Blober
v1.0

Table of Contents

  • 1. Preface
    • 1.1. What is This Manual About?
    • 1.2. What is the Blober Project?
    • 1.3. Why the Blober Project?
      • 1.3.1. Technical Reasons
      • 1.3.2. Social Reasons
  • 2. Technical Overview
  • 3. Set up the Host System
    • 3.1. Basic Setup and Preparation
      • 3.1.1. Create an Admin User
      • 3.1.2. Update the System
      • 3.1.3. Install Admin Tools
      • 3.1.4. Store Logs Persistently
      • 3.1.5. Reboot
    • 3.2. Install Docker
      • 3.2.1. Set up Docker Storage Options
      • 3.2.2. Enable and Start Docker
      • 3.2.3. Miscellaneous Setup for Convenient Administration
    • 3.3. Set up Dnsmasq
      • 3.3.1. Install And Configure Dnsmasq
      • 3.3.2. Auto Update DNS Record of Docker Containers
    • 3.4. Configure Postfix
      • 3.4.1. Install and Enable Postfix
      • 3.4.2. Configure Postfix for Admin
      • 3.4.3. Configure Postfix for Software Running in Docker Containers
      • 3.4.4. One More Test
    • 3.5. Enable SELinux (Optional but Recommended)
    • 3.6. Set up the Host System on Other GNU/Linux Distributions
  • 4. Install Essential Software in Docker Containers
    • 4.1. Install Nginx
    • 4.2. Install MariaDB
    • 4.3. Install OpenLDAP
      • 4.3.1. Start the OpenLDAP Container
      • 4.3.2. Configure OpenLDAP
      • 4.3.3. Manage the LDAP Database with a GUI frontend
  • 5. Common Administration Tasks
    • 5.1. Create a New Database and User in MariaDB
    • 5.2. Common Group Related Tasks in the OpenLDAP Database
      • 5.2.1. Add a New Group into the OpenLDAP Database
      • 5.2.2. Add a Member to an Existing Group
      • 5.2.3. Exit
  • 6. Install Internet Apps in Docker Containers
    • 6.1. OwnCloud, A File Synchronization and Cloud Service
      • 6.1.1. Configure DNS
      • 6.1.2. Configure the MariaDB Database
      • 6.1.3. Set up OwnCloud Container
      • 6.1.4. Configure Nginx
      • 6.1.5. Basic Configuration of OwnCloud
      • 6.1.6. Use OwnCloud with OpenLDAP
      • 6.1.7. Other Settings
      • 6.1.8. Update OwnCloud
    • 6.2. Piwik, A Web Analytics Platform
      • 6.2.1. Configure DNS
      • 6.2.2. Configure the MariaDB Database
      • 6.2.3. Set up Piwik Container
      • 6.2.4. Configure Nginx
      • 6.2.5. Configure Piwik
      • 6.2.6. Use Piwik with OpenLDAP
      • 6.2.7. Update Piwik
    • 6.3. Prosody, An XMPP Communication Server
      • 6.3.1. Configure DNS
      • 6.3.2. Configure the MariaDB Database
      • 6.3.3. Configure the OpenLDAP Database
      • 6.3.4. Set up Prosody
    • 6.4. Isso, A Commenting Server
      • 6.4.1. Configure DNS
      • 6.4.2. Configure Isso Options
      • 6.4.3. Start the Isso Docker Container
      • 6.4.4. Configure Nginx
    • 6.5. LTB Self Service Password, Allowing Users to Change Their Passwords
      • 6.5.1. Configure DNS
      • 6.5.2. Start the LTB Self Service Password Container
      • 6.5.3. Configure Nginx
    • 6.6. Firefox Sync Server, Synchronizing Firefox Across Devices
      • 6.6.1. Configure DNS
      • 6.6.2. Configure the MariaDB Database
      • 6.6.3. Configure Firefox Sync Server
      • 6.6.4. Configure Nginx
      • 6.6.5. Configure Firefox
      • 6.6.6. Verify Whether the Setup Works
      • 6.6.7. Disable New Users Signups
  • 7. Appendices
    • 7.1. Why Should We Use Our Own Server?
      • 7.1.1. Privacy and Censorship Concerns Rise at the Age of the Internet
      • 7.1.2. Organizations and Working Groups are Subjugated to Proprietary Network Service and Software
      • 7.1.3. Solve the Issue by Using Our Own Server
    • 7.2. Dnsmasq Auto Update Script
    • 7.3. List of Template Nginx Configuration Files
    • 7.4. Source Code of This Manual
    • 7.5. References
    • 7.6. License
  • 8. Help and Feedback
Blober
  • Docs »
  • 3. Set up the Host System »
  • 3.5. Enable SELinux (Optional but Recommended)
  • View page source

3.5. Enable SELinux (Optional but Recommended)ΒΆ

SELinux is a Linux kernel security module which provides mandatory access controls. It is highly recommended to enable SELinux on your system, especially a GNU/Linux distribution such as RHEL/CentOS which provides good out-of-box integration with SELinux.

To install relevant packages:

sudo yum install policycoreutils policycoreutils-python selinux-policy \
 selinux-policy-targeted libselinux-utils setroubleshoot-server setools \
 setools-console mcstrans

To check the status of SELinux on the system, we can run the command below:

getenforce

We may have the following 3 possible output.

  • Disabled. The SELinux module is disabled. We can edit /etc/selinux/config to change to permissive mode:

    sudo vi /etc/selinux/config

    Modify the SELINUX entry from disabled to permissive and reboot. Now the getseforce output should be permissive. If the output is not permissive, go back and check whether anything went wrong. Then we can follow the instructions of the permissive part.

  • Permissive. The SELinux module is in permissive mode. Before changing SELinux into enforcing mode, we should ensure there is no SELinux errors that may prevent the system from booting up. Run the following command to check any possible SELinux errors:

    sudo journalctl -b 0 | grep -i selinux

    Briefly browse the output and make sure there is no relevant error. Then run the following command and modify the SELINUX entry from permissive to enforcing:

    sudo vi /etc/selinux/config

    Reboot the system. Now the getenforce command should output enforcing.

  • Enforcing. You have already enabled SELinux. No additional work need to be done.

Next Previous

© Copyright 2015-2016, Hong Xu <hong@topbug.net>. This work is licensed under the Creative Commons Attribution-ShareAlike 4.0 International License..

Most of the work was tested on DigitalOcean. Register using this link to support the Blober project!