SELinux Policy. Date Assigned: mm/dd/yyyy Time Due: mm/dd/yyyy by hh:mm. Educational Objectives
|
|
- Tiffany Garrison
- 7 years ago
- Views:
Transcription
1 P a g e 1 SELinux Policy Date Assigned: mm/dd/yyyy Time Due: mm/dd/yyyy by hh:mm Educational Objectives This lab is designed to learn how to use and modify current SELinux policy. You will also learn how to create new SELinux policy modules and install them. After completion of this lab, you will learn how to Confine network ports Check and restore default SELinux security contexts under a directory Modify current SELinux policy Create new SELinux policy modules and integrate them into current policy. Lab Environment One Fedora 18 VM is needed for this lab. Assume that you have installed SELinux commands and libraries on this computer to finish the previous lab. If not, please run the following command as a root to install current SELinux packages on Fedora 18: yum install *selinux* --skip-broken Section 1 Confining Network Ports Port numbers a network service listens on are defined in a SELinux policy if this service is confined. The command below will display all of the confined port numbers, part of the list is shown in the screenshot below: semanage port -l
2 P a g e 2 In the list, the first column shows SELinux type, indicating the network service. The second column gives the protocol (TCP/UDP). The last column lists the port numbers. When SELinux is enforced, the Apache HTTP server (httpd) runs in confined mode. The following command shows the port numbers that current SELinux policy allows httpd to listen on: semanage port -l grep -w http_port_t If Apache HTTP server is configured to listen on a network port that is different from those defined in the policy, SELinux will prevent the server from running. Please perform the following practice as a root to test the effects: Stop httpd if it is running. (systemctl stop httpd.service) Configure httpd to listen on a port this is not defined in SELinux policy. o vim /etc/httpd/conf/httpd.conf o Look for the Listen portion. o Change the port number to 90. (Assume that port number 90 is not defined for httpd by the SELinux policy. Otherwise, use another number.)
3 P a g e 3 o Save the file. Run systemctl start httpd.servicet to start the Apache HTTP server. Could you start the service? The answer is no. You should see a result similar to the following: By looking at the data logged in status, we know that the action to start the Apache HTTP service was failed. Data logged in the /var/log/messages file contains detailed information regarding this failed action, as shown in the following screenshot. The fact that caused the failed action is that the system cannot bind httpd to a port defined in the current SELinux policy. A TCP socket cannot be created in this case.
4 P a g e 4 Well, the question is how can you fix the above problem when you are faced to? There are several approaches: a) Disable SELinux, which you most likely don t want to if you want to use SELinux to secure your web server. b) Make httpd listen on a port that is defined in SELinux policy configuration for httpd, which should be recommended in general. c) Tell SELinux policy that you want httpd to listen on a specific port (modify the SELinux policy), which is useful if you want to limit the access to your web server. The command below tells SELinux that you want httpd to listen on TCP port number The option -p is used for specifying the protocol (tcp/udp) for the specified port. Scenario 1 You are setting up a web page and you want the httpd listen on TCP port 999. The web server runs a Fedora 18 with current SELinux targeted policy enforced. You believe that SELinux policy will make the web server more secure and you don t want to disable it.
5 P a g e 5 Question 1: Please summarize what you need to do to achieve the goal specified in Scenario 1? Attach screenshots to demonstrate your results. Now you can switch the httpd.conf file back to its original version (Listen on 80). One question you may ask might be: Can I remove a port from the SELinux policy? I leave this question for you. Please find the solution and test it. Section 2 Checking and Restoring the SELinux Context In SELinux, type enforcement is all about labels. Every process, file, directory and device in a SELinux system has a label (security context). If these labels are wrong due to some reason, SELinux will not function properly. AVC denials will occur. In order to cope with this, SELinux developers have designed several utilities that can be used to check and restore SELinux default contexts. One of them is the command matchpathcon. From matchpathcon(8) man page: "matchpathcon queries the system policy and outputs the default security context associated with the file path." It can be used to check if files and directories have consistent SELinux contexts. Please use man page to learn how to use it. Please perform the following to gain experience with this command. Run touch /var/www/html/file{a,b,c} command. This will create three files that inherit the httpd_sys_content_t type from /var/www/html directory. Please verify it using the tool you have learned. Run chcon t samba_share_t /var/www/html/filea Run chcon t admin_home_t /var/www/html/fileb Run ls Z /var/www/html to view the changes. Run /usr/sbin/matchpathcon V /var/www/html/* and study the results. Now you have identified inconsistent labels associated with files in /var/www/html/ directory. You can verify that only file filec is accessible by httpd. Again, the question is how to resolve the problem of inconsistent labels and allow Apache HTTP server to access those files? You can re-label the files one by one. However, the following command will make this job much easier when you have a great number of files with inconsistent labels. /sbin/restorecon v /var/www/html/* Please run the above command and test its effects.
