Infrastructure/RFR/SELinux

From FedoraProject

< Infrastructure | RFR
Revision as of 22:16, 8 January 2010 by Akistler (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Contents

Project Sponsor

Name: Daniel Walsh

Wiki Name: SELinux Troubleshoot

Fedora Account Name: Dan,Walsh

Group: Red Hat Engineering

Infrastructure Sponsor: Paulo Santos

Secondary Contact info

Name:

Wiki Name:

Fedora Account Name:

Group:

Project Info

Project Name: SELinux Troubleshoot Tool

Target Audience: Fedora System Administrators

Expiration Date (required): No Experation.

Description/Summary:

Setup a Xen Instance running a web server to help Fedora Users diagnose SELinux AVC messages

Project plan (Detailed):

I would like to setup a Xen instance running an apache web server, that is totally locked down by SELinux. This web server would allow users to upload SELinux audit logs. The logs would be run through the SELinux Troubleshoot Database and suggested fixes would be displayed to the user. Since this machine would be taking random data from the internet, I do not believe this machine should be running any other services and will be locked down with the tightest possible SELinux policy.


Goals:

Specific resources needed

FC6 or later xen instance.
Memory: Minimum required to run FC6/FC7
Disk space: Minimum required to run FC6/FC7 + 100 MB.
NICs: 1
Visible from internet: yes
Other: No other requirements, this should be a very minimal machine. It should have logging done remotely though, in case it gets hacked.

Additional Info (Optional)

https://www.redhat.com/archives/fedora-selinux-list/2007-June/msg00156.html