Skip to content

Commit df4c283

Browse files
dhurleydhurley
committed
Add NGINX Agent v3.0 SELinux configuration guide
1 parent d9609a5 commit df4c283

File tree

1 file changed

+50
-0
lines changed

1 file changed

+50
-0
lines changed

content/agent/how-to/how-to-configure-selinux.md

Lines changed: 50 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,50 @@
1+
---
2+
title: Configure SELinux
3+
weight: 600
4+
---
5+
6+
## Overview
7+
8+
You can use the optional SELinux policy module included in the package to secure F5 NGINX Agent operations with flexible, mandatory access control that follows the principle of least privilege.
9+
10+
{{< important >}}The SELinux policy module is optional. It is not loaded automatically during installation, even on SELinux-enabled systems. You must manually load the policy module using the steps below.{{< /important >}}
11+
12+
---
13+
14+
## Before you begin
15+
16+
Take these preparatory steps before configuring SELinux:
17+
18+
1. Enable SELinux on your system.
19+
2. Install the tools `load_policy`, `semodule`, and `restorecon`.
20+
3. [Install NGINX Agent]({{< rel "/agent/install-upgrade/install.md" >}}) with SELinux module files in place.
21+
22+
{{< important >}}SELinux can use `permissive` mode, where policy violations are logged instead of enforced. Verify which mode your configuration uses.{{< /important >}}
23+
24+
---
25+
26+
## Enable SELinux for NGINX Agent {#selinux-agent}
27+
28+
The following SELinux files are added when you install the NGINX Agent package:
29+
30+
- `/usr/share/selinux/packages/nginx_agent.pp` - loadable binary policy module
31+
- `/usr/share/selinux/devel/include/contrib/nginx_agent.if` - interface definitions file
32+
- `/usr/share/man/man8/nginx_agent_selinux.8.gz` - policy man page
33+
34+
To load the NGINX Agent policy, run:
35+
36+
{{< include "installation/agent-selinux.md" >}}
37+
38+
{{<see-also>}}For more information, see [Using NGINX and NGINX Plus with SELinux](https://www.nginx.com/blog/using-nginx-plus-with-selinux/).{{</see-also>}}
39+
40+
---
41+
42+
## Recommended Resources
43+
44+
- <https://man7.org/linux/man-pages/man8/selinux.8.html>
45+
- <https://www.redhat.com/en/topics/linux/what-is-selinux>
46+
- <https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/using_selinux>
47+
- <https://wiki.centos.org/HowTos/SELinux>
48+
- <https://wiki.gentoo.org/wiki/SELinux>
49+
- <https://opensource.com/business/13/11/selinux-policy-guide>
50+
- <https://www.nginx.com/blog/using-nginx-plus-with-selinux/>

0 commit comments

Comments
 (0)