6 P a g e 6 You may argue. Why would I bother to use matchpathcon command to identify the wrong labels first? The command restorecon will restore the default context anyway. Well, again, I would leave this question for you. (It will be helpful to identify the problems before trying to resolve them.) Please remove the files (filea, fileb, filec) in the /var/www/html/ folder. Scenario 2 A web programmer has created three files (file1, file2, file3) in his home directory (/home/student/lab10/). He wants to link them to the web page. You have done the following: mv /home/student/lab10/file* /var/www/html/ Then you create two files (index.html, secret) in your own directory (/root/lab10). You know that the file index.html is for the web page, but secret contains confidential data and cannot be exposed. When the files have been created, you do the following to move those files: mv /root/lab10/* /var/www/html/ Then you tell the web programmer to test the result. Question 2: Perform the tasks described in Scenario 2 as the web programmer and the root user. What will the web programmer tell when he tests the results. If the web programmer has any problem, please fix it as a system administrator to make the files accessible by httpd. Use screenshots to demonstrate your work and the results. Note, for security purpose, as a system administrator, you don t want to expose any confidential data (secret file) to anybody. We have worked with the existing SELinux policy without modifying it. How can we modify it? There are several ways at different levels. We will look at some of the techniques that can be used to modify the policy in the following sections. Section 3 Booleans Booleans allow parts of SELinux policy to be changed at runtime, without any knowledge of SELinux policy writing. 3.1 Listing Booleans For a list of Booleans, explanations of what each one is, and whether they are on or off, run the following command as the Linux root user. semanage boolean -l
7 P a g e 7 The following screenshot shows part of the Boolean list on my computer. The SELinux boolean column lists Boolean names. The second column gives default value. The Description column tells what they do. The getsebool -a command lists Boolean values. The getsebool boolean-name command gives the status of the boolean-name Boolean: getsebool samba_run_unconfined Use a space-separated list to list multiple Booleans:
8 P a g e Configuring Booleans The setsebool command is used to set SELinux Boolean values. It has the following format: The command setsebool boolean-name x turns Booleans on or off, where boolean-name is a Boolean name, and x is either 1 or true or on to turn the Boolean on, or 0 or false or off to turn it off. Use the -P option to make the change persist across reboots. If the N option is given, the policy on disk is not reloaded into the kernel. Some Boolean configurations are easier. For example, in order to allow Apache HTTP Server to access Samba file systems (files labeled with the cifs_t type), you can simply perform the following configuration: /usr/sbin/setsebool httpd_use_cifs on To allow Apache HTTP Server to access NFS file systems (files labeled with the nfs_t type), do the following: /usr/sbin/setsebool httpd_use_nfs on Some others are not so apparent. Especially, it could be complex when you want to prevent a service from accessing files of certain types. A thorough study is usually needed before you actually know what you need to do. You will gain the experience in the following scenario. Please do the following: setsebool httpd_use_nfs=on httpd_enable_homedirs=on use_nfs_home_dirs=on Scenario 3 You have Apache HTTP Server (httpd) running on a Fedora 18 system with SELinux targeted policy enforced. This system serves files from NFS mount at the same time. To secure your file system, you don t want the server to access files labeled with nfs_t type. In addition, you want to test your configurations to assure that they work as expected.
9 P a g e 9 Question 3: Summarize what you need to do to achieve the goals specified in Scenario 3. Use screenshots to demonstrate your work and results. (Hint: study these three Booleans: httpd_use_nfs, httpd_enable_homedirs and use_nfs_home_dirs) Do you see the complexity of the SELinux Booleans? Some Booleans are not orthogonal. Some of them are related to each other. Different combinations of the Boolean settings could generate or imply unexpected results. Section 4 The audit2allow command SELinux denials will be logged. The utility audit2allow can be used to generate SELinux policy allow rules from logs of denied operations. 4.1 Log files SELinux denial messages are written to the /var/log/audit/audit.log file by default:
10 P a g e 10 In addition, if setroubleshootd is running, denial messages from the /var/log/audit/audit.log file are translated to an easier-to-read form and sent to the /var/log/messages file: Denial messages are sent to different locations depending on which logging daemon is running on your system. Table 1 gives a good estimation on Fedora Linux systems. Table 1 Log locations Daemon Log Location auditd on /var/log/audit/audit.log auditd off; rsyslogd on /var/log/messages auditd and rsyslogd on /var/log/audit/audit.log. Easier-to-read denial messages also sent to /var/log/messages
11 P a g e 11 Please view the log files on your computer and identify SELinux AVC denials. If you cannot see any, generate some. 4.2 Allowing access The audit2allow utility is commonly used to generate SELinux policy allow rules from logs of denied operations. In SELinux, actions are denied by default. If you want an action to be allowed, an allow rule must be in the SELinux policy. The development of the audit2allow tool makes the job less complex. However, this tool should be used with care. It works in two steps: Generate allow rules for logged denied operations. Integrate/install the rules into the SELinux policy. As a system administrator, the most important thing is that you need to Understand why the operations are denied; Decide whether you want to allow the denied operations. Most likely, the denials are what you want. Please do the following to install audit2allow: yum install /usr/bin/audit2allow Please use the man page to learn the audit2allow utility. The following command will tell you the reason why a denial occurred. audit2allow -w -a Please run the above command and study the reasons why the denials occurred on your system. The following command will tell what allow rules are needed to allow the denied accesses that are logged. audit2allow -a Please run the above command to understand what rules are needed to allow logged denied accesses. Please note that one allow rule may fix a great number of denials.
12 P a g e 12 To use the rules displayed by audit2allow -a, run the following command to create a custom module: audit2allow -a -M myrule The -M option creates a Type Enforcement file (.te) with the name specified with -M in your current working directory. The audit2allow command also compiles this.te file into a policy package (.pp) file that is ready to be integrated with the semodule command. The command also tells you what you need to do to install these rules as shown in the following screenshot: Should you simply follow the instruction and install your custom SELinux module? Why not? This is the way it works. Well, things are not so simple. Before you actually install the module, you need to carefully study the allow rules to make sure whether these are what you want. For example, the following screenshot shows some of the allow rules generated on my computer.
