Labels containing security-relevant information for SELinux.
Security-Enhanced Linux (SELinux) adds Mandatory Access Control (MAC) to the Linux kernel, and is enabled by default in Red Hat Enterprise Linux. A general purpose MAC architecture needs the ability to enforce an administratively-set security policy over all processes and files in the system
The following is an example of the labels containing security-relevant information that are used on processes, Linux users, and files, on Linux operating systems that run SELinux. This information is called the SELinux context, and is viewed using the ls -Z command:
$ ls -Z filename
-rwxrw-r– user1 group1 unconfined_u:object_r:user_home_t:s0 filename
On Linux operating systems that run SELinux, there are Linux users as well as SELinux users. SELinux users are part of SELinux policy. Linux users are mapped to SELinux users.
In this example, SELinux provides a user (unconfined_u), a role (object_r), a type (user_home_t), and a level (s0). This information is used to make access control decisions. With DAC, access is controlled based only on Linux user and group IDs. It is important to remember that SELinux policy rules are checked after DAC rules. SELinux policy rules are not used if DAC rules deny access first.
Installing Ruby on Centos with Yum
Ruby on Rails is an open-source web framework that’s optimizied for programmers happiness and sustainable productivity.
How to upgrade to the minimal requirement.
The below instructions are for 32-bit architecture.
#rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm
#rpm -Uvh http://download.elff.bravenet.com/5/i386/elff-release-5-3.noarch.rpm
#yum install ruby ruby-shadow ruby-ri ruby-rdoc gcc gcc-c++ ruby-devel -y
#ruby -v
RubyGems
You can download and then install RubyGems from:
http://rubyforge.org/projects/rubygems/
You will see a list of all files for the project.
#wget http://rubyforge.org/frs/?group_id=126&release_id=43601
#tar xzvf rubygems-1.3.7.tgz
#cd cd rubygems-1.3.7
#sudo ruby setup.rb
#gem –version
How can I send a copy of all outgoing messages to another mailbox with Exim
The most straightforward way is to set up a system filter, and include a command such as:
unseen deliver mailbox@serverbuddies.com
This sends a copy of every message to mailbox@serverbuddies.com (unless the message already has that recipient - Exim never does duplicate deliveries). To save only outgoing messages, you need to come up with a definition of what outgoing means. Typically, this might be a check on the sender address and/or on the originating host.
Here is an example:
if $sender_address_domain is serverbuddies.com and
${mask:$sender_host_address/24} is 192.168.124.0/24
then
unseen deliver mailbox@serverbuddies.com/
endif
How to Prevent Fork Bombing attack
Linux has provided various resource limits for each user, such as user limit (ulimit) for CPU time, number of processes (nproc), memory usage etc. ulimit is the solution to prevent fork bombing attack. It defines maximum number of processes allowed (ulimit –u) for each user.
There are two types of ulimit. One is HARD limit and the other is SOFT Limit. Non root
user cannot change the hard limit by executing commands like ulimit –u value.
Root user on remote server or Host needs to set the ulimit to prevent fork bombing attack. ulimit are set in /etc/security/limits.conf file. To set ulimit for number of processes, option provided is nproc. Hard and soft limit need to be set for that.
For example:
@root nproc hard 5000
@root nproc soft 4000
@buddy nproc hard 2000
@buddy nproc soft 1000
yum-updatesd.conf - Configuration file
yum-updatesd uses a configuration file at /etc/yum/yum-updatesd.conf.
There is one section in the yum-updatesd configuration file, main, which defines all of the global configuration options.
Mail Options
email_to
List of email addresses to send update notification to. Defaults to ‘root@localhost’.
email_from
Email address for update notifications to be from. Defaults to ‘yum-updatesd@localhost’.
yum-updatesd, which provides notification of updates which are available to be applied to your system. This notification can be done either via syslog, email or over dbus.
Configuration is done via the /etc/yum/yum-updatesd.conf file.
vi /etc/yum/yum-updatesd.conf
Setup variables as follows:
# how to send notifications (valid: dbus, email, syslog)
emit_via = email
# who to send the email to:
email_to = admin@serverbuddies.com
# who send the notifications
email_from = yum-updatesd@serverbuddies.com