WebSpellChecker.net Wiki

WebSpellChecker Installation on Red Hat Enterprise/CentOS with enabled SELinux

SELinux defines the access and transition rights of every user, application, process, and file on the system. SELinux then governs the interactions of these entities using a security policy that specifies how strict or lenient a given Red Hat Enterprise Linux installation should be.

As you may understand basic installation of WebSpellChecker does not intend for such secured environment that is why the additional configuration is required.

Once the basic installation has been performed you can proceed to SELinux configuration as explained below:

You can access terminal with root credentials at once or add “sudo” command before each command in order to execute a command as root user.

*First of all, you should define the security context of WebspellChecker installation folder “WSC” by marking the extended attributes with the appropriate security context:

sudo /sbin/restorecon -R -v /opt/WSC

-R - recursively changed security context of WSC folder and all subfolders

-v - to explain what has been done

  • Since WebSpellChecker is a network application you need to allow networking by setting the current state of the following SELinux boolean to a given value.
sudo /usr/sbin/setsebool -P httpd_can_network_connect=1

-P - all pending values are written to the boolean file on disk

  • Last, but not least, you should define SELinux security context of ssrv.fcgi script.

You can see that mentioned script has following (by default) context type: default_t. If we start our web browser and try to view the page, SELinux will properly deny access and log the error because the file has the wrong security context. We need to set the correct security context type of httpd_sys_content_t by executing of the following command:

sudo chcon -t httpd_sys_content_t  /opt/WSC/WebComponents/WebInterface/script/ssrv.fcgi

Please note that starting the WebSpellChecker version 4.9.3 we use FastCGI instead of CGI. For versions less than 4.9.3. you need to use ssrv.cgi during executing the 'chcon' command.

SELinux configuration has been completed successfully and you can proceed to evaluate of WebSpellChecker solution.

Feel free to post any comments or suggestions to Technical support.