Last active
November 11, 2019 23:52
-
-
Save ctala/3a6d84417a853b2edc55e910013a7d58 to your computer and use it in GitHub Desktop.
.ebextentions/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
################################################################################################### | |
#### Copyright 2019 Cristian Tala Sánchez. All Rights Reserved. | |
#### | |
#### Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file | |
#### except in compliance with the License. A copy of the License is located at | |
#### | |
#### http://aws.amazon.com/apache2.0/ | |
#### | |
#### or in the "license" file accompanying this file. This file is distributed on an "AS IS" | |
#### BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | |
#### License for the specific language governing permissions and limitations under the License. | |
################################################################################################### | |
################################################################################################### | |
#### This config extention for AWS elastic beanstalk activates enforce mode for SELinux on boot. | |
################################################################################################### | |
commands: | |
setEnforce: | |
command: setenforce 1 | |
ignoreErrors: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
################################################################################################### | |
#### Copyright 2019 Cristian Tala Sánchez. All Rights Reserved. | |
#### | |
#### Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file | |
#### except in compliance with the License. A copy of the License is located at | |
#### | |
#### http://aws.amazon.com/apache2.0/ | |
#### | |
#### or in the "license" file accompanying this file. This file is distributed on an "AS IS" | |
#### BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | |
#### License for the specific language governing permissions and limitations under the License. | |
################################################################################################### | |
################################################################################################### | |
#### This config extention for AWS elastic beanstalk generates the policies for PHP to run using SELinux | |
#### and Amazon Custom AMI for PHP on enforcing mode | |
################################################################################################### | |
files: | |
"/root/httpd-backend.te": | |
content: | | |
module httpd-backend 1.0; | |
require { | |
type var_log_t; | |
type httpd_rotatelogs_t; | |
type httpd_t; | |
type var_t; | |
type hugetlbfs_t; | |
type initrc_t; | |
type http_port_t; | |
class tcp_socket name_connect; | |
class process signal; | |
class file { write read create open getattr }; | |
class dir { write add_name }; | |
} | |
#============= httpd_rotatelogs_t ============== | |
allow httpd_rotatelogs_t var_log_t:dir { write add_name }; | |
allow httpd_rotatelogs_t var_log_t:file { create open }; | |
#============= httpd_t ============== | |
allow httpd_t http_port_t:tcp_socket name_connect | |
allow httpd_t hugetlbfs_t:file { read write }; | |
allow httpd_t initrc_t:process signal; | |
allow httpd_t var_log_t:file open; | |
allow httpd_t var_t:file { read open }; | |
allow httpd_t var_t:file getattr; | |
commands: | |
#Generamos el modulo a partir del código | |
01_compile: | |
command: checkmodule -M -m -o httpd-backend.mod httpd-backend.te; | |
cwd: /root/ | |
ignoreErrors: false | |
#Generamos el paquete | |
02_package: | |
command: semodule_package -o httpd-backend.pp -m httpd-backend.mod | |
cwd: /root/ | |
ignoreErrors: false | |
#instalamos el paquete | |
03_package_install: | |
command: semodule -i httpd-backend.pp | |
cwd: /root/ | |
ignoreErrors: false |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment