Articles

Installing RHEL packages without network connection

If you haven't found yourself in this situation while working as a Linux sysadmin, you will -- one day or the other. You need to install a package (let's call it Foobar) on a RHEL server which, for some reason, has no connection to the network.…

SELinux – How to confine a Tomcat application on RHEL6 / CentOS6 – part 2

Part 1 is here. Another method of confining Tomcat is to create a completely new domain in which your application, as well as Tomcat and Java, will be running. Let's create a new domain by inheriting it from the tomcat_t domain. In the…

SELinux – How to confine a Tomcat application on RHEL6 / CentOS6 – part 1

This article will explain how to use SELinux to confine a Tomcat application on RHEL6 / CentOS6. By default, Tomcat runs as tomcat_t, which is an unconfined type. This is difficult to find out, because the documentation is scarce on the different…

RHEL6 auditing

If you want to monitor all actions on your servers, even those from root, there's a pretty straightforward and easy solution on RHEL6. Let's first analyze the different approaches: You can use pam_tty_audit to send all keystrokes to /var/log/audit/audit.log…