I want to secure RedHat 5.4 application server by SELinux (targeted policy) and have several questions
1, where can i get SELinux sources (/etc/selinux//src/policy/)There seems to be no such package on install cd ..
2, how to restrict user rights (for example user jboss could not modify /etc/my.cnf)
3, how to configure JBoss application server to work under SELinux
Although i read many documents from NSA the whole topic is still not clear for me.What i want is to basically protect filesystem in case one account is broken.I cannot find any materials about securing jboss server using either chroot jail, ACLs or SELinux ….
Best Answer
To answer #1
You could try taking a look at Dan Walsh's Fedora SELinux git repository.
http://danwalsh.livejournal.com/38032.html
Also, this page has some info about running JBoss with SELinux
http://community.jboss.org/wiki/startjbossonbootwithlinux
Although it might be outdated and I'm not sure if you looked at it yet.
The SELinux Wiki is a great source for beginning policy development.