13 P a g e 13 Do I need the allow rules under the httpd_t section? These denials were generated while testing the Apache HTTP Server. It does not make any sense to install those rules. This is the homework we need to do before getting the allow rules integrated. You don t want to make your system weaker by integrating your own allow rules. Otherwise, why do you bother to run SELinux on your computer? Please use the audit2allow man page to learn how to generate policy package and install it. Examples are located at the bottom of the man page. Scenario 4 You have set up a web server that runs Fedora 18 Linux with SELinux targeted policy enforced. Some of the users call the help desk reporting that they cannot download some of the files from the web page. Question 4: Please describe the major steps you would like to take to fix the problem specified in Scenario 4. Use screenshots to demonstrate your work and results. Before you leave this section, please refer to Dan Walsh's "Using audit2allow to build policy modules. Revisited." blog entry for further information about using audit2allow to build policy modules. Note: the semodule i command may not work on Fedora 18 Section 5 The system-config-selinux and seinfo utilities You may wonder how to view the types, policy modules, defined network ports and so on in the SELinux policy. To serve this purpose, several tools have been developed. One of the utilities is seinfo, which is located in /usr/bin/ by default. It allows users to query the components of a SELinux policy. The following command installs seinfo utility: yum install /usr/bin/seinfo The use of seinfo has the following general format: seinfo [OPTIONS] [EXPRESSION] [POLICY ] When POLICY is omitted, the default policy will be queried. For example, the following command will display the statistics for the default policy on your system, as shown in the following screenshot: seinfo --stats
14 P a g e 14 Please use man page to learn how to use this tool. Another useful SELinux tool is system-config-selinux. It operates with a GUI. Install the utility: yum install /usr/bin/system-config-selinux The following command will launch the GUI that is similar to the following screenshot. system-config-selinux
15 P a g e 15 It can also be accessed from the menu: Administration => SELinux Management Please check out this tool on your computer and play with it. Scenario 5 You want to spend time and play with the seinfo and system-config-selinux utilities to learn what they do and how to use them. Question 5: Summarize the part that you thought was the most interesting when you conducted the tasks specified in Scenario 5. Use screenshots to demonstrate. The developer of the system-config-selinux tool wrote an article several years ago. Apparently, the materials are old and the current system-config-selinux has a different look. However, it is good to know. Interested in? Check out the article from the following link: The author updated his blog recently regarding the use of system-config-selinux on current release. You may check it out from the following link:
16 P a g e 16 Section 6 Bonus (4%) Again, what you need to do for the bonus is not restricted, but has to be related to SELinux since this is the topic of this lab. I hope the way bonus is given will inspire you more interests on the lab topic and give you more free space at the same time. Please do the following to earn the bonus of this lab. More extra points may be given if you can convince your instructor that you have done a significant amount of work on SELinux. Work out a mini project of your choice based on what you have learned on SELinux so far. Describe your mini project: motivation, design and technical contents. Implement your mini project. Question B1: What is your mini project about? Give a description of your project, including motivation, design and technical details. Question B2: Implement your mini project. Please use screenshots, descriptions and/or answers to questions to show your implementation. Survey Questions Questions in this section will not be graded, but will make your suggestions and voice heard by your instructor. GQ 1. What changes would you like to make to this lab? GQ 2. How much time did you spend to finish this lab? GQ 3. Do you learn anything new or gain a better understanding of class lecture by finishing this lab?
17 P a g e 17 Well, you have completed another lab for this class. Hope you enjoyed doing this lab. Please let your instructor know if you have any comments.
18 P a g e 18 Answer Sheet ============================= Required Part ============================ Question 1: Please summarize what you need to do to achieve the goal specified in Scenario 1? Attach screenshots to demonstrate your results. Question 2: Perform the tasks described in Scenario 2 as the web programmer and the root user. What will the web programmer tell when he tests the results. If the web programmer has any problem, please fix it as a system administrator to make the files accessible by httpd. Use screenshots to demonstrate your work and the results. Note, for security purpose, as a system administrator, you don t want to expose any confidential data (secret file) to anybody. Question 3: Summarize what you need to do to achieve the goals specified in Scenario 3. Use screenshots to demonstrate your work and results. (Hint: study these three Booleans: httpd_use_nfs, httpd_enable_homedirs and use_nfs_home_dirs) Question 4: Please describe the major steps you would like to take to fix the problem specified in Scenario 4. Use screenshots to demonstrate your work and results. Question 5: Summarize the part that you thought was the most interesting when you conducted the tasks specified in Scenario 5. Use screenshots to demonstrate. ============================ Bonus Part (4%) =========================== Question B1: What is your mini project about? Give a description of your project, including motivation, design and technical details. Question B2: Implement your mini project. Please use screenshots, descriptions and/or answers to questions to show your implementation.
19 P a g e 19 ================================ Survey Part =========================== GQ1. Would you like to make any changes to this lab? GQ2. How long did it take you to complete this lab? GQ3. Do you learn anything new or gain a better understanding of class lecture by finishing this lab?
