ServerBuddies Support Blog

Labels containing security-relevant information for SELinux.

Security-Enhanced Linux (SELinux) adds Mandatory Access Control (MAC) to the Linux kernel, and is enabled by default in Red Hat Enterprise Linux. A general purpose MAC architecture needs the ability to enforce an administratively-set security policy over all processes and files in the system

The following is an example of the labels containing security-relevant information that are used on processes, Linux users, and files, on Linux operating systems that run SELinux. This information is called the SELinux context, and is viewed using the ls -Z command:

On Linux operating systems that run SELinux, there are Linux users as well as SELinux users. SELinux users are part of SELinux policy. Linux users are mapped to SELinux users.

In this example, SELinux provides a user (unconfined_u), a role (object_r), a type (user_home_t), and a level (s0). This information is used to make access control decisions. With DAC, access is controlled based only on Linux user and group IDs. It is important to remember that SELinux policy rules are checked after DAC rules. SELinux policy rules are not used if DAC rules deny access first.

Installing Ruby on Centos with Yum

Ruby on Rails is an open-source web framework that’s optimizied for programmers happiness and sustainable productivity.

How to upgrade to the minimal requirement.

The below instructions are for 32-bit architecture.

RubyGems

You can download and then install RubyGems from:

http://rubyforge.org/projects/rubygems/

You will see a list of all files for the project.

How can I send a copy of all outgoing messages to another mailbox with Exim

The most straightforward way is to set up a system filter, and include a command such as:

This sends a copy of every message to mailbox@serverbuddies.com (unless the message already has that recipient - Exim never does duplicate deliveries). To save only outgoing messages, you need to come up with a definition of what outgoing means. Typically, this might be a check on the sender address and/or on the originating host.

Here is an example:

How to Prevent Fork Bombing attack

Linux has provided various resource limits for each user, such as user limit (ulimit) for CPU time, number of processes (nproc), memory usage etc. ulimit is the solution to prevent fork bombing attack. It defines maximum number of processes allowed (ulimit –u) for each user.

There are two types of ulimit. One is HARD limit and the other is SOFT Limit. Non root
user cannot change the hard limit by executing commands like ulimit –u value.

Root user on remote server or Host needs to set the ulimit to prevent fork bombing attack. ulimit are set in /etc/security/limits.conf file. To set ulimit for number of processes, option provided is nproc. Hard and soft limit need to be set for that.

For example:

yum-updatesd.conf - Configuration file

yum-updatesd uses a configuration file at /etc/yum/yum-updatesd.conf.

There is one section in the yum-updatesd configuration file, main, which defines all of the global configuration options.

Mail Options

email_to
List of email addresses to send update notification to. Defaults to ‘root@localhost’.

email_from
Email address for update notifications to be from. Defaults to ‘yum-updatesd@localhost’.

yum-updatesd, which provides notification of updates which are available to be applied to your system. This notification can be done either via syslog, email or over dbus.

Configuration is done via the /etc/yum/yum-updatesd.conf file.

Setup variables as follows: