Chris Tyler - Fedora Linux
Здесь есть возможность читать онлайн «Chris Tyler - Fedora Linux» весь текст электронной книги совершенно бесплатно (целиком полную версию без сокращений). В некоторых случаях можно слушать аудио, скачать через торрент в формате fb2 и присутствует краткое содержание. Год выпуска: 2006, ISBN: 2006, Издательство: O'Reilly, Жанр: ОС и Сети, на английском языке. Описание произведения, (предисловие) а так же отзывы посетителей доступны на портале библиотеки ЛибКат.
- Название:Fedora Linux
- Автор:
- Издательство:O'Reilly
- Жанр:
- Год:2006
- ISBN:978-0-596-52682-5
- Рейтинг книги:5 / 5. Голосов: 1
-
Избранное:Добавить в избранное
- Отзывы:
-
Ваша оценка:
Fedora Linux: краткое содержание, описание и аннотация
Предлагаем к чтению аннотацию, описание, краткое содержание или предисловие (зависит от того, что написал сам автор книги «Fedora Linux»). Если вы не нашли необходимую информацию о книге — напишите в комментариях, мы постараемся отыскать её.
Fedora Linux: A Complete Guide to Red Hat's Community Distribution In this book, you'll learn how to:
Install Fedora and perform basic administrative tasks
Configure the KDE and GNOME desktops
Get power management working on your notebook computer and hop on a wired or wireless network
Find, install, and update any of the thousands of packages available for Fedora
Perform backups, increase reliability with RAID, and manage your disks with logical volumes
Set up a server with file sharing, DNS, DHCP, email, a Web server, and more
Work with Fedora's security features including SELinux, PAM, and Access Control Lists (ACLs)
Whether you are running the stable version of Fedora Core or bleeding-edge Rawhide releases, this book has something for every level of user. The modular, lab-based approach not only shows you how things work - but also explains why--and provides you with the answers you need to get up and running with Fedora Linux.
Fedora Linux — читать онлайн бесплатно полную книгу (весь текст) целиком
Ниже представлен текст книги, разбитый по страницам. Система сохранения места последней прочитанной страницы, позволяет с удобством читать онлайн бесплатно книгу «Fedora Linux», без необходимости каждый раз заново искать на чём Вы остановились. Поставьте закладку, и сможете в любой момент перейти на страницу, на которой закончили чтение.
Интервал:
Закладка:
There is also a manpage provided for each of the most popular servers protected by SELinux. These manpages are named service _selinux ; for example, to access a description of the SELinux booleans that affect httpd , view the httpd_selinux manpage:
$ man httpd_selinux
To see a list of all the service-specific manpages for SELinux, enter the command:
$ apropos _selinux
In the BOOLEAN section you will find this text:
httpd scripts by default are not allowed to connect out to the network.
This would prevent a hacker from breaking into you httpd server
and attacking other machines. If you need scripts to be able to
connect you can set the httpd_can_network_connect boolean on.
setsebool -P httpd_can_network_connect 1
To translate between the descriptions shown in the graphical Security Level Configuration tool and the boolean names used by setsebool and getsebool , use the file /usr/share/system-config-securitylevel/selinux.tbl , which looks like this:
unlimitedUtils _("Admin") _("Allow privileged utilities like hotplug and insmod to run unconfined.")
unlimitedRC _("Admin") _("Allow rc scripts to run unconfined, including any daemon started by an rc script that does not have a domain transition explicitly defined.")
unlimitedRPM _("Admin") _("Allow rpm to run unconfined.")
staff_read_sysadm_file _("Admin") _("Allow staff_r users to search the sysadm home dir and read files (such as ~/.bashrc)")
direct_sysadm_daemon _("Admin") _("Allow sysadm_t to directly start daemons")
...(Lines snipped)...
Each line consists of the boolean name used by setsebool / getsebool , followed by the configuration category and the description used by the Security Level Configuration tool.
Use grep with a server name, boolean name, or a description from the configuration tool to quickly find values in this file:
$ cd /usr/share/system-config-securitylevel
$ grep httpd selinux.tbl
httpd_enable_cgi _("HTTPD Service") _("Allow HTTPD cgi support")
httpd_can_network_connect _("HTTPD Service") _("Allow HTTPD scripts and modules to connect to the network.")
httpd_enable_homedirs _("HTTPD Service") _("Allow HTTPD to read home directories")
httpd_ssi_exec _("HTTPD Service") _("Allow HTTPD to run SSI executables in the same domain as system CGI scripts.")
httpd_builtin_scripting _("HTTPD Service") _("Allow HTTPD to support built-in scripting")
httpd_disable_trans _("HTTPD Service") _("Disable SELinux protection for httpd daemon")
httpd_suexec_disable_trans _("HTTPD Service") _("Disable SELinux protection for http suexec")
httpd_unified _("HTTPD Service") _("Unify HTTPD handling of all content files.")
httpd_tty_comm _("HTTPD Service") _("Unify HTTPD to communicate with the terminal. Needed for handling certificates.")