RHS429 - Red Hat Enterprise SELinux Policy Administration
RHS429 - Red Hat Enterprise SELinux Policy Administration Duration/Training Format /Global 04 Days (32 Hrs.) Instructor-Led Training Course Summary RHS429 introduces advanced system administrators, security
More informationLinux Security on HP Servers: Security Enhanced Linux. Abstract. Intended Audience. Technical introduction
Linux Security on HP Servers: Security Enhanced Linux Technical introduction This white paper -- one in a series of Linux security white papers -- discusses Security Enhanced Linux (SELinux), a mandatory
More informationConfiguring Remote HANA System Connection for SAP Cloud for Analytics via Apache HTTP Server as Reverse Proxy
Configuring Remote HANA System Connection for SAP Cloud for Analytics via Apache HTTP Server as Reverse Proxy Author: Gopal Baddela, Senior BI Architect Archius Copyright Archius 2016 1 Table of Contents
More informationowncloud 8 and DigitalOcean Matthew Davidson Bluegrass Linux User Group 03/09/2015
owncloud 8 and DigitalOcean Matthew Davidson Bluegrass Linux User Group 03/09/2015 owncloud 8 and DigitalOcean The following slides are based off the notes that I used to build owncloud 8, on a server
More informationWhite Paper. Fabasoft on Linux SELinux Support. Fabasoft Folio 2015 Update Rollup 2
White Paper Fabasoft Folio 2015 Update Rollup 2 Copyright Fabasoft R&D GmbH, Linz, Austria, 2015. All rights reserved. All hardware and software names used are registered trade names and/or registered
More informationFedora 13 Managing Confined Services. Scott Radvan
Fedora 13 Managing Confined Services Scott Radvan Managing Confined Services Fedora 13 Managing Confined Services Author Scott Radvan sradvan@redhat.com Copyright 2010 Red Hat, Inc. The text of and illustrations
More informationLab 3.4.2: Managing a Web Server
Topology Diagram Addressing Table Device Interface IP Address Subnet Mask Default Gateway R1-ISP R2-Central S0/0/0 10.10.10.6 255.255.255.252 N/A Fa0/0 192.168.254.253 255.255.255.0 N/A S0/0/0 10.10.10.5
More informationTrusted RUBIX TM. Version 6. Installation and Quick Start Guide Red Hat Enterprise Linux 6 SELinux Platform. Revision 6
Trusted RUBIX TM Version 6 Installation and Quick Start Guide Red Hat Enterprise Linux 6 SELinux Platform Revision 6 RELATIONAL DATABASE MANAGEMENT SYSTEM Infosystems Technology, Inc. 4 Professional Dr
More informationAutomatic updates for Websense data endpoints
Automatic updates for Websense data endpoints Topic 41102 / Updated: 25-Feb-2014 Applies To: Websense Data Security v7.6, v7.7.x, and v7.8 Endpoint auto-update is a feature that lets a network server push
More informationSENECA COLLEGE OF APPLIED ARTS AND TECHNOLOGY
SENECA COLLEGE OF APPLIED ARTS AND TECHNOLOGY FACULTY OF TECHNOLOGY SCHOOL OF ELECTRONICS AND COMPUTER ENGINEERING TECHNOLOGY SUBJECT: COMPUTER PERIPHERAL SYSTEMS PER 452 A B C Student Name:, (Last name)
More informationSetup a Virtual Host/Website
Setup a Virtual Host/Website Contents Goals... 2 Setup a Website in CentOS... 2 Create the Document Root... 2 Sample Index File... 2 Configuration... 3 How to Check If Your Website is Working... 5 Setup
More informationRed Hat JBoss Core Services Apache HTTP Server 2.4 Apache HTTP Server Installation Guide
Red Hat JBoss Core Services Apache HTTP Server 2.4 Apache HTTP Server Installation Guide For use with Red Hat JBoss middleware products. Red Hat Customer Content Services Red Hat JBoss Core Services Apache
More informationHost your websites. The process to host a single website is different from having multiple sites.
The following guide will help you to setup the hosts, in case you want to run multiple websites on your VPS. This is similar to setting up a shared server that hosts multiple websites, using a single shared
More informationSQL Tuning and Maintenance for the Altiris Deployment Server express database.
Article ID: 22953 SQL Tuning and Maintenance for the Altiris Deployment Server express database. Question Now Deployment Server is installed how do I manage the express database? Topics that will be covered
More informationAsterisk SIP Trunk Settings - Vestalink
Asterisk SIP Trunk Settings - Vestalink Vestalink is a new SIP trunk provider that has sprung up as a replacement for Google Voice trunking within Asterisk servers. They offer a very attractive pricing
More informationIntrusion Detection and Prevention: Network and IDS Configuration and Monitoring using Snort
License Intrusion Detection and Prevention: Network and IDS Configuration and Monitoring using Snort This work by Z. Cliffe Schreuders at Leeds Metropolitan University is licensed under a Creative Commons
More informationEucalyptus 3.4.2 User Console Guide
Eucalyptus 3.4.2 User Console Guide 2014-02-23 Eucalyptus Systems Eucalyptus Contents 2 Contents User Console Overview...4 Install the Eucalyptus User Console...5 Install on Centos / RHEL 6.3...5 Configure
More informationRed Hat System Administration 1(RH124) is Designed for IT Professionals who are new to Linux.
Red Hat Enterprise Linux 7- RH124 Red Hat System Administration I Red Hat System Administration 1(RH124) is Designed for IT Professionals who are new to Linux. This course will actively engage students
More informationSetting Up SSL on IIS6 for MEGA Advisor
Setting Up SSL on IIS6 for MEGA Advisor Revised: July 5, 2012 Created: February 1, 2008 Author: Melinda BODROGI CONTENTS Contents... 2 Principle... 3 Requirements... 4 Install the certification authority
More informationGestióIP IPAM v3.0 IP address management software Installation Guide v0.1 www.gestioip.net
GestióIP IPAM v3.0 IP address management software Installation Guide v0.1 www.gestioip.net GestióIP Copyright Marc Uebel 2011 Table of Contents 1 Introduction... 3 2 Requirements... 3 3 Installation...
