Skip to content.

A Note About Website Navigation

Skip to main menu.

For users of screen readers, depending on the screen resolution, the two checkboxes are for opening and closing the side menus that appear to the left and right side of the screen. This is designed both for large screens and for mobile devices with a touch screen. Checking either the main menu or sidebar checkboxes causes the menu to open from the left or right side of the screen, respectively. Clearing the checkox in either the main menu or sidebar closes the menu. The checkboxes are visible to screen readers such as JAWS and NVDA for Windows, Voiceover for Mac, and Orca screen reader for Linux. When a screen reader says "clickable" for both main menu and sidebar, that is for the respective checkboxes. End of explaination.

Category: Security, subcategory of The World of Computers

How To List All SELinux Contexts

Audience and Prerequisites

This is intended for Linux users who have experience working with the command line. You should be running any Red Hat-based distributions such as Rocky Linux, AlmaLinux, or Oracle Linux. CentOS Stream is not a candidate for taking the RHCSA (Red Hat Certified System Administrator) exam. A lot of people in the Linux community are not happy about Red Hat discontinuing support for CentOS 8 and now Red Hat does not want source code to be available for everyone, including Rocky Linux and AlmaLinux. Enough with wordy paragraphs! We don't want anyone to scroll down too much in order to get to the most important part! Let's get into the command line, shall we?

Oh, please pardon me for boring you with this, but I almost forgot. This article assumes that you are logged in as a root user. This is bad security practice in the production environment, but in the exam, it's okay to be root. If you break it, you fix it and that will count against your time in the exam. But the important thing is that you must come up with solutions as fast as possible. Of course, don't be in a hurry in such a way that you will fail the exam. Okay, enough already! Let's get in with it! *grinning face*

Type: File Contexts

The command for listing all available SELinux type contexts is:

seinfo -t

The command for listing only the type contexts that relate to the web server:

seinfo -t | grep httpd

So, you searched for anything related to httpd and you came across httpd_sys_content_t. You need to specify a directory to host your content other than in /var/www. To add the type context to a directory, the command will be as follows:

semanage fcontext -a -t httpd_sys_content_t "/data/nas/www(/.*)?"
restorecon /data/nas/www

Longer version:

semanage fcontext --add --type httpd_sys_content_t "/data/nas/www(/.*)?"

The seinfo command is the SELinux policy information tool, semanage is a SELinux policy management tool, and restorecon is for restoring default SELinux security contexts to files and directories. The "type" contexts is the only one to be to be concerned about when studying for any Linux exams, such as RHCSA (Red Hat Certified System Administrator).

As for (/.*)?, that's called a regular expression. This is for setting any subdirectories and files with the same context as the main directory. Try to remember this in the RHCSA exam: open parenthesis, forward slash, period, asterisk, close parenthesis, question mark, and that's about it. The only thing to remember is to have the entire path along with the symbols in double quotes. In the RHCSA exam, you have access to the man pages, so take advantage of that whenever possible.

For users of NVDA screen reader (Non-Visual Desktop Access), NVDA does not speak a question mark such as CTRL+? (control plus question mark). I do not know if this is a bug in the screen reader or if this is intentional, but at least it's all I can do to help out if screen readers ignore question marks. That symbol is an important part of a regular expression, so it needs to be translated to words. Hopefully I can be of help.

Type: Contexts for Ports

What about ports? If you modify the port number in SSH configuration file (/etc/ssh/sshd_config) and you restart the service (systemctl restart sshd), even if you configure the firewall to allow a different port number (example: firewall-cmd --add-port 12345 --permanent), you won't be able to SSH into your server because SELinux gets in the way! It's easy to disable SELinux if you do not mind exposing your server to outside security risks, but when studying for the exam, it's important to never disable SELinux. Instead, let's search for port-related contexts.

Let's search for any services that have a phrase "port" for any type contexts:

seinfo -t | grep port

You should get a list of services. Let's narrow it down to SSH:

seinfo -t | grep port | grep ssh

Ah ha! There it is. It's ssh_port_t. Of course, I could also type the following:

seinfo -t | grep ssh_port

And that should give me the same output. So, let's configure SELinux to allow TCP port 12345 so that we can SSH into our Linux server.

semanage port -a -t ssh_port_t -p tcp 12345

And there you have it! You should now login to your server using SSH.

ssh -p 12345 username@servernameoripaddress

Of course, if you want to search for other services, such as Postfix:

seinfo -t | grep postfix

Oh, wow! So many contexts to choose from! But aren't we looking for port-related contexts?

seinfo -t | grep port | grep postfix

Hmm... There are no port-related contexts related to Postfix. Of course, what we do want is SMTP, which is port 25 by default, so let's narrow it down to just "port" and "SMTP" (all lowercase, of course).

seinfo -t | grep port | grep smtp
# or "seinfo -t | grep smtp_port" (without quotes)

And you should get smtp_port_t. However, configuring an SMTP server is beyond the scope of this tutorial about viewing the list of available contexts. Plus, configuring firewalls and enabling/starting services in a Linux server is also beyond the scope as well.

