diff --git a/Installing-Tracks-2.2.2-on-CentOS-6.5-Minimal-x86_64.md b/Installing-Tracks-2.2.2-on-CentOS-6.5-Minimal-x86_64.md index 867e695..5a67af8 100644 --- a/Installing-Tracks-2.2.2-on-CentOS-6.5-Minimal-x86_64.md +++ b/Installing-Tracks-2.2.2-on-CentOS-6.5-Minimal-x86_64.md @@ -1013,7 +1013,7 @@ At the bottom of the file, add the following: ###SELinux Configure SELinux to use permissive mode due to Phusion Passenger is going to be blocked by SELinux. Use permissive versus diabled to log passenger activities. ``` -$ sudo vi /etc/selinux/conf +$ sudo vi /etc/selinux/config ``` Then for this session set SELinux to be permissive or reboot. @@ -1021,7 +1021,7 @@ Then for this session set SELinux to be permissive or reboot. $ sudo setenforce 0 ``` -Once Tracks installation is complete and been in use for a while, you can create a SELinux module. See the section titled "SELinux module" below for instructions. +Once Tracks installation is complete and been in use for a while, you can create a SELinux module. See the section titled "SELinux Passenger module" below for instructions. ###Firewall & Apache2 Open firewall for Apache by 'customizing' and permitting http or web traffic (80 TCP). You may, also, remove the previous rule for port 3000 TCP. @@ -1065,10 +1065,10 @@ Alternatively, You can simply create an action specifying a new context and new #Other Considerations -##SELinux Passenger Module +##SELinux Passenger module The process that follows can be used for creating security modules for SELinux. Alternatively, you can disable SELinux, but that would be unwise. -Temporarily go into SELinux permissive mode. +SELinux must be set to permissive mode versus disabled to captures events to logs. Either update \etc\selinux\config` as decribed above or execute setenforce. ``` $ sudo setenforce 0 ``` @@ -1078,8 +1078,9 @@ Restart Apache $ sudo service httpd restart ``` -Start using your Rails application -Walk through SELinux log and generate new SELinux policy module +Start using your rails application, Tracks. + +Later, walk through SELinux's log and generate new SELinux policy module. ``` $ sudo grep httpd /var/log/audit/audit.log | audit2allow -M passenger ``` @@ -1089,7 +1090,7 @@ Install newly created SELinux module $ sudo semodule -i passenger.pp ``` -Switch SELinux back into enforcing mode. +Set SELinux to enforcing mode. Update `/etc/selinux/config` or execute setenforce as appropriate. ``` $ sudo setenforce 1 ```