More informationUser Manual of the Pre-built Ubuntu 9 Virutal Machine
SEED Document 1 User Manual of the Pre-built Ubuntu 9 Virutal Machine Copyright c 2006-2011 Wenliang Du, Syracuse University. The development of this document is funded by the National Science Foundation
More informationdotdefender v5.12 for Apache Installation Guide Applicure Web Application Firewall Applicure Technologies Ltd. 1 of 11 support@applicure.
dotdefender v5.12 for Apache Installation Guide Applicure Web Application Firewall Applicure Technologies Ltd. 1 of 11 Installation Process The installation guide contains the following sections: System
More informationAdjusting Prevention Policy Options Based on Prevention Events. Version 1.0 July 2006
Adjusting Prevention Policy Options Based on Prevention Events Version 1.0 July 2006 Table of Contents 1. WHO SHOULD READ THIS DOCUMENT... 4 2. WHERE TO GET MORE INFORMATION... 4 3. VERIFYING THE OPERATION
More informationSecurity Enhanced Linux and the Path Forward
Security Enhanced Linux and the Path Forward April 2006 Justin Nemmers Engineer, Red Hat Agenda System security in an insecure world Red Hat Enterprise Linux Security Features An overview of Discretionary
More informationPractice Fusion API Client Installation Guide for Windows
Practice Fusion API Client Installation Guide for Windows Quickly and easily connect your Results Information System with Practice Fusion s Electronic Health Record (EHR) System Table of Contents Introduction
More informationIntroduction to Operating Systems
Introduction to Operating Systems It is important that you familiarize yourself with Windows and Linux in preparation for this course. The exercises in this book assume a basic knowledge of both of these
More informationQuickBooks Enterprise Solutions. Linux Database Server Manager Installation and Configuration Guide
QuickBooks Enterprise Solutions Linux Database Server Manager Installation and Configuration Guide Copyright Copyright 2007 Intuit Inc. All rights reserved. STATEMENTS IN THIS DOCUMENT REGARDING THIRD-PARTY
More informationInstallation of the Shibboleth-Apache Authorisation Module. 2. Obtain and compile the Apache server software
Version Date Comments 1.0 15 January 2009 Stijn Lievens 1.0.1 2 April 2009 Stijn Lievens. Corrected some typos and mentioned that one also needs to set APACHE_HOME when compiling the mod_permis module.
More informationHOW TO SETUP AN APACHE WEB SERVER AND INTEGRATE COLDFUSION
HOW TO SETUP AN APACHE WEB SERVER AND INTEGRATE COLDFUSION Draft version 1.0 July 15 th 2010 Software XAMPP is an open source package designed to take almost all the work out of setting up and integrating
More informationExercises: FreeBSD: Apache and SSL: pre SANOG VI Workshop
14/01/05 file:/data/hervey/docs/pre-sanog/web/ha/security/apache-ssl-exercises.html #1 Exercises Exercises: FreeBSD: Apache and SSL: pre SANOG VI Workshop 1. Install Apache with SSL support 2. Configure
More informationCloud Homework instructions for AWS default instance (Red Hat based)
Cloud Homework instructions for AWS default instance (Red Hat based) Automatic updates: Setting up automatic updates: by Manuel Corona $ sudo nano /etc/yum/yum-updatesd.conf Look for the line that says
More informationWeb Hosting: Pipeline Program Technical Self Study Guide
Pipeline Program Technical Self Study Guide Thank you for your interest in InMotion Hosting and our Technical Support positions. Our technical support associates operate in a call center environment, assisting
More informationUsing SNMP with Content Gateway (not V-Series)
Using SNMP with Content Gateway (not V-Series) Topic 60035 / Updated: 9-May-2011 Applies To: Websense Web Security Gateway 7.6.x Websense Web Security Gateway Anywhere 7.6.x Websense Content Gateway 7.6.x
More informationInstalling the SSL Client for Linux
Linux Install Installing the SSL Client for Linux SSLLinux201502-01 Global Technology Associates 3361 Rouse Road, Suite 240 Orlando, FL 32817 Tel: +1.407.380.0220 Fax. +1.407.380.6080 Email: info@gta.com
More informationApache Usage. Apache is used to serve static and dynamic content
Apache Web Server One of many projects undertaken by the Apache Foundation It is most popular HTTP server. Free Free for commercial and private use Source code is available (open-source) Portable Available
More informationSELinux course. Ing. Pavol Lupták, CISSP, CEH Lead Security Consultant, Nethemba s.r.o.
SELinux course Ing. Pavol Lupták, CISSP, CEH Lead Security Consultant, Nethemba s.r.o. SELinux history I. Originally a development project from the National Security Agency (NSA) Implementation of the
More informationAliOffice 2.0 Installation Guide
January 25, 2012 AliOffice 2.0 Installation Guide Overview This document contains instructions for installing AliOffice and readying the application for the completion and submission of compliance evaluations.
