Portal Home > Knowledgebase > Articles Database > How to enable SElinux and Secure CentOS 6
How to enable SElinux and Secure CentOS 6
| Posted by J D A, 04-08-2012, 06:08 PM |
| Hi guys. I just recently purchased a VPS (XEN, 1 GB RAM) from Burst.net and I need help with SELinux, as well as hardening the server itself.
This is the 1st VPS I've run in 1 1/2 - 2 years. A lot has changed since then (I'm used to CentOS 5). So I'm really looking into ways to harden CentOS as well as run SELinux on it.
The server will be used to host (personal) websites. I'm not using cPanel or any control panel and am not looking to use one, I'd like to eliminate overhead + I want to learn to run a VPS w/o a stupid CP haha.
The first issue here is SELinux. How do I enable it? I've tried everything. There is no /etc/selinux/config file (nor a /etc/sysconfig/selinux or whatever file). When I use getenforce or sestatus SELinux is disabled. However with /usr/sbin/selinux (I think that's the command) it says libselinux is installed. I can't even set it in Permissive mode. setenforce does not work either.
Also does anyone have any advice on how to harden my server? If you can point me to a guide or provide advice here that'd be greatly appreciated! I'm not going to use it as absolute resource but rather a starting point.
Also I really need help on how to install grsec on CentOS 6. Plus I can't find my kernel (2.6.32-200.7.1.i686) in kernel.org or how to install / patch for it on grsecurity's site.
Thanks!
|
| Posted by SeriesN, 04-08-2012, 06:17 PM |
| Selinux is enabled by default. Are you planning to use something like cpanel? If so you will need to disable selinux.
/etc/sysconfig/selinux
Make sure you reboot after changing settings.
|
| Posted by J D A, 04-08-2012, 06:38 PM |
| As stated before I am not planning to run cPanel or any type of control panel.
Just nginx + other standard web services (php, mysql) and some caching software.
/etc/sysconfig/selinux does not exist (file or folder not found). I've also tried to manually create the selinux config and reboot but that doesn't work either.
Also any tips on hardening + grsecurity? (READ the 1st post!)
|
| Posted by SeriesN, 04-08-2012, 06:42 PM |
| Setup a firewall, change ssh port to something non standard, disable root login, control host access to particular Ip, disable non required services , I guess that's the basic stuffs.
Need more, hire an expart.
|
| Posted by Hostify Networks, 04-08-2012, 06:43 PM |
| The correct path for the selinux config file in CentOS 6 is /etc/selinux/config
|
| Posted by J D A, 04-08-2012, 07:05 PM |
| Thanks! I have a lot more to add to that list!
Once again I can't stress it enough. /etc/selinux/config does not exist. This is a clean CentOs 6.2 installation.
|
| Posted by Hostify Networks, 04-08-2012, 07:09 PM |
| That's odd.
|
| Posted by SeriesN, 04-08-2012, 07:15 PM |
| Reinstall centos again?
|
| Posted by J D A, 04-08-2012, 07:15 PM |
| Sorry for saying that but I've been searching for an answer all day. Nothing even acknowledges this issue! Heck not even the documentation acknowledges it! Aaarrrgghh. I always have trouble setting up VPSes but never dedicated servers and I don't even know why!
|
| Posted by J D A, 04-08-2012, 07:52 PM |
| So I reinstalled CentOS 6.2 and it's still not working and I'm ready to punch a hole through my VPS (via SSH).
NOTHING is working. Locate didn't work but I fixed that (mlocate, duh hahahaha). But yeah I'm still looking for help!
|
| Posted by SeriesN, 04-08-2012, 07:54 PM |
| Ask your vps provider if they are using custom centos template for xen.
|
| Posted by J D A, 04-08-2012, 08:02 PM |
| Well I don't know about a custom template, but I fixed it with:
yum install policycoreutils-gui
Whoa a lot of stress for what looked like a really simple solution! Well thanks for the time guys and hopefully SOMEONE else who has this problem will find this thread!
|
| Posted by cloudrck, 04-09-2012, 09:31 AM |
| Typically its enabled by default, but when you have a vps you can use custom OS templates which can have any configuration. If the file isnt there than Selinux wasnt installed
|
| Posted by MikeZavatta, 04-09-2012, 02:48 PM |
| You can check to see the status of SELinux with /usr/sbin/sestatus. This way you can verify if it is disabled already.
|
| Posted by Jaap HBH, 06-07-2012, 04:26 PM |
| I did and it solved the problem for me!
Same setup: vps, clean new CentOS 6.2 install, installed policycoreutils but no config file.
Installing policycoreutils-gui solved the problem. It is probably in one the dependencies that was installed with the gui which led to the creation of the config file (I noticed selinux-policy was installed with the gui).
Thanks for posting the fix.
|
| Posted by racknap1, 06-09-2012, 02:13 PM |
| it seems there is some bugs in centOS installation media. We suggest if you could install SElinux at post installation of OS manually.
Please use this url to find out more details of steps.
http://rpm.pbone.net/index.php3/stat...oarch.rpm.html
|
| Posted by Hosttoast, 06-09-2012, 02:41 PM |
| did you install minnimal package?
which package did you install ? virtual host, web server basic server?
not sure if minimal does selinux (it sure don't install anything else)
|
Add to Favourites 
Print this Article
Also Read
Domain API (Views: 459)
