security

Selinux howto for the impatient

Submitted by sklav on Thu, 05/05/2011 - 00:27

But i find that in general when I setup a box I leave Selinux in permissive mode and then go threw the paces of connecting to every service i want running and all associated options so for example if you setup a website that makes use of scripts i would recommend you run them all and after completed and hopefully before you ever connect the box to the internet you run the steps below to create a policy module. I find that this has prevented me from having major issues and i get the benefits of Selinux.

To create a rule that pretty much allows all AVC denials:

Apache mod_security for Centos 5.x / RHEL 5.x

Submitted by sklav on Thu, 03/18/2010 - 15:47

Since i didn't want to have to go down that route i decided to build mod_security based on the version of Apache that ships with Centos 5.x / RHEL 5.x Now I cannot take full credit for creating the srpm which i copied from www.modsecurity.org

But i have built the associated rpm based on the version of Apache shipped with Centos 5.x / RHEL 5.x using the well written spec file created by the aforementioned site.

software integrity on Centos Linux 5

Submitted by sklav on Mon, 05/19/2008 - 10:59

To install AIDE, using following command:

# yum install aide

To configure AIDE, customize the /etc/aide.conf to meet the requirements of the system. For more detailed information about the AIDE configuration file, please refer the man page of aide.conf.

To generate a new database and install it on AIDE system:

# aide --init
# cp /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz