docs.docker.com/articles/security/ However, it's not very clear to me how root-privileged processes in the container actually run in the host system, and how I'm…
vcarel
  • 434
  • 4
  • 13
6
votes
2 answers

Unable to start Mysql with SELinux

I am attempting to start MySQL with SELinux on CentOS 6 however I am getting the following error. 131212 09:08:08 mysqld_safe mysqld from pid file /var/run/mysqld/mysqld.pid ended 131212 09:08:58 mysqld_safe Starting mysqld daemon with databases…
dgibbs
  • 661
  • 2
  • 11
  • 22
6
votes
2 answers

How to limit access to the private ssh key using SELinux policies?

I'm using Fedora distro - with its preinstalled SELinux policies. I want to limit unsecured access to my private keys in ~/.ssh folder - to prevent leaking by possible malware, that may run under my account. Root-kits are out of question. Update…
abyss.7
  • 171
  • 5
6
votes
2 answers

SELinux contexts with NFS shares

I'm trying to set up an NFS share between 2 CentOS servers (filesrv & websrv) for a folder that needs to be readable & writeable by the Apache process. I'm having trouble with the writeable side of this, which I've narrowed down to SELinux…
lyserge
  • 201
  • 1
  • 2
  • 5
6
votes
1 answer

SELinux remove or leave the old SSH port label?

I am following this (basic) security guide to change my Server's SSH port to something else. It says: $ semanage port -a -t ssh_port_t -p tcp 2345 #Change me ...which would add a new label on top of port 2345 to say that this is relevant for SSH,…
Florian Mertens
  • 413
  • 4
  • 10
6
votes
4 answers

Incrond running but not executing commands CentOS 6.4

I have copied this question over here from StackOverflow... I have installed incron from the EPEL repository (0.5.9) (before you ask; YES, I also tried downloading the source and compiling locally (0.5.10); same results) and am attempting to set up…
JawzX
  • 91
  • 1
  • 1
  • 7
6
votes
2 answers

How can I do an SELINUX filesystem relabel without rebooting first?

I can touch the file /.autorelabel and reboot and during the initialization coming back up it will do the SELINUX relabel for me. But I want to do this in a different situation where the system has just been copied to a hard drive image. I can…
Skaperen
  • 1,094
  • 2
  • 11
  • 23
6
votes
1 answer

SELinux: Letting Apache talk to MySQL on CentOS

So I have chrooted MySQL into /opt/chroot/mysql, and everything runs fine. Apache is configured normally, and also runs fine. I created a small PHP script which connects to the MySQL Daemon, and configured PHP so that the default socket used is the…
Rsaesha
  • 360
  • 3
  • 11
6
votes
2 answers

SELinux - Getting Started on really understanding it?

I often have problems with SELinux, most of which I have resolved eventually. There are still some situations where doing custom policy would be very elegant and more proper. I'd like to get the skillset of being able to fully do with SELinux what I…
Joshua Enfield
  • 3,454
  • 8
  • 42
  • 59
6
votes
8 answers

(13) Permission denied on Apache CGI attempt

I have recently upgraded my Apache2 server, and am now unable to run a CGI app. My logs are showing (13) Permission denied unable to connect to cgi deamon after multiple tries I understand that the error message means Apache is being denied some…
user43403
  • 163
  • 1
  • 1
  • 3
5
votes
0 answers

SELinux: How to allow apache, samba and tomcat access on the same file

Running RedHat 7.4 Until recently I could use semanage fcontext -a -t public_content_rw_t '/var/www(/.*)?' restorecon -R /var/www from answer https://serverfault.com/a/346779/125461 on How do I get SELinux to allow Apache and Samba on the same…
carl verbiest
  • 191
  • 9
1 2 3
45 46