Security-Enhanced Linux (SELinux) is a Linux mandatory access controls, through the use of Linux Security Modules (LSM) in the Linux kernel. SELinux is enabled by default in RHEL 5 / CentOS 5 / Fedora etc. But many admin disabled it due to troubles and hard configuration options. So if you are afraid of SELinux, try new GUI tools to customizing your system’s protection by creating new policy modules is easier than ever. In this article, Dan Walsh gently walks you through the policy module creation process:
A lot of people think that building a new SELinux policy is magic, but magic tricks never seem quite as difficult once you know how they’re done. This article explains how I build a policy module and gives you the step-by-step process for using the tools to build your own.
=> A step-by-step guide to building a new SELinux policy module
CentOS / Fedora Core / RHEL 5 uses yum for software management. Yum allows you to add a new repository as a source to install binary software.
Understanding yum repository
yum repository configured using /etc/yum.conf file. Additional configuration files are also read from the directories set by the reposdir option (default is /etc/yum.repos.d and /etc/yum/repos.d.
Usually repository carries extra and useful packages. RPMforge is one of such repository. You can easily configure RPMforge repository for RHEL5 just by running following single RPM command:
# rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
For 64 bit RHEL 5 Linux, enter:
# rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm
Now you can install software from RPMforge.
How do I install 3rd party repository manually?
Let us say you would like to install 3rd party repository from foo.nixcraft.com. Create a file called foo:
# cd /etc/yum.repos.d
# vi foo
Append following code:
name=Foo for RHEL/ CentOS $releasever - $basearch
Save and close the file.
- [foo] : Repository name i.e. The [main] section must exist for yum to do anything.
- name=Foo for RHEL/ CentOS $releasever – $basearch : A human readable string describing the repository name
- baseurl=http://foo.nixcraft.com/centos/$releasever/$basearch/ : Must be a URL to the directory where the yum repository’s ‘repodata’ directory lives
- enabled=1 : Enabled or disabled repo. To disable the repository temporarily, set the enabled to 0
- gpgcheck=1 : Security feature, use GPG key
- gpgkey=http://foo.nixcraft.com/RPM-GPG-KEY.txt : GPL file location
Also you need to import the gpg key for the repository as follows:
# rpm --import http://foo.nixcraft.com/RPM-GPG-KEY.txt
Now you are ready to install software from foo repository. For further information refer to yum.conf man page:
$ man yum.conf
$ man yum
Hope this tip will help you to configure repository as and when required.
Howto Setup yum repositories to update or install package from ISO CDROM Image
VMware virtualization software is an excllent choice for x86-compatible computers. They have both commercial and free version. I received few email regarding VMWARE on 64 bit Linux. Installing VMWARE server on CentOS 5 or Red hat enterprise Linux 64 bit version is a tricky business. In this small howto I will explain vmware installation on 64 bit Linux server without facing any dependencies problem.
Following instructions are tested on both RHEL 5 and CentOS 5 running 64 bit Intel / AMD hardware and software. My kernel:
$ uname -mrs
Linux 2.6.18-8.1.6.el5 x86_64
My RHEL 5 release (same kernel for CentOS):
$ cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5 (Tikanga)
Make sure you have following software installed:
- Full gcc compiler and development environment
- Kernel headers and devel packages for current kernel (i.e. kernel-headers and kernel-devel)
[click to continue…]
You should always aware of maximum amount of memory and maximum number of CPU supported by Linux systems / server.
This is an essential task for making out decisions. You must consider at least AMD and Intel platforms, tested under RHEL 5 only:
[click to continue…]