Red Hat SummitEste contenido no está disponible en el idioma seleccionado.
2.7. SELinux Policies
For each of the RPMs listed in the table, specific SELinux policies are installed and applied as a default.
| Name | Port Information | Policy Information |
|---|---|---|
| mod_cluster | Two ports (6666 for TCP and 23364 for UDP) are added for httpd_port_t to allow the httpd process to use them. | A post installation script configures the context mapping for /var/cache/mod_cluster to enable the httpd process to write at this location. |
| mod_snmp | The installed mod_snmp policy allows httpd processes to bind to snmp_port_t ports. This allows httpd to use port 161 and 162 (used with both UDP and TCP). | A post installation script configures the context mapping for /var/cache/mod_snmp to enable the httpd process to write at this location. |
| tomcat | Four ports are added to http_port_t (TCP ports 8080, 8005, 8009 and 8443) to allow the httpd process to use them. | The Tomcat{version} policy is installed, which sets ths appropriate SELinux domain for the process when Tomcat executes. It also sets the appropriate contexts to allow tomcat to write to /var/lib/tomcat{version}, /var/log/tomcat{version}, /var/cache/tomcat{version} and /var/run/tomcat{version}.pid. |
For further information about using SELinux and other Red Hat Enterprise Linux security information, refer to the Red Hat Enterprise Linux 6 Security Guide.
2.7.1. Default SELinux Policies for a ZIP Installation
Copiar enlaceEnlace copiado en el portapapeles!
No SELinux configuration is provided (or supported) as a default for the JBoss Enterprise Web Server ZIP files. For the ZIP files,
httpd and Tomcat processes run in httpd_t or unconfined_java_t domains. These domains do not confine the processes, therefore the administrator must take the following security precautions:
- Run
httpdusing theapachectlscript. This ensures that the userapacheowns the processed instead of the userroot. - Confine file access for users
tomcatandapacheto files and directories that are not necessary to the JBoss Enterprise Web Server runtime. - Do not run Tomcat as the user
root.
To avoid the listed security suggestions, it is recommended to use the RPM version of the JBoss Enterprise Web Server installation.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}