TagDebian

enable SELinux on a Debian DO droplet

debian-DO-SELinux

Sometimes I have a natural attraction to things making my life more complicated. I could have just installed CentOS. Or rented a dedicated server. Or stopped using SELinux. But I wanted it all. So I’d like to show you how you can install Debian 7 on a DigitalOcean droplet and have SELinux enabled.

The problem is that at DO the kernel comes from outside (KVM) and you cannot manipulate it nor it’s parameters. But you can use kexec to replace the kernel as soon as you’re in control.

Before you begin:

  • I assume a freshly installed Debian 7 here (tested on 64bit version)
  • you should take a backup before proceeding!

Okay, get all the updates and install the required software

$ sudo apt-get update
$ sudo apt-get upgrade
$ sudo apt-get install selinux-basics selinux-policy-default auditd kexec-tools

Run selinux-activate, it modifies grub (no matter here), PAM and touches /.autorelabel:

$ sudo selinux-activate

Then, edit the file /etc/init.d/rcS and put the following in front of exec /etc/init.d/rc S

if grep -v kexeced /proc/cmdline ;then
      kexec -l /vmlinuz --initrd=/initrd.img --command-line="$(cat /proc/cmdline) selinux=1 security=selinux kexeced" && kexec -e
fi

If this is done, you’re ready to reboot!

$ sudo reboot

You can add some extra time for the reboot as it has to relabel all the files for the first time.

When rebooted, check the SELinux status with:

$ sestatus

Happy labeling :)

cleanly install the MongoDB driver for PHP

mongodb-php

Using MongoDB with PHP on Debian Wheezy doesn’t work out of the box. Here’s how I got it working:

First, install a whole lot of packages and then build the mongo driver: (we remove the unused packages later)

$ sudo apt-get install php5-dev php5-cli php-pear make
$ sudo pecl install mongo

As soon as this is completed, add the driver to PHP. According to your installation, you want to add it to /etc/php5/fpm/php.ini, if using PHP-FPM, or /etc/php5/apache2/php.ini if using apache2 and so on. However, add this line to the config file:

extension=mongo.so

And then, restart the affected services, for PHP-FPM do this:

$ sudo service php5-fpm restart

And for pure Apache, do this:

$ sudo service apache2 restart

If this is on a production server, I recommend to remove all the unnecessary software, especially the compilers:

$ sudo apt-get purge autoconf autotools-dev automake binutils cpp gcc libc-dev-bin linux-libc-dev libc6-dev zlib1g-dev libltdl-dev libssl-dev libssl-doc manpages-dev php5-dev binutils libtool gcc-4.7 cpp-4.7

Then start MongoDB, e.g. like so:

mongod --dbpath /data/test

And for testing, here’s some PHP code from the PHP.net MongoDB tutorial:

<?php
// connect
$m = new MongoClient();
// select a database
$db = $m->comedy;
// select a collection (analogous to a relational database's table)
$collection = $db->cartoons;
// add a record
$document = array( "title" => "Calvin and Hobbes", "author" => "Bill Watterson" );
$collection->insert($document);
// add another record, with a different "shape"
$document = array( "title" => "XKCD", "online" => true );
$collection->insert($document);
// find everything in the collection
$cursor = $collection->find();
// iterate through the results
foreach ($cursor as $document) {
    echo $document["title"] . "\n";
}
?>

Happy coding!

© 2017 netmess

Theme by Anders NorenUp ↑