RHEL6 – RTFM Apache Web Server

King-James-BibleThere is a lot to know and remember about configuring Apache as you may or may not have seen from the numerous posts I have written on the subject, and the reality is that no one is going to be able to memorize each and every settings, configuration, and directive. Sure you can bing it or google it , you can even alta-vista it, but only if you have internet access at the time, however there is always a chance that you might get some bad information. So why not refer to the official httpd documentation. You know RTFM and what not.

By and large the best bet for HTTP documentation is the http-manual package that can be installed via yum. It installs to /var/www/manual

# yum -y install httpd-manual

Now one bit of information to note. The documentation installed via the httpd-manual package are in html format, so it not advised that you try to view it with an editor like vim or emacs.  You are going to need an text based web browser like lynx or elinks. I prefer lynx in this situtation, so lets install it.

# yum -y install lynx

Now you can peruse the documentation  as you see fit using lynx.

# lynx /var/www/manual/howto/auth.html

Below are some of the better and more often useful docs that I think that could be found useful in a crunch. Note our base directory is /var/www/manual

  • vhosts/named-based.html – which outlines configuring named-based virtual hosts
  • ssl/ssl_howto.html – which outlines has a nice section on HTTP Basic Authentication.
  • howto/cgi.html – which nicely documents creating a custom cgi directory
  • howt0/auth.html – more on HTTP Auth using htpasswd

Yup thats a lot of very good documentation right there, and its actually written by the people who wrote apache, not some 13 year old kid taking his first shot running apache on Ubuntu.

Advertisements

RHEL6 – Managing SELinux Booleans

BooitemThis is my second post on SELinux. In case you missed the first one you can read it here. Today we are going to specifically discuss SELinux booleans

According to fedoraproject.org ,"SELinux booleans enable runtime customization of the SELinux policy. SELinux policy in Fedora has several booleans that allow you to quickly toggle a particular change in the policy." However i think its easier to explain them as SELinux configurations and settings that can be easily toggled on or toggled off.

The command getsebool -a is used to display available booleans, while setsebool is used to modify them. Using setsebool with the -P options makes that modification persistent across reboots.

To display a detailed list or booleans with descriptions run semanage boolean -l

Some common SELinux booleans are below.

ftp_home_dir   -> off   Allow ftp to read and write files in the user home directories

httpd_enable_cgi     -> on    Allow httpd cgi support

sftpd_anon_write      -> off   Allow anon internal-sftp to upload files, used for public file transfer services. Directories must be labeled public_content_rw_t.

allow_ftpd_anon_write   -> off   Allow ftp servers to upload files,  used for public file transfer services. Directories must be labeled public_content_rw_t.