Manualshelf

Installing and Configuring Apache Toolkit for Serviceguard for Linux

ManualsBrandsHP ManualsSoftwareHP Serviceguard for Linux ProLiant Cluster
78910111213141516
5. Enter the following command to start the monitoring process:
# rm -f /usr/local/cmcluster/pkg/apache1/apache.debug
The following message is recorded in the Serviceguard package control script log:
Starting Apache toolkit monitoring again after maintenance.
6. Enter the following command to enable package failover:
#cmmodpkg -e APACHE1
NOTE: If the package fails during maintenance, the package does not automatically failover to an
adoptive node. You need to manually start the package on the adoptive node. For more information
on manually starting package on an adoptive node, see Managing HP Serviceguard.
SECURITY POLICIES IN LINUX
SELinux and AppArmor are security tools that are delivered with Red Hat and SLES, respectively.
One of the functions of these tools is to protect some applications based on security policies. These
policies define default access control for the applications. If there is any change to the application
configuration, for example, change in binaries or file locations, then appropriate access controls
must be redefined in the security policy for that application.
NOTE: The following sections are applicable only when security policies have been enforced on
applications using either SELinux or AppArmor.
SELinux
SELinux (Security-Enhanced Linux) is an implementation of mandatory access control in the Linux
kernel, using the Linux Security Modules (LSM) framework. SELinux is turned on by default in Red
Hat. All the Apache files and directories are protected by SELinux security policy. All of these files
must be associated with a security context defined for Apache. SELinux protection allows Apache
processes to access only those files with the context defined in the security policy for Apache. The
default policies of SELinux are defined so that the default directories of Apache have the right
contexts. If any changes are made, such as moving the DocumentRoot or ServerRoot of Apache
from local to a non-default location, ensure that these new directories and all files in the directory
have the same security context as the default installation. Configuring the context is mandatory if
anything other than the default file locations is used.
Note: All the files accessed by Apache processes must have the right context as defined in the
security policy. For more information on configuring SELinux with Apache, see the Red Hat
documentation website.
For Example:
To place the Web pages in directories other than Apache defaults, user 'root' creates a new
directory /home/www/site1 in which the pages for a new Web site are located. A default security
context ‘root:object_r:user_home_t' is assigned to the new directory and its files. Use ls -Z
command as follows to find the context assigned.
# mkdir /home/www/site1
# ls -Z /home/www/
drwxr-xr-x root root root:object_r:user_home_t site1
# touch /home/www/site1/index.html
# ls -Z /home/www/site1/index.html
-rw-r--r-- root root root:object_r:user_home_t
/home/www/site1/index.html