Apache Changehat - Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual
Hide thumbs
Also See for LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009:
- Administration manual (338 pages) ,
- Deployment manual (246 pages) ,
- Application manual (364 pages)
Table of Contents
Advertisement
The rest of this chapter describes using change_hat in conjunction with Apache, to
contain web server components run using mod_perl and mod_php. Similar approaches
can be used with any application server by providing an application module similar to
the mod_apparmor described next in
(page 283).
NOTE: For More Information
For more information, see the change_hat man page.
25.1 Apache ChangeHat
Novell AppArmor provides a mod_apparmor module (package
apache2-mod-apparmor) for the Apache program (only included in SUSE Linux
Enterprise Server). This module makes the Apache Web server ChangeHat aware. Install
it along with Apache.
When Apache is ChangeHat aware, it checks for the following customized Novell
AppArmor security profiles in the order given for every URI request that it receives.
• URI-specific hat (for example, ^phpsysinfo/templates/classic/
images/bar_left.gif)
• DEFAULT_URI
• HANDLING_UNTRUSTED_INPUT
NOTE: Apache Configuration
If you install apache2-mod-apparmor, make sure the module gets loaded
in Apache by executing the following command:
a2enmod apparmor
276
Security Guide
Section 25.2.2, "Location and Directory Directives"
Advertisement
Table of Contents
