Competitive Advantage

Posted by on 2011/12/24 No comments

There is a level of support (IT and otherwise) that is necessary just to keep the doors open for business. Many businesses cut their support down to this level, thinking of us as “overhead.” But beyond that point – IT is a force multiplier, we provide competitive advantage (neutralizing competitors’ advantage, or gaining our own competitive advantage). Both in terms of our organization’s ability to produce more and meet more targets, and in terms of our ability to attract & retain talented workforce.

When you think about it, most of the “coolness” factors of an organization are support related, IT and otherwise. Coolness factors represent a real, but often intangible or unmeasurable, advantage to attracting & retaining talent. It’s company image, it’s marketing for your brand.

selinux notes

Posted by on 2011/10/02 Comments Off

These are my notes, after learning from Fedora Selinux FAQ

  • Become root. Although you could do this with sudo, it’s more of a pain.
    Also, you may be glad, some day, that you left these files laying around, and the best place for that is in root’s home directory (or a subdirectory.)

  • You must ensure the auditd service is installed and started.
    yum -y install auditd
    service auditd start

  • First, make sure there’s nothing in your audit log.
    audit2allow -m local -l -i /var/log/audit/audit.log
    If there is anything in there, clear it out with
    semodule --reload

  • Now, temporarily disable selinux
    setenforce 0

  • Do whatever would normally get blocked.

  • And re-enable selinux
    setenforce 1

  • Make up a new module name, such as “httpdwritehomes” and prepare that module from the list of stuff that was captured in the audit log:
    export newmod=httpdwritehomes
    audit2allow -m $newmod -l -i /var/log/audit/audit.log > $newmod.te
    Be sure to edit that file, read it over, and remove anything that doesn’t belong

  • Note: If nothing appears in the logs, you might have to disable “don’taudit” See http://danwalsh.livejournal.com/11673.html
    semodule -DB
    and later
    semodule -B

  • Now compile and install the new module
    checkmodule -M -m -o $newmod.mod $newmod.te
    semodule_package -o $newmod.pp -m $newmod.mod
    semodule -i $newmod.pp