More informationIntroduction to Apache and Global Environment Directives. S.B.Lal Indian Agricultural Statistics Research Institute, New Delhi 110012
Introduction to Apache and Global Environment Directives S.B.Lal Indian Agricultural Statistics Research Institute, New Delhi 110012 What is a Web Server? A web server is a program that runs on a host
More informationTSM for Windows Installation Instructions: Download the latest TSM Client Using the following link:
TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link: ftp://ftp.software.ibm.com/storage/tivoli-storagemanagement/maintenance/client/v6r2/windows/x32/v623/
More informationIntuit QuickBooks Enterprise Solutions. Linux Database Server Manager Installation and Configuration Guide
Intuit QuickBooks Enterprise Solutions Linux Database Server Manager Installation and Configuration Guide Copyright Copyright 2013 Intuit Inc. All rights reserved. STATEMENTS IN THIS DOCUMENT REGARDING
More informationCS312 Solutions #6. March 13, 2015
CS312 Solutions #6 March 13, 2015 Solutions 1. (1pt) Define in detail what a load balancer is and what problem it s trying to solve. Give at least two examples of where using a load balancer might be useful,
More informationConfiguring Security for FTP Traffic
2 Configuring Security for FTP Traffic Securing FTP traffic Creating a security profile for FTP traffic Configuring a local traffic FTP profile Assigning an FTP security profile to a local traffic FTP
More informationRegistry Tuner. Software Manual
Registry Tuner Software Manual Table of Contents Introduction 1 System Requirements 2 Frequently Asked Questions 3 Using the Lavasoft Registry Tuner 5 Scan and Fix Registry Errors 7 Optimize Registry
More informationCase Study 2 SPR500 Fall 2009
Case Study 2 SPR500 Fall 2009 6 th November 2009 Due Date: 9 th December 2009 Securing Sotnec's web site using Linux Firewall technology Sotnec corporation, an Open Source Company, consists of a small
More informationLab - Observing DNS Resolution
Objectives Part 1: Observe the DNS Conversion of a URL to an IP Address Part 2: Observe DNS Lookup Using the nslookup Command on a Web Site Part 3: Observe DNS Lookup Using the nslookup Command on Mail
More informationOnCommand Performance Manager 1.1
OnCommand Performance Manager 1.1 Installation and Setup Guide For Red Hat Enterprise Linux NetApp, Inc. 495 East Java Drive Sunnyvale, CA 94089 U.S. Telephone: +1 (408) 822-6000 Fax: +1 (408) 822-4501
More informationTABLE OF CONTENTS OVERVIEW SYSTEM REQUIREMENTS - SAP FOR ORACLE IDATAAGENT GETTING STARTED - DEPLOYING ON WINDOWS
Page 1 of 44 Quick Start - SAP for Oracle idataagent TABLE OF CONTENTS OVERVIEW Introduction Key Features Full Range of Backup and Recovery Options SnapProtect Backup Command Line Support Backup and Recovery
More informationSIOS Protection Suite for Linux v8.3.0. Postfix Recovery Kit Administration Guide
SIOS Protection Suite for Linux v8.3.0 Postfix Recovery Kit Administration Guide July 2014 This document and the information herein is the property of SIOS Technology Corp. (previously known as SteelEye
More informationUser Manual of the Pre-built Ubuntu 12.04 Virutal Machine
SEED Labs 1 User Manual of the Pre-built Ubuntu 12.04 Virutal Machine Copyright c 2006-2014 Wenliang Du, Syracuse University. The development of this document is/was funded by three grants from the US
More informationConfiguring Security for SMTP Traffic
4 Configuring Security for SMTP Traffic Securing SMTP traffic Creating a security profile for SMTP traffic Configuring a local traffic SMTP profile Assigning an SMTP security profile to a local traffic
More informationInstallation of PHP, MariaDB, and Apache
Installation of PHP, MariaDB, and Apache A few years ago, one would have had to walk over to the closest pizza store to order a pizza, go over to the bank to transfer money from one account to another
More informationDebug Failed to connect to server!
Debug Failed to connect to server! Version 2 To many of the first time visitors to the forums, the following screenshot may look all too familiar. There are many causes for this error and unfortunately
More informationCentralized Mac Home Directories On Windows Servers: Using Windows To Serve The Mac
Making it easy to deploy, integrate and manage Macs, iphones and ipads in a Windows environment. Centralized Mac Home Directories On Windows Servers: Using Windows To Serve The Mac 2011 ENTERPRISE DEVICE
More informationApache Server Implementation Guide
Apache Server Implementation Guide 340 March Road Suite 600 Kanata, Ontario, Canada K2K 2E4 Tel: +1-613-599-2441 Fax: +1-613-599-2442 International Voice: +1-613-599-2441 North America Toll Free: 1-800-307-7042
More informationWitango Application Server 6. Installation Guide for Windows
Witango Application Server 6 Installation Guide for Windows December 2010 Tronics Software LLC 503 Mountain Ave. Gillette, NJ 07933 USA Telephone: (570) 647 4370 Email: support@witango.com Web: www.witango.com
More informationKVM Virtualization in RHEL 7 Made Easy
A Dell Technical White Paper Jose De la Rosa Dell Linux Engineering 2 THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL INACCURACIES. THE CONTENT IS
More informationLivezilla How to Install on Shared Hosting http://www.jonathanmanning.com By: Jon Manning
Livezilla How to Install on Shared Hosting By: Jon Manning This is an easy to follow tutorial on how to install Livezilla 3.2.0.2 live chat program on a linux shared hosting server using cpanel, linux
More informationThe KSystemLog Handbook. Nicolas Ternisien
Nicolas Ternisien 2 Contents 1 Using KSystemLog 5 1.1 Introduction......................................... 5 1.1.1 What is KSystemLog?............................... 5 1.1.2 Features.......................................
More informationTask Scheduler. Morgan N. Sandquist Developer: Gary Meyer Reviewer: Lauri Watts
Morgan N. Sandquist Developer: Gary Meyer Reviewer: Lauri Watts 2 Contents 1 Introduction 4 1.1 Start Up........................................... 4 1.1.1 Scheduled Tasks..................................
