Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Using CentOS 6
I have 2 Apache httpd services running. The first one provides REST interfaces and a UI to manage the operating system (start/stop services, execute system command using suid, modify system settings, etc.). This httpd service (running on port 5555) will only be accessible from a certain ip range (firewall) since it will be used for administrative purposes.
The second httpd service (port 80 and 443) will be visible on the Internet. It will serve a web application to external customers.
The first httpd needs selinux policies that give it more access to the OS files/processes. The second needs selinux policies that are strict to what it is allowed to do within its context. The second needs to be this way for better web application security and prevent any web app exploits from even being able to touch the OS.
Both of the httpd processes are running as different users.
Can selinux be used with 2 different sets of policies for the same httpd executable?
How do I/is it possible to set the httpd process context to switch to another set of policies when httpd starts?
Is it just a matter of making a copy of the httpd binary and change its selinux context that uses all new policies (relabel the httpd binary, but I'm sure it will take more than this)?
What are the steps to copy the existing httpd selinux settings to a new name?
I think this comes down to needing a httpdpublic and httpdprivate selinux context. Anyone done anything like this before that could give some guidance or suggest alternative solutions? Thanks
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 6 days ago.
Improve this question
Can someone refer/suggest me documents/resources to achieve this kind of setup for my single application running on Weblogic 12c? If there is any good resource for this to get this done step by step please share. I am looking for a continuous highly available architecture.
I have tried bringing up both of the servers and enabled the apache redirection to both the servers so that all incoming requests are shared between 2 servers, however the hazelcast client gets disconnected, or the active starts to throw a lot of exceptions and the components go down every time I bring up 2 production servers having mostly the same configurations. And I believe in my current setup only 1 weblogic server can be enabled to run at a particular instant, I am trying to change this so that I can have 2 active servers running at the same time.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
I installed Ubuntu server 16.04 on one of my computer to setup a web server. I want to install Phabricator to manage a video game project with some friends. I'm trying to configure my router (Home Hub 1000 from Bell) to redirect port 80 to this server. The problem is that it doesn't work at all. I can access to my web page from a computer on my local network with the name of the computer, but not from the outside using my IP address (the one used by my router). I added my server to DMZ and I had set up a port forwarding (Protocol: Both, Internal port: 80, External port: 80). My server use a reserved IP address configured on my router.
Thanks for your help.
Besides of a reserved local ip-address, it is useful to have a static ip-address from your provider(because they might change your ip once and a while). You can find your ip on whatismyip.com
When both port forwarding and DMZ are configured in your router, you can look if there is firewall on your server which blocks the external requests.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I am setting up a sensor network for my new diy home automation system and am running into a major roadblock. I am using OpenHAB as the "home base" for the system, and since it has an MQTT binding, I figured that would be a good way to have all of the nodes talk with it. I know that I can connect to test.mosquitto.org, which is great for testing. But, obviously, this is not secure enough by far for the permanent server (also, I'm pretty sure they specifically say not to use that server for permanent things).
After a lot of Google-ing I have found a decent amount of info on Mosquitto and MQTT, but honestly most of it is over my head since I am just starting. My question here, that most seem to assume is known already, is how do I actually go about setting up my own MQTT server on the Raspberry Pi that will be running everything? Or is this not the norm, and should I find a public server (like test.mosquitto.org)? That just doesn't seem like the most practical method.
Thanks in advance for your help.
Mosquitto is light enough that you can install it anywhere. I would only use test.mosquitto.org if I was testing as it is public (ie. anyone can see your data!) and isn't always up and working.
When running on the pi I normally add the Mosquitto Debian Repo as it is more upto date. Has v1.3.5
Good instructions on mosquitto.org site or a good beginnners howto over at jpmens, just do the installation upto the TLS part (unless you need it!)
On a raspberry pi
If you just run the following commands:
sudo apt-get update
sudo apt-get install mosquitto
sudo update-rc.d mosquitto defaults
(I'm not 100% sure you need this one but it won't hurt)
sudo /etc/init.d/mosquitto start
(only needed this time, as it should start automatically on reboot)
That will give you a mosquitto broker running on your pi
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
How may I create a socket on my computer that could be reachable from other computers via internet, and work like a web server, maybe using WebSockets?
By the way: could my web server become visible from the Internet and how?
I know I can install a LAMP web server on my computer (my OS is Ubuntu) and use it for a local network.
I know I can use sockets to let 2 computers communicate via internet using their IP addresses (I did it in Java).
You can make your LAMP server stack accessible from the internet by forwarding ports from your external internet connection to the computer the server stack is running on. If you're doing this at home, you can usually handle port forwarding from the admin interface for your router/modem.
Alternatively, WebRTC is a newer web technology (still in the testing phase) that allows two browsers to connect to each other without the need for an intermediate web server.
Browser does not permit raw sockets.
You can not create a socket from browser, because it would be security hole.
For example you download a page from internet and script on this page opened all sockets on your computer.
Websockets it is technology on top of TCP protocol.
Using Websockets you can connect two browsers to a Websocket server and exchange information via this server.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 14 years ago.
Improve this question
I have a webserver running on my Windows XP computer. I have set the firewall to allow incoming HTTP connections: Firewall settings window->'Advanced' tab->select my network connection->Settings->Services->check 'Webserver(HTTP)' checkbox.
Normally, this works. However, sometimes upon restarting the server machine, the firewall again begins blocking HTTP connections, notwithstanding the fact that the 'Webserver(HTTP)' exception is still checked in the Firewall settings window.
The only way, then, to get things working again is to uncheck the said option, save the settings, reopen the firewall dialog and check the option and save again.
My question is, is this some peculiarity of my machine or is this a Windows XP firewall bug?
No, that's not a bug, you're just misunderstanding what the Services tab is for.
The list on that tab are for the scenario where the firewalled system also serves as a NAT gateway ("Internet Connection Sharing" or whichever name Microsoft came up with) for another computer. It's basically a form of DNAT. It controls whether or not to allow the initiation of connections to that port through to hosts running on a private network behind the firewalled system.
What you need is to add an exception for port 80 / TCP on the Exceptions tab (don't forget to click on Change scope and select the appropiate scope!) That will work without a hitch. I also recommend you uncheck what you checked ASAP since Windows client operating systems aren't particularly suited for packet forwarding and settings on that tab sometimes mysteriously interfere with normal network traffic (like in your case.)