$ grep "Allow ftp to read/write files in the user home directories" selinux.tbl
ftp_home_dir _("FTP") _("Allow ftp to read/write files in the user home directories")
$ grep unlimitedRPM selinux.tbl
unlimitedRPM _("Admin") _("Allow rpm to run unconfined.")
Table 8-1 contains some of the most commonly altered SELinux booleans.
Table 8-1. Commonly altered SELinux booleans
| Boolean name | Description in system-config-securitylevel | Reason for altering | Default value |
|---|---|---|---|
| allow_ptrace | Allow sysadm_t to debug or ptrace applications. | Permit root to use tools such as gdb for debugging. | Off |
| allow_execmod | Allow the use of shared libraries with Text Relocation. | Required to use Adobe Flash browser plug-in and Sun Java. | Off |
| allow_ftp_anon_write | Permits the FTP server to write to files labeled with type public_content_rw_t, described in Table 8-2. | Off | |
| httpd_can_network_connect | Allow httpd scripts and modules to connect to the network. | Enables web scripts to connect to databases and mail servers. | Off |
| httpd_enable_homedirs | Allow httpd to read home directories. | Enables the use of ~/public_html for personal web pages. | Off |
| httpd_tty_comm | Unify httpd to communicate with the terminal. Needed for handling certificates. | Enables the use of certificates with passphrases (requires the passphrase to be entered on the terminal). | Off |
| allow_httpd_anon_write | Permits Apache to write to files labeled with type public_content_rw_t (see Table 8-2). | Off | |
| named_write_master_zones | Allow named to overwrite master zone files. | Required for dhcpd updating of zones. | Off |
| nfs_export_all_ro | Allow reading on any NFS filesystem. | Enables NFS file sharing (read-only). | Off |
| nfs_export_all_rw | Allow read/write/create on any NFS filesystem. | Enables NFS file sharing (read/write). | Off |
| use_nfs_home_dirs | Support NFS home directories. | Allows home directories (such as /home/chris ) to be imported from an NFS server. | Off |
| samba_enable_home_dirs | Allow Samba to share users' home directories. | Allows homes shares in smb.conf . | Off |
| use_samba_home_dirs | Allow users to log in with CIFS home directories. | Allows home directories (such as /home/chris ) to be imported from a Samba or Windows server. | Off |
| allow_samba_anon_write | Permits Samba to write to files labeled with type public_content_rw_t. | Off | |
| spamassasin_can_network | Allow Spam Assassin daemon network access. | Enables the use of real-time blackhole lists (RBLs) by Spam Assassin. | Off |
| ssh_sysadm_login | Allow SSH logins as sysadm_r:sysadm_t . | Allows root login via SSH (otherwise, you'll need to log in as a regular user and then use su ). This may be required if you're running remote backups via SSH. | Off |
| subsystem _disable_trans | Disable SELinux protection for subsystem . | Use this as a last alternative. It's better to disable SELinux protection for one subsystem than to turn it off entirely. | Off |
8.2.1.3. Using file labels
SELinux uses file labels to specify an SELinux context for each file. To display the context labels, use the -Z or --context options to ls :
$ ls -Z /etc
-rw-r--r-- root root system_u:object_r:etc_t a2ps.cfg
-rw-r--r-- root root system_u:object_r:etc_t a2ps-site.cfg
drwxr-xr-x root root system_u:object_r:etc_t acpi
-rw-r--r-- root root system_u:object_r:adjtime_t adjtime
Интервал:
Закладка:
Похожие книги на «Fedora Linux»
Представляем Вашему вниманию похожие книги на «Fedora Linux» списком для выбора. Мы отобрали схожую по названию и смыслу литературу в надежде предоставить читателям больше вариантов отыскать новые, интересные, ещё непрочитанные произведения.
Обсуждение, отзывы о книге «Fedora Linux» и просто собственные мнения читателей. Оставьте ваши комментарии, напишите, что Вы думаете о произведении, его смысле или главных героях. Укажите что конкретно понравилось, а что нет, и почему Вы так считаете.