On 2/7/06, Valdis.Kletnieks@vt.edu <Valdis.Kletnieks@vt.edu> wrote:
> On Tue, 07 Feb 2006 14:29:55 +1300, Goo GGooo said:
>
> > For now my intent is to harden Apache httpd, prevent it from executing
> > all but permitted binaries, restrict access to some filesystem areas,
> > etc. I'm running OpenSUSE 10.0 and have found the SElinux-related
>
> You probably want to look at the httpd work already done, which probably
> already does most (or maybe all) of that already...

Actually my goal isn't the apache hardening itself. I just want to learn more about SElinux configuration. Starting from scratch with a single program (forget httpd, call it /opt/xyz/bin/abc), configuring access to its required resources, observing how any changes affect its operation, etc. I'm not going to use Fedora and simply "switch SElinux on".

Have you got any pointers?

Thanks!

Goo

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.