Dsabling SElinux In Centos

Posted on July 28, 2012November 22, 2012 by admin

Sometimes and with some DB platforms especially when you are testing and want to reduce the number of variables during development, testing etc.. you don not want SELinux watching your back. While it is a must to enable SELinux in hardened production systems it can be quite a pain to handle. Sometimes it needs disabling (if for a short period), Here is how.

# Important

Changes you make to files while SELinux is disabled may give them an unexpected security label, and new files will not have a label. You may need to relabel part or all of the file system after re-enabling SELinux.

Command Line

From the command line, you can edit the /etc/sysconfig/selinux file. This file is a symlink to/etc/selinux/config. The configuration file is self-explanatory. Changing the value of SELINUX orSELINUXTYPE changes the state of SELinux and the name of the policy to be used the next time the system boots.

[root@host2a ~]# cat /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - SELinux is fully disabled.
SELINUX=permissive
# SELINUXTYPE= type of policy in use. Possible values are:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.
SELINUXTYPE=targeted

# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0

At the prompt type :

echo 0 > /selinux/enforce

From the GUI

Use the following procedure to change the mode of SELinux using the GUI.

# Note

You need administrator privileges to perform this procedure.

On the System menu, point to Administration and then click Security Level and Firewall to display the Security Level Configuration dialog box.

Click the SELinux tab.
In the SELinux Setting select either Disabled, Enforcing or Permissive, and then click OK.
If you changed from Enabled to Disabled or vice versa, you need to restart the machine for the change to take effect.

# Note

Changes made using this dialog box are immediately reflected in /etc/sysconfig/selinux.

Slash notation lookup table

Posted on July 28, 2012July 28, 2012 by admin

Total-addresses: how many unique addresses can be represented. To determine how many are available to be assigned to devices you need to subtract 2 from the provided number to allow for the ‘network’ and ‘broadcast’ address. A further one of these may need to be assigned to a router.

Net bits	Subnet mask	Total-addresses
/20	255.255.240.0	4096
/21	255.255.248.0	2048
/22	255.255.252.0	1024
/23	255.255.254.0	512
/24	255.255.255.0	256
/25	255.255.255.128	128
/26	255.255.255.192	64
/27	255.255.255.224	32
/28	255.255.255.240	16
/29	255.255.255.248	8
/30	255.255.255.252	4

eg: 192.168.1.0/25 would include all address between 192.168.1.0 and 192.168.1.127.

eg: 192.168.1.128/25 would include all address between 192.168.1.128 and 192.168.1.255

The Linux Conundrum

Posted on July 19, 2011August 26, 2012 by admin

A large company, was taking over our smaller company and they were on a trend to replace Linux and Java with MS Windows ® and ASP.NET.

When the CIO was asked why not go the other way since arguably our smaller company was more advanced put plainly his answer “Linux and Java guys are so hard to find! (and expensive). MS Windows ® guys are all over the place … ”

I liked the proposition that Linux guys are not easy to find, is this really so ..? (feel free to comment) GOOD !! 🙂

So now I know Linux/ Unix is niche, and better paid, but I cannot but ask myself the question why is this so. Is MS Windows ® so much easier or is Linux still growing into a user OS ? and why in the server business is ease of use given importance over customize-ability and tweak-ability.

Also is Linux in any deep way better that MS Windows ®. In my opinion the differences are more in the approach and the attitude of trust towards a single focal point i.e. MS in this case or on a community led by the benevolent dictator Linus Torvalds . (By the way this is how he pronounces Linux. [Linux])

I think there is a whole discussion behind this but money affairs aside how did we end up where we are with Linux being so popular and still perceived as difficult.

(more…)