≡ Menu

Security-Enhanced Linux (SELinux)

Tutorials and howtos about SELinux that provides the mechanism for supporting access control security policies, mandatory access controls, through the use of Linux Security Modules (LSM) in the Linux kernel ( rss feed ).

I'm using RHEL and whenever I type the command lsnrctl; I get the following error:

lsnrctl: error while loading shared libraries: /u01/app/oracle/product/11.2.0/dbhome_1/lib/libclntsh.so.11.1:
cannot restore segment prot after reloc: Permission denied

How do I fix this problem?
[click to continue…]

My Squid proxy server running on port 3128. Since this is frequently scanned by adversaries looking for proxy servers; I've changed port to 10000 and restart squid. But my squid is not working on port # 10000 it only works on port # 3128? How do I force Squid to listen on uncommon port under CentOS Linux v5.3?
[click to continue…]

Configure HTTPD To Listen on Multiple Ports

How do I configure Apache HTTPD to listen on multiple ports under RHEL / Fedora / CentOS Linux Server?
[click to continue…]

Q. I need to find file permission and store the same to a shell variable. How do I find out the file permission without parsing ls -l output?

A. Use GNU stat command to display file or file system status. It has option to display output in specific format.

Display stat for /etc/passwd file

Type the following command:
$ stat /etc/passwd

  File: `/etc/passwd'
  Size: 1675            Blocks: 8          IO Block: 4096   regular file
Device: 802h/2050d      Inode: 7899368     Links: 1
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2007-12-05 08:20:31.000000000 +0530
Modify: 2007-12-04 23:36:50.000000000 +0530
Change: 2007-12-04 23:36:50.000000000 +0530

Print access rights in octal format:
$ stat -c %a /etc/passwd


Print access rights in human readable format, enter:
$ stat -c %A /etc/passwd


Store access rights in octal format to a shell variable:
$ VAR=$(stat -c %a /etc/passwd)
$ echo $VAR

Other valid format sequences for files

  • %b : Number of blocks allocated (see %B)
  • %B : The size in bytes of each block reported
  • %d : Device number in decimal
  • %C : SELinux security context
  • %D : Device number in hex
  • %f : Raw mode in hex
  • %F : File type
  • %g : Group ID of owner
  • %G : Group name of owner
  • %h : Number of hard links
  • %i : Inode number
  • %n : File name
  • %N : Quoted file name with dereference if symbolic link
  • %o : I/O block size
  • %s : Total size, in bytes
  • %t : Major device type in hex
  • %T : Minor device type in hex
  • %u : User ID of owner
  • %U : User name of owner
  • %x : Time of last access
  • %X : Time of last access as seconds since Epoch
  • %y : Time of last modification
  • %Y : Time of last modification as seconds since Epoch
  • %z : Time of last change
  • %Z : Time of last change as seconds since Epoch

Q. How do I fix an error, while restarting Apache ~ Address already in use: make_sock: could not bind to port 80?

A. If you are running SELinux disable temporary for port 80.

Apache Address already in use: make_sock: could not bind to port 80 error and solution

First make sure port 80/443 is not used by any other service or application with netstat command:

# netstat -tulpn| grep :80

If port 80 is bind to httpd, kill all process:
# killall -9 httpd

Now start the httpd:
# /etc/init.d/httpd start

Also make sure you are root while starting the httpd.