More informationInstallation of IR under Windows Server 2008
Installation of IR under Windows Server 2008 Installation of IR under windows 2008 involves the following steps: Installation of IIS Check firewall settings to allow HTTP traffic through firewall Installation
More informationHow To Set Up A Backupassist For An Raspberry Netbook With A Data Host On A Nsync Server On A Usb 2 (Qnap) On A Netbook (Qnet) On An Usb 2 On A Cdnap (
WHITEPAPER BackupAssist Version 5.1 www.backupassist.com Cortex I.T. Labs 2001-2008 2 Contents Introduction... 3 Hardware Setup Instructions... 3 QNAP TS-409... 3 Netgear ReadyNas NV+... 5 Drobo rev1...
More informationRunning Secure & Reliable Web/Mail/other Services from Home Part-II: Setting Up A SOHO Linux Web and Email Server
Running Secure & Reliable Web/Mail/other Services from Home Part-II: Setting Up A SOHO Linux Web and Email Server 2007 Robert Taylor tinman@robotterror.com All rights reserved About Me Robert Taylor (A.K.A.
More informationDameWare Server. Administrator Guide
DameWare Server Administrator Guide About DameWare Contact Information Team Contact Information Sales 1.866.270.1449 General Support Technical Support Customer Service User Forums http://www.dameware.com/customers.aspx
More informationGetting Started with Amazon EC2 Management in Eclipse
Getting Started with Amazon EC2 Management in Eclipse Table of Contents Introduction... 4 Installation... 4 Prerequisites... 4 Installing the AWS Toolkit for Eclipse... 4 Retrieving your AWS Credentials...
More informationIceWarp Server. Log Analyzer. Version 10
IceWarp Server Log Analyzer Version 10 Printed on 23 June, 2009 i Contents Log Analyzer 1 Quick Start... 2 Required Steps... 2 Optional Steps... 2 Advanced Configuration... 5 Log Importer... 6 General...
More informationCA Spectrum and CA Service Desk
CA Spectrum and CA Service Desk Integration Guide CA Spectrum 9.4 / CA Service Desk r12 and later This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter
More informationConfining the Apache Web Server with Security-Enhanced Linux
Confining the Apache Web Server with Security-Enhanced Linux Michelle J. Gosselin, Jennifer Schommer mgoss@mitre.org, jschommer@mitre.org Keywords: Operating System Security, Web Server Security, Access
More informationWitango Application Server 6. Installation Guide for OS X
Witango Application Server 6 Installation Guide for OS X January 2011 Tronics Software LLC 503 Mountain Ave. Gillette, NJ 07933 USA Telephone: (570) 647 4370 Email: support@witango.com Web: www.witango.com
More informationHow To Use 1Bay 1Bay From Awn.Net On A Pc Or Mac Or Ipad (For Pc Or Ipa) With A Network Box (For Mac) With An Ipad Or Ipod (For Ipad) With The
1-bay NAS User Guide INDEX Index... 1 Log in... 2 Basic - Quick Setup... 3 Wizard... 3 Add User... 6 Add Group... 7 Add Share... 9 Control Panel... 11 Control Panel - User and groups... 12 Group Management...
More informationIntegration Guide. SafeNet Authentication Service. SAS Using RADIUS Protocol with Apache HTTP Server
SafeNet Authentication Service Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information
More informationLesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment
Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment (Exam 70-290) Table of Contents Table of Contents... 1 Course Overview... 2 Section 0-1: Introduction... 4
More informationNew Lab Intro to KDE Terminal Konsole
New Lab Intro to KDE Terminal Konsole After completing this lab activity the student will be able to; Access the KDE Terminal Konsole and enter basic commands. Enter commands using a typical command line
More informationInstalling Booked scheduler on CentOS 6.5
Installing Booked scheduler on CentOS 6.5 This guide will assume that you already have CentOS 6.x installed on your computer, I did a plain vanilla Desktop install into a Virtual Box VM for this test,
More informationLog Analyzer Reference
IceWarp Unified Communications Log Analyzer Reference Version 10.4 Printed on 27 February, 2012 Contents Log Analyzer 1 Quick Start... 2 Required Steps... 2 Optional Steps... 3 Advanced Configuration...
More informationTeam Foundation Server 2012 Installation Guide
Team Foundation Server 2012 Installation Guide Page 1 of 143 Team Foundation Server 2012 Installation Guide Benjamin Day benday@benday.com v1.0.0 November 15, 2012 Team Foundation Server 2012 Installation
More informationSpeedlink software will run on Windows NT, Windows 7, and Windows 8; it will run on both 32 byte and 64 byte versions of Windows.
Guide to the Speedlink software and drivers. Status Instruments has a range of process control equipment that can be configured using the Speedlink software. Some equipment will connect directly to a Windows
More informationRHCSA 7RHCE Red Haf Linux Certification Practice
RHCSA 7RHCE Red Haf Linux Certification Practice Exams with Virtual Machines (Exams EX200 & EX300) "IcGraw-Hill is an independent entity from Red Hat, Inc., and is not affiliated with Red Hat, Inc. in
More informationPaperCut Payment Gateway Module - RBS WorldPay Quick Start Guide
PaperCut Payment Gateway Module - RBS WorldPay Quick Start Guide This guide is designed to supplement the Payment Gateway Module documentation and provides a guide to installing, setting up and testing
More informationUpgrading Software Using the Online Installer
Upgrading Software Using the Online Installer Last Updated: December 8, 2009 This chapter provides the procedures for upgrading from a previous software version of the Cisco Integrated Storage System module
More informationPartek Flow Installation Guide
Partek Flow Installation Guide Partek Flow is a web based application for genomic data analysis and visualization, which can be installed on a desktop computer, compute cluster or cloud. Users can access
More informationHow To Install Amyshelf On Windows 2000 Or Later
Contents I Table of Contents Part I Document Overview 2 Part II Document Details 3 Part III Setup 4 1 Download & Installation... 4 2 Configure MySQL... Server 6 Windows XP... Firewall Settings 13 3 Additional
More informationNovell Distributed File Services Administration Guide
www.novell.com/documentation Novell Distributed File Services Administration Guide Open Enterprise Server 11 SP2 January 2014 Legal Notices Novell, Inc., makes no representations or warranties with respect
More informationEVALUATION ONLY. WA2088 WebSphere Application Server 8.5 Administration on Windows. Student Labs. Web Age Solutions Inc.
