SELinux preventing Apache from writing to a file

For files you want Apache to be able to write to, the type must be set to httpd_sys_rw_content_t
To permanently mark that directory as httpd_sys_rw_content_t, you can use the command

semanage fcontext -a -t httpd_sys_rw_content_t /var/www/webapp/k/site(/.*)?;
restorecon -RF /var/www/webapp/k/site/

This will survive SELINUX binary policy updates and filesystem relabeling.
Read More

Apache Block Backup Files

A really simple way to “hack” into someone’s site is by checking for common filenames with backup extensions. For example, check this google search for config filetype:php~
Since backup files don’t always contain the correct extension to be processed properly, the httpd usually sends them as plain text. The lines below should be placed in your httpd.conf to block these requests across all sites on your server. If you don’t have httpd.conf access, these lines can go into a .htaccess file. For .htaccess, make sure to place it in the root web directory so it covers all of your subdirectories. Read More

How To Create an SSL Certificate on Apache for CentOS 7


TLS, or “transport layer security”, and its predecessor SSL, which stands for “secure sockets layer”, are web protocols used to wrap normal traffic in a protected, encrypted wrapper. Using this technology, servers can send traffic safely between the server and the client without the concern that the messages will be intercepted and read by an outside party. The certificate system also assists users in verifying the identity of the sites that they are connecting with.
In this guide, we will show you how to set up a self-signed SSL certificate for use with an Apache web server on a CentOS 7 VPS. A self-signed certificate will not validate the identity of your server, since it is not signed by a trusted certificate authorities, but it will allow you to encrypt communications between your server and your visitors.

Allowing apache (httpd) to run from home directory in Red Hat, CentOS and Fedora

Q: I have installed apache and chose to put my document root into a home directory.  I could not get apache to start and after much research I found it was SELINUX stopping it from starting.  I was told not to disable SELINUX and to configure it to work with the new directory.  Do you have any idea how I can accomplish this?
A: Set the httpd_enable_homedirs boolean in SELINUX to allow such access.
So the first thing I would do is use the sealert command to pull the relevant information from the audit log. Read More

OpenSSL tips and common commands

OpenSSL is the de-facto tool for SSL on linux and other server systems. It providers both the library for creating SSL sockets, and a set of powerful tools for administrating an SSL enabled website. Following are a few common tasks you might need to perform with OpenSSL.

Generate a certificate request

Obtaining a signed SSL certificate envolves a number of buisness verification procedures and a sumbition of what is called a CSR (“Certificate signing request”). To generate the CSR, execute the following command.

openssl req -new -newkey rsa:1024 -nodes -keyout key.pem -out req.pem

Read More

Use PostgreSQL on CentOS 7

Create a New Role

From the postgres Linux account, you have the ability to log into the database system. However, we’re also going to demonstrate how to create additional roles. The postgres Linux account, being associated with the Postgres administrative role, has access to some utilities to create users and databases.
We can create a new role by typing:

  • createuser –interactive

This basically is an interactive shell script that calls the correct Postgres commands to create a user to your specifications. It will only ask you two questions: the name of the role and whether it should be a superuser. You can get more control by passing some additional flags. Check out the options by looking at the man page:

  • man createuser

Read More

Install PostgresQL Centos 7

PostgreSQL (pronounced ‘post-gres-Q-L’) is a free, open-source object-relational database management system (object-RDBMS), similar to MySQL, and is standards-compliant and extensible. It is commonly used as a back-end for web and mobile applications. PostgreSQL, or ‘Postgres’ as it is nicknamed, adopts the ANSI/ISO SQL standards together, with the revisions.
1. Install PostgreSQL
yum install postgresql.x86_64 postgresql-server
PostgreSQL should now be installed. Read More

How To Use Cron To Automate Tasks


Almost all distros have a form of cron installed by default. However, if you’re using a system that doesn’t have it installed, you can install it with the following commands:
For Ubuntu/Debian:

apt-get update
apt-get install cron

For Cent OS/Red Hat Linux:

yum update
yum install vixie-cron crontabs

You’ll need to make sure it runs in the background too:

chkconfig crond on
service crond start

Read More