Security-Enhanced Linux (SELinux) is a Linux mandatory access controls, through the use of Linux Security Modules (LSM) in the Linux kernel. SELinux is enabled by default in RHEL 5 / CentOS 5 / Fedora etc. But many admin disabled it due to troubles and hard configuration options. So if you are afraid of SELinux, try new GUI tools to customizing your systemâ€™s protection by creating new policy modules is easier than ever. In this article, Dan Walsh gently walks you through the policy module creation process:
A lot of people think that building a new SELinux policy is magic, but magic tricks never seem quite as difficult once you know how they’re done. This article explains how I build a policy module and gives you the step-by-step process for using the tools to build your own.
=> A step-by-step guide to building a new SELinux policy module
On May 12, 2003 Sco attacked Linux and other companies. Now U.S. District Court Judge Dale Kimball has ruled that Novell owns Unix’s IP (intellectual property) rights i.e SCO has no rights to use Unixâ€™s IP and Unixware software.
This ruling is good news for organizations and end users like you and me who use Linux and open-source software products everyday.
It was all started when SCO filed a suit against IBM claiming that it had violated SCO’s rights by contributing Unix code to Linux kernel. Now SCO’s threat to the Linux community is over.
Novell Wins Ruling Against SCO In High-Profile Linux Case:
The court’s ruling has cut out the core of SCO’s case and, as a result, eliminates SCO’s threat to the Linux community based upon allegations of copyright infringement of UNIX,” Novell said in a statement. “We are extremely pleased with the outcome.
USB devices are quite common these days. I’ve digital cam, Pen drive, external hard disk, mouse and other stuff. So how do I tell what hardware is connected via USB to my Linux desktop?
lsusb is a utility for displaying information about USB buses in the system and the devices connected to them. To make use of all the features of this program, you need to have a Linux kernel which supports the /proc/bus/usb interface.
-v command option is very informative. It tells lsusb to be verbose and display detailed information about the devices shown. This includes configuration descriptors for the deviceâ€™s current speed. Class descriptors will be shown, when available, for USB device classes including hub, audio, HID, communications, and chipcard.
lsusb command Examples
A device driver is computer program allowing other computer programs to interact with a computer hardware device. Writing a Linux device driver is considered as a black art by many. If you ever been tempted to try writing a device driver, this howto will serve as a kick start guide:
For many seasoned Linux developers, device drivers still remain a bit of a mysterious black art practiced by a select few. While no single article could possibly attempt to covered everything there is to know about writing drivers, Valerie Henson gives us a brief taste of what’s involved, by implementing a device to return “Hello World” using all the major driver frameworks.
On a related note if you just want get a comprehensive overview of kernel configuration and building, a critical task for Linux users and administrators, try Linux Kernel in a Nutshell
/dev/hello_world: A Simple Introduction to Device Drivers under Linux (linuxdevcenter.com)
/proc/filesystems is the file used to detect filesystems supported by running kernel. You can quickly run grep or cat command to display the list of all supported file system. nodev indicates that the file system is not associated with a physical device such as /dev/sdb1. If you see ext3 or vfat, it means you will be able to mount ext3 and vfat based file systems.
Following cat command will quickly tell you what filesystems supported by currently running Linux kernel:
$ cat /proc/filesystems
For example, if the iso9660 fllesystem not listed, you can not mount standard CD-ROM file system. To add support simply recompile kernel with iso9660 filesystem support.
You can easily mount remote server file system or your own home directory using special sshfs and fuse tools.
FUSE – Filesystem in Userspace
FUSE is a Linux kernel module also available for FreeBSD, OpenSolaris and Mac OS X that allows non-privileged users to create their own file systems without the need to write any kernel code. This is achieved by running the file system code in user space, while the FUSE module only provides a “bridge” to the actual kernel interfaces. FUSE was officially merged into the mainstream Linux kernel tree in kernel version 2.6.14.
You need to use SSHFS to access to a remote filesystem through SSH or even you can use Gmail account to store files.
Following instructions are tested on CentOS, Fedora Core and RHEL 4/5 only. But instructions should work with any other Linux distro without a problem.
Step # 1: Download and Install FUSE
Visit fuse home page and download latest source code tar ball. Use wget command to download fuse package:
# wget http://superb-west.dl.sourceforge.net/sourceforge/fuse/fuse-2.6.5.tar.gz
Untar source code:
# tar -zxvf fuse-2.6.5.tar.gz
Compile and Install fuse:
# cd fuse-2.6.5
# make install
Step # 2: Configure Fuse shared libraries loading
You need to configure dynamic linker run time bindings using ldconfig command so that sshfs command can load shared libraries such as libfuse.so.2:
# vi /etc/ld.so.conf.d/fuse.conf
Append following path:
Step # 3: Install sshfs
Now fuse is loaded and ready to use. Now you need sshfs to access and mount file system using ssh. Visit sshfs home page and download latest source code tar ball. Use wget command to download fuse package:
# wget http://easynews.dl.sourceforge.net/sourceforge/fuse/sshfs-fuse-1.7.tar.gz
Untar source code:
# tar -zxvf sshfs-fuse-1.7.tar.gz
Compile and Install fuse:
# cd sshfs-fuse-1.7
# make install
Mounting your remote filesystem
Now you have working setup, all you need to do is mount a filesystem under Linux. First create a mount point:
# mkdir /mnt/remote
Now mount a remote server filesystem using sshfs command:
# sshfs firstname.lastname@example.org: /mnt/remote
- sshfs : SSHFS is a command name
- email@example.com: – vivek is ssh username and rock.nixcraft.in is my remote ssh server.
- /mnt/remote : a local mount point
When promoted supply vivek (ssh user) password. Make sure you replace username and hostname as per your requirements.
Now you can access your filesystem securely using Internet or your LAN/WAN:
# cd /mnt/remote
# cp -a /ftpdata . &
To unmount file system just type:
# fusermount -u /mnt/remote
# umount /mnt/remote
Support for Linux kernel AIO (Asynchronous I/O) has been included in the version 2.6. By enabling Lighttpd AIO you can gain good performance gain. But what is AIO?
Usually your application needs to wait till I/O call is finished. AIO enables even a single application thread to overlap I/O operations with other processing, by providing an interface for submitting one or more I/O requests in one system call without waiting for completion, and a separate interface to reap completed I/O operations associated with a given completion group (see Linux AIO home page for more details).
Lighttpd 1.5.x support AIO. First make sure you have libaio installed:
# yum install libaio-devel
Next grab lighttpd source code and compile with –with-linux-aio option:
# ./configure --with-openssl --with-linux-aio
# make; make install
Create configuration file and put following directive in lighttpd.conf file:
server.network-backend = "linux-aio-sendfile"
Save and close the file. Restart lighttpd:
# /etc/init.d/lighttpd restart
Use httpd_load / ab command Performance Benchmarks a Web server.
Please note that Iâ€™ve tested above instructions on Redhat Enterprise Linux 4/5 and Cent OS.
LVM is an implementation of a logical volume manager for the Linux kernel. The biggest advantage is that LVM provides the ability to make a snapshot of any logical volume.
Last time I wrote about how-to set or retrieve the CPU affinity of a running process given its PID or to launch a new COMMAND with a given CPU affinity.