WA2088 WebSphere Application Server 8.5 Administration on Windows Student Labs Web Age Solutions Inc. Copyright 2013 Web Age Solutions Inc. 1 Table of Contents Directory Paths Used in Labs...3 Lab Notes...4
More informationRed Hat Certifications: Red Hat Certified System Administrator (RHCSA)
Red Hat Certifications: Red Hat Certified System Administrator (RHCSA) Overview Red Hat is pleased to announce a new addition to its line of performance-based certifications Red Hat Certified System Administrator
More informationBacking up AIR to Microsoft Windows
Backing up AIR to Microsoft Windows Dear Valued Customer, Avaya realizes the importance of your data and the significance of a backup and restore strategy for this data. To assist you in performing a backup
More information1 Introduction FrontBase is a high performance, scalable, SQL 92 compliant relational database server created in the for universal deployment.
FrontBase 7 for ios and Mac OS X 1 Introduction FrontBase is a high performance, scalable, SQL 92 compliant relational database server created in the for universal deployment. On Mac OS X FrontBase can
More informationUser Guide. SysMan Utilities. By Sysgem AG
SysMan Utilities User Guide By Sysgem AG Sysgem is a trademark of Sysgem AG. Other brands and products are registered trademarks of their respective holders. 2013 Sysgem AG, Lavaterstr. 45, CH-8002 Zürich,
More informationProject Management (PM) Cell
Informatics for Integrating Biology and the Bedside i2b2 Installation/Upgrade Guide (Linux) Project Management (PM) Cell Document Version: 1.5.1 i2b2 Software Version: 1.5 Table of Contents About this
More informationProtect your CollabNet TeamForge site
1 Protect your CollabNet TeamForge site Set up SELinux If SELinux is active on the machine where your CollabNet TeamForge site is running, modify it to allow the services that TeamForge requires. This
More informationCybozu Garoon 3 Server Distributed System Installation Guide Edition 3.1 Cybozu, Inc.
Cybozu Garoon 3 Server Distributed System Installation Guide Edition 3.1 Cybozu, Inc. Preface Preface This guide describes the features and operations of Cybozu Garoon Version 3.1.0. Who Should Use This
More informationDualShield. for PAM RADIUS. Implementation Guide. (Version 5.4) Copyright 2012 Deepnet Security Limited
DualShield for Implementation Guide (Version 5.4) Copyright 2012 Deepnet Security Limited Copyright 2012, Deepnet Security. All Rights Reserved. Page 1 Trademarks Deepnet Unified Authentication, MobileID,
More informationIntegration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Drupal
SafeNet Authentication Service Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information
More informationOracle Linux Advanced Administration
Oracle University Contact Us: Local: 1800 103 4775 Intl: +91 80 40291196 Oracle Linux Advanced Administration Duration: 5 Days What you will learn This Oracle Linux Advanced Administration training is
More informationInstallation Guide for FTMS 1.6.0 and Node Manager 1.6.0
Installation Guide for FTMS 1.6.0 and Node Manager 1.6.0 Table of Contents Overview... 2 FTMS Server Hardware Requirements... 2 Tested Operating Systems... 2 Node Manager... 2 User Interfaces... 3 License
More informationWEB2CS INSTALLATION GUIDE
WEB2CS INSTALLATION GUIDE FOR XANDMAIL XandMail 32, rue de Cambrai 75019 PARIS - FRANCE Tel : +33 (0)1 40 388 700 - http://www.xandmail.com TABLE OF CONTENTS 1. INSTALLING WEB2CS 3 1.1. RETRIEVING THE
More informationInstalling and Configuring a SQL Server 2014 Multi-Subnet Cluster on Windows Server 2012 R2
Installing and Configuring a SQL Server 2014 Multi-Subnet Cluster on Windows Server 2012 R2 Edwin Sarmiento, Microsoft SQL Server MVP, Microsoft Certified Master Contents Introduction... 3 Assumptions...
More informationSemantic based Web Application Firewall (SWAF - V 1.6)
Semantic based Web Application Firewall (SWAF - V 1.6) Installation and Troubleshooting Manual Document Version 1.0 1 Installation Manual SWAF Deployment Scenario: Client SWAF Firewall Applications Figure
More informationTOSHIBA GA-1310. Printing from Windows
TOSHIBA GA-1310 Printing from Windows 2009 Electronics for Imaging, Inc. The information in this publication is covered under Legal Notices for this product. 45081979 04 February 2009 CONTENTS 3 CONTENTS
More informationHomework #7 Amazon Elastic Compute Cloud Web Services
Homework #7 Amazon Elastic Compute Cloud Web Services This semester we are allowing all students to explore cloud computing as offered by Amazon s Web Services. Using the instructions below one can establish
More informationLICENSE4J FLOATING LICENSE SERVER USER GUIDE
LICENSE4J FLOATING LICENSE SERVER USER GUIDE VERSION 4.5.5 LICENSE4J www.license4j.com Table of Contents Getting Started... 2 Floating License Usage... 2 Installation... 4 Windows Installation... 4 Linux
More information