Linux technical support - [email protected]


selinux

- do not use chcon in production
– do not use audit2allow in production

#PERCONA XTRADB CLUSTER
semanage port -a -t mysqld_port_t -p tcp 4568

# ALLOW WEB SERVER TO DIRECTORY
semanage fcontext --add --type httpd_sys_content_t '/www(/.*)?'

# ALLOW ZABBIX TO READ DIRECTORY
semanage fcontext --add --type zabbix_log_t '/var/log/syscollector(/.*)?'

# ALLOW WEBSERVER TO PHP-FPM
semanage port -a -t http_port_t -p tcp 9000

# ALLOW APACHE, NGINX TO WRITE LOGS
semanage fcontext --add --type httpd_log_t '/data/logs/www(/.*)?'

# SHOW PERMISSIONS FOR APACHE, NGINX
semanage fcontext -l | grep http

# DELETE CONTEXT
semanage fcontext -d '/data/logs/www(/.*)?'

# CHECK SELINUX PERMISSIONS DENY
cat /var/log/audit/audit.log | grep deni

ASTERISK
semanage fcontext -a -t asterisk_var_lib_t "/var/lib/asterisk/(/.*)?"
semanage fcontext -a -t asterisk_var_run_t "/var/run/asterisk/(/.*)?"
semanage fcontext -a -t asterisk_spool_t "/var/spool/asterisk/(/.*)?"
restorecon -R /var/lib/asterisk/
restorecon -R /var/run/asterisk/
restorecon -R /var/spool/asterisk/

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>