WebSpellChecker.net Wiki

WebSpellChecker Installation on Red Hat Enterprise/CentOS with enabled SELinux

SELinux defines the access and transition rights of every user, application, process, and file on the system. SELinux then governs the interactions of these entities using a security policy that specifies how strict or lenient a given Red Hat Enterprise Linux installation should be.

As you may understand basic installation of WebSpellChecker does not intended for such secured environment that is why additional configuration is required.

Once basic installation has been performed you can proceed to SELinux configuration as explained below:

You can access terminal with a root credentials at once or add “sudo” command before each command in order to execute a command as root user.

  • First of all you should defines the security context of WebspellChecker installation folder “WSC” by marking the extended attributes with the appropriate security context:
sudo /sbin/restorecon -R -v /opt/WSC

-R - recursively changed security context of WSC folder and all subfolders

-v - to explain what has been done

  • Since WebSpellChecker is a network application you need to allow networking by setting the current state of the following SELinux boolean to a given value.
sudo /usr/sbin/setsebool -P httpd_can_network_connect=1

-P - all pending values are written to the boolean file on disk

  • Last, but not least, you should define SELinux security context of ssrv.cgi script.

You can see that mentioned script has following (by default) context type: default_t. If we start our web browser and try to view the page, SELinux will properly deny access and log the error because the file has the wrong security context. We need to set the correct security context type of: httpd_sys_content_t by executing of following command:

sudo chcon -t httpd_sys_content_t  /opt/WSC/WebComponents/WebInterface/script/ssrv.cgi

SELinux configuration has been completed successfully and you can proceed to evaluating of WebSpellChecker.net solution.

Feel free to post any comments or suggestions to Technical support.