Beruflich Dokumente
Kultur Dokumente
Service: Apache
SELinux Hints
Boolean default description
httpd_enable_homedirs off allow personal homedir sharing
httpd_use_nfs off allow rw from nfs
httpd_use_cifs off allow rw from cifs
httpd_enable_cgi on enable cgi
types description
httpd_sys_content_t static web content (ro)
httpd_sys_script_exec_t for cgi scripts
httpd_sys_content_rw_t rw for cgi scripts
httpd_sys_content_ra_t append only by cgi scripts
httpd_unconfined_script_e unconfied scripts
xec_t
Systemd Services and Startup Config
task cmd
Restart graceful apachectl graceful
Test configuration apachectl configtest
Security
Firewall Services/Ports
service ports
http tcp/80
https tcp/443
Host-based Security
use mod_authz_host:
config description
<RequireAll></RequireAll> AND, OR, NAND blocks
<RequireAny></RequireAny>
<RequireNone></RequireNone>
Require [not] host #name allow/block host or ip
Require [not] ip #address
User-based Security
config description
<RequireAll></RequireAll> AND, OR, NAND blocks
<RequireAny></RequireAny>
<RequireNone></RequireNone>
Require [not] group #group allow/block group or user
Require [not] user #user
Config Tasks
Configure a Virtual Host
use example from /usr/share/doc/apache/
first host is default
task cmd
create selfsigned key genkey #hostname
install new key cp #key /etc/pki/tls/certs/
#change /etc/httpd/conf.d/ssl.conf
disable cert verification in curl curl -k