3.2.3.3.3 SELinux Secured Policy
Only applicable to MetaDefender Core version 4.19.0 or above.
By default, SELinux (Linux security system based on role access, available on RedHat and CentOS) does not protect the Nginx web server. The following instruction will help you setup and turn on the protection.
1.) First, install required SELinux compile-time support:
yum -y install selinux-policy-targeted selinux-policy-devel
2.) The download targeted SELinux policies to harden the Nginx web server on Linux servers from the
selinuxnginx project page:
cd /opt
wget
'http://downloads.sourceforge.net/project/selinuxnginx/se-ngix_1_0_10.tar.gz?use_mirror=nchc'
3.) Untar the same:
tar -zxvf se-ngix_1_0_10.tar.gz
4.) Compile the same
cd se-ngix_1_0_10/nginx
make
Sample output:
Compiling targeted nginx module
/usr/bin/checkmodule: loading policy configuration from tmp/nginx.tmp
/usr/bin/checkmodule: policy configuration loaded
/usr/bin/checkmodule: writing binary representation (version
6
) to tmp/nginx.mod
Creating targeted nginx.pp policy
package
rm tmp/nginx.mod.fc tmp/nginx.mod
5.) Install the resulting nginx.pp SELinux module:
/usr/sbin/semodule -i nginx.pp