What Packages Provides seinfo and semanage?

dnf whatprovides */seinfo

The asterisk represents a wildcard, so this would assume that we do not know the full path to seinfo command. That dnf command, when executed, reveals a package called setools-console. So, so install setools-console, just use the dnf install command as follows:

dnf install setools-console

The same is for semanage: 

dnf whatprovides */semanage
dnf install policycoreutils-python-utils

That package policycoreutils-python-utils is so wordy, isn't it? *smile* Don't stress over trying to remember that package name in the exam and in the real world.

Conclusion

I hope I can be of help to anyone studying for RHCSA exam. Hopefully you should be able to know how to set SELinux type contexts for directories and ports. If you are not taking an exam (you should if you want to further your career in Linux and Information Technology), I hope I can be of help as well! Have fun administrating your Linux servers!

And yes, I could have used emojis, but screen readers come first! *smile*

Article published: 2023-08-12 13:10

Categories: The World of Computers, Computers, Information Technology, Security

How To Change Your Uber Email Address and Password?

Instructions

  1. From your smartphone (not your desktop or laptop computer), open the Uber application.
  2. Tap Account. The Account button is located at the bottom right of your smartphone's screen.
  3. Tap your avatar to the right of your name.
  4. Tap your email address to change your email address. Skip to step 6 if you do not make use of unique email addresses for every account that you signed up for.
  5. Once you change your email address, tap Update. Go into your email account and look for an email from Uber. Enter the verification code that Uber gave you.
  6. Tap your password. You will need to verify your password first before you generate your new password from a password manager.

And you are done! Congratulations! You have successfully changed your unique email address and password! Stay safe!

Here's a link to the full article about why I changed my email address for Uber.

Article published: 2022-09-17 12:16

Categories: The World of Computers, Information Technology, Security

Who is the Weakest Link In a Cybersecurity Chain? We Are!

I watched the video about whether the ransomware can be stopped and I scrolled down through the comment section. While reading comments, some people are suggesting that we switch to Linux because Linux is more secure compared to Windows. That is true that Linux is inherently secure compared to Windows and Mac; however, what if I were to tell you that if you are running Arch Linux, Fedora, Ubuntu, Solaris, FreeBSD, OpenBSD, Haiku OS, or just about any other operating systems in our planet that you can still fall victim to phishing attacks? If we all switch to a different operating system on a basis that one is more secure compared to other operating systems, then we are forgetting about our weakest link.

Let me ask you again. Who or what is the weakest link in the cybersecurity chain? It's not Windows; we are the ones that need education so we can protect ourselves online.

Article published: 2022-04-17 15:56

Categories: The World of Computers, Security

Internet and Safety: Why Physical Businesses Should Not Require Everyone To Use Internet?

(For my blog post, I want to focus on the audience regarding people who use Internet every single day and knows a lot about cybersecurity. Myself included.)

Imagine a scenario: you went to get your haircut and the place you went to requires you to enter an email address before you get your haircut. Why? Even if I do have a smartphone and I use Internet every single day, why must I put in my email address? For what purpose? To send spam? For businesses, they might say "we respect your privacy and take security seriously," but in my mind, I would say that if an email gets compromised in a data breach, it's more likely that those who are not tech-savvy are more likely to receive spam and phishing emails. Not thinking about security when using the Internet can lead to ransomware and identity theft. They might stop using the computer altogether because of fear of feeling unsafe online.

What is an operating system? Windows? Mac? Linux? What is an email address? What is a "file?" See where I'm going with? What is Android? iPhone? iOS? How do I manage files and folders in my computer? How do I check my email? I hope you get my point.

Okay, so you say that your 90-year-old family member knows how to use the Internet, takes care of security themselves, and I should not overly-generalize myself. Well, that's great, but we should not force everyone to have a smartphone just so they can face dangers lingering in the Internet. I have more details in the full article.

Article published: 2021-10-06 12:00

Categories: The World of Computers, Computers, Security