课程: Linux System Engineer: Web Servers and DNS Using Apache, NGINX, and BIND
今天就开通帐号,24,700 门业界名师课程任您挑!
SELinux and Apache - Red Hat Enterprise Linux教程
课程: Linux System Engineer: Web Servers and DNS Using Apache, NGINX, and BIND
SELinux and Apache
- [Instructor] Like any service that's outward facing, Apache has a large attack surface. It's a very well-written piece of software and it's secure. But also benefits by being protected by SELinux. A lot of functionality is denied in the base configuration. If you want Apache to do anything outside the norm you will need to change an SELinux Boolean or two. On rhhost1 in a terminal let's get a list of SELinux Booleans for Apache by using getsebool. Type in getsebool -a | grep httpd and hit enter. And go ahead and scroll up to the top of the list. A few Booleans that are important are httpd_anon_write, which allows Apache to write to any directory with the type of public_content_rw_t. This could be an existing directory or you can change the security context of a directory manually. And with this Boolean set access it with Apache. By setting httpd_can_check_spam you can have Apache check for spam. To get Apache to act as a network relay set httpd_can_network_relay. If you want Apache…
随堂练习,边学边练
下载课堂讲义。学练结合,紧跟进度,轻松巩固知识。
下载课程离线学习
下载课程到移动设备,轻松离线学习。在领英学习 iOS 或安卓版 APP 下载课程