Quick Links

SELinux context for website with FTP access

So, you have decided to leave SELinux enabled. Congratulations, you have just taken a major step in securing your Internet-facing system.

Let’s say you are hosting a website that needs to be updated using FTP. By default, webserver content is labeled as:

httpd_sys_content_t

This context prevents you from updating files using the FTP server. If both HTTP (Apache) and FTP (vsftpd) access is needed, the SELinux context should be:

public_content_rw_t

You can either run “chcon” to temporarily fix this, or make the changes permanent by adding a proper local SELinux rule:

semanage fcontext -a -t public_content_rw_t "/var/www/html(/.*)?"
restorecon -Rv /var/www/html

Replace “/var/www/html” by your actual DocumentRoot as defined in Apache. The “semanage” command merely adds the rule to the SELinux database. The “restorecon” command performs the actual relabeling of your files.

Verify your changes using “ls -lZ”:

[root@webserver www]# ls -lZ
drwxr-sr-x. ed www unconfined_u:object_r:httpd_sys_content_t:s0 cgi-bin
drwxr-sr-x. ed www unconfined_u:object_r:httpd_sys_content_t:s0 error
drwxr-sr-x. ed www unconfined_u:object_r:public_content_rw_t:s0 html
drwxr-sr-x. ed www unconfined_u:object_r:httpd_sys_content_t:s0 icons

Done!

Getting started with the Raspberry Pi

From their FAQ: “The Raspberry Pi is a credit-card sized computer that plugs into your TV and a keyboard”. The RasPi is an ultra-cheap, energy-efficient Linux computer.

Preparing the SD card on Mac OS X

  • Get a supported SD card for the OS installation (I’m using a Kingston 8GB class 4 SD card)
  • Download the Raspbian ZIP-file from http://www.raspberrypi.org/downloads (I use the most recent Raspbian “wheezy”, 2012-12-16), unzip to get at the .IMG file
  • Open Terminal on OS X
    • Insert the empty SD card and determine it’s disk name (my card was mounted at /dev/disk4s1; use “df” before and after inserting to determine the name)
    • Run “sudo diskutil unmount /dev/disk4s1″ to unmount any partitions on the SD card
      (verify that disk name!)
    • Run “sudo dd if=2012-12-16-wheezy-raspbian.img of=/dev/rdisk4 bs=1m” to write the image to the raw disk device
      (again, verify that disk name!)
    • Run “sudo diskutil eject /dev/rdisk4″ after the image is written to SD card.
  • Remove the SD card from your Mac – done!

The Raspberry Pi lives!

Insert the SD card into your Raspberry Pi. Connect a monitor (I use an HDMI-to-DVI cable), USB mouse and keyboard. Optionally, connect it to the network. Once you power on the Raspberry Pi, you should be greeted with a familiar Linux boot sequence. After answering a couple of questions you should see a graphical desktop environment. It has a web browser, terminal etc. just like any other Linux computer.

Since I’ll be using the Raspberry Pi mostly as a small headless server, I’ve used “raspi-config” to disable the desktop and enable SSH.

Software updates and additional packages

To install any available software updates, run “sudo aptitude update; sudo aptitude upgrade”.

If you want to use the I/O pins (for your electronics projects), you will want the WiringPi and WiringPi-Python libraries installed.

sudo apt-get install git-core
git clone git://git.drogon.net/wiringPi
cd wiringPi
./build
sudo apt-get install python-setuptools
git clone https://github.com/WiringPi/WiringPi-Python.git
cd WiringPi-Python
git submodule update --init
sudo python setup.py install

You can now access the GPIO pins using Python, or using the ‘gpio’ commandline tool.

 

It's 2013! Happy new year!

Here’s to a happy and healthy 2013.

Oh, and to a year with hopefully a bit more time to play with geeky toys like the Raspberry Pi and JeeNode ;-)

Happy New Year 2013

Initial impressions of FreeNAS 8.2.0-BETA3

Our recently installed FreeNAS on an HP ProLiant MicroServer N40L is currently being used for backing up VMs (CentOS 6.0 KVM).

The web-based GUI is quite easy to work with, and the filesystem (ZFS) is quite resilient as we found out after a couple of power failures caused by accidentally tripping our ground protection fault / RCD switch…

Still, I’ve ran into some issues that will hopefully be resolved in the next Beta-release:

  • Remote syslog does not work due to an error in the startup script (Ticket #1433)
  • Transmission PBI configuration does not work, always reset to defaults (Ticket #1477Ticket #1512)

The syslog configuration can be fixed manually in /etc/rc.conf. The Transmission PBI needs more fixing before it can becomes useful; at the moment it insists on saving downloads into the jail’s root directory, which has limited quota.

Overall verdict so far: FreeNAS is a great piece of software, ZFS snapshots are awesome, still a couple of rough edges but hey, it’s a BETA ;-)

Happy Birthday, Koetje ;-)

Vandaag viert Koetje alweer haar tweede verjaardag – de tijd vliegt.

Ze hangt wel eens in de gordijnen, soms probeert ze Bommel te vangen maar eigenlijk is ze heel lief. Blacky en Koetje kunnen het heel erg goed vinden, dus het is een gezellige beestenboel met onze 3 katten…

Hier is ze in de weer met een duivenveer die ze in de tuin gevonden heeft – blijkbaar héél interessant!

♫ Happy Birthday to Koe,
Happy Birthday to Koe… ♫