Disable SELinux for Apache
You can disable Apache SELinux protection easily.
Please keep in mind that by disabling SELinux for apache you are inviting more security related problems.
Disable Apache SELinux Protection
Open /etc/selinux/targeted/booleans file using a text editor:
# vi /etc/selinux/targeted/booleans
Append or modify value for httpd_disable_trans as follows:
Save and close the file. Type the following two commands:
# setsebool httpd_disable_trans 1
# /etc/init.d/httpd restart
GUI tool to disable SELinux for Apache
Open a shell prompt type the command system-config-securitylevel
system-config-securitylevel
Next select SELinux tab > click on Disable SELinux protection for httpd daemon checkbox > Save the changes
Finally restart httpd service:
# /etc/init.d/httpd restart
Tags: Apache, SELinux
Changing time zone in Linux
1. Logged in as root, check which timezone your machine is currently using by executing `date`. You’ll see something like Mon 17 Jan 2005 12:15:08 PM PST, PST in this case is the current timezone.
2.Change to the directory /usr/share/zoneinfo here you will find a list of time zone regions. Choose the most appropriate region, if you live in Canada or the US this directory is the “America” directory.
3. If you wish, backup the previous timezone configuration by copying it to a different location. Such as
mv /etc/localtime /etc/localtime-old
4. Create a symbolic link from the appropiate timezone to /etc/localtime. Example:
ln -s /usr/share/zoneinfo/Europe/Amsterdam /etc/localtime
5. If you have the utility rdate, update the current system time by executing
/usr/bin/rdate -s time.nist.gov
6. Set the ZONE entry in the file /etc/sysconfig/clock file (e.g. “America/Los_Angeles”)
7. Set the hardware clock by executing:
Tags: time zone
How to Change Date and Time
You can change the date and time on linux machine using the date command.
Example: If you want to change the date to July 31, 11:16 pm then type as follows
If you want to change the year as well, you could type
You can also use the following:
date -s “31 JULY 2009 23:16:00″
Tags: Date, Time
Iptables Command Switch
Each line of an iptables script not only has a jump, but they also have a number of command line options that are used to append rules to chains that match your defined packet characteristics, such the source IP address and TCP port.
-t ‘table.
If you don’t specify a table, then the filter table is assumed. The possible built-in tables include: filter, nat, mangle
-j ‘target’
Jump to the specified target chain when the packet matches the current rule.
-A
Append rule to end of a chain
-F
Flush. Deletes all the rules in the selected table
-p ‘protocol-type’
Match protocol. Types include, icmp, tcp, udp, and all
-s ‘ip-address’
Match source IP address
-d ‘ip-address’
Match destination IP address
-i ‘interface-name’
Match “input” interface on which the packet enters.
-o ‘interface-name’
Match “output” interface on which the packet exits
Tags: iptables
Protect portmap With iptables
The portmap service is a dynamic port assignment daemon for RPC services such as NIS and NFS. It has weak authentication mechanisms and has the ability to assign a wide range of ports for the services it controls. For these reasons, it is difficult to secure.
Securing portmap only affects NFSv2 and NFSv3 implementations, since NFSv4 no longer requires it. If you plan to implement an NFSv2 or NFSv3 server, then portmap is required, and the following section applies.
Below are two example iptables commands. The first allows TCP connections to the port 111 (used by the portmap service) from the 192.168.0.0/24 network. The second allows TCP connections to the same port from the localhost.
Example:
iptables -A INPUT -p tcp -s! 192.168.0.0/24 –dport 111 -j DROP
iptables -A INPUT -p tcp -s 127.0.0.1 –dport 111 -j ACCEPT
To similarly limit UDP traffic, use the following command.
iptables -A INPUT -p udp -s! 192.168.0.0/24 –dport 111 -j DROP
Tags: iptables, portmap
