3.2.3.3.3 SELinux Secured Policy
Only applicable to MetaDefender Core version 4.19.0 or above.
By default, SELinux (Linux security system based on role access, available on RedHat and CentOS) does not protect the Nginx web server. The following instruction will help you setup and turn on the protection.
1.) First, install required SELinux compile-time support:
yum -y install selinux-policy-targeted selinux-policy-devel2.) The download targeted SELinux policies to harden the Nginx web server on Linux servers from the
selinuxnginx project page:
cd /optwget 'http://downloads.sourceforge.net/project/selinuxnginx/se-ngix_1_0_10.tar.gz?use_mirror=nchc'3.) Untar the same:
tar -zxvf se-ngix_1_0_10.tar.gz4.) Compile the same
cd se-ngix_1_0_10/nginxmakeSample output:
Compiling targeted nginx module/usr/bin/checkmodule: loading policy configuration from tmp/nginx.tmp/usr/bin/checkmodule: policy configuration loaded/usr/bin/checkmodule: writing binary representation (version 6) to tmp/nginx.modCreating targeted nginx.pp policy packagerm tmp/nginx.mod.fc tmp/nginx.mod5.) Install the resulting nginx.pp SELinux module:
/usr/sbin/semodule -i nginx.pp