One place for hosting & domains

      DreamHost’s Ultimate Small Business Resource Guide


      We see you, small business owners! You bring character and diversity to your hometowns and spice to your niche on the internet. You create jobs. You build local economies and provide unique products and services with a personal touch big corporations can only try to replicate. Plus, you are living your dream: turning your passion into a money-making venture that improves the world and gives you the chance to be your own boss.

      We know how hard you work to make this dream a reality. It’s never easy to run your own business, but the current COVID-19 global pandemic has been a particular plague on small businesses. Governments around the world have social distancing guidelines to stop the spread of this coronavirus, bringing global economies to their knees.

      With people stuck at home, non-essential businesses closed, and millions out of work, the customers you rely on to stay afloat either can’t come to your shop or are short on cash for anything outside living expenses. None of this is your fault, and it is happening despite your diligent work and vision for your business.

      Even National Small Business Week — an annual springtime celebration of your essential place in the U.S. economy scheduled for this week — has been postponed thanks to COVID-19. But we are going to celebrate you anyway! Here at DreamHost, we believe in small business, and we are proud to provide a platform and digital home for so many of you.

      The pandemic will let up eventually, and we are still rooting for you. To help you get some ideas for how to build and boost your business, we’ve collected our best advice for small business owners — all in one place.

      Read on to find essential tips about:

      Feel free to use the links above to jump around to the most pertinent articles for you and your business — or read straight on through for an overview of all the advice we have to offer.

      You Can Build a Website

      Whether you want to start a blog or run a small business, DreamHost makes it easy to begin your online journey. Our shared hosting plans give you everything you need to thrive online at an affordable price.

      Building a Small Business Website

      In the small-business world, your website is everything. It’s your homestead on the frontier of the web. It declares your brand to the world and is often the first impression potential customers have of your business.

      For many of you, your website is your business.

      Even if your business is a brick-and-mortar operation — such as a restaurant or antique store — your company’s website needs to be helpful, optimized, and updated and maintained regularly. Your website provides valuable info, including where to find you and when, and drives customers off their couches and into your stores.

      The internet is where your customers spend most of their time, especially right now. Use these resources to learn how to get going on WordPress, build a beautiful website from the ground up, and tailor it to fit your own business.

      Building an Online Store

      If you have an online business — or if you want to start selling your products online in addition to your physical store — a reliable and attractive online shop is what you need. Your customers want to browse, find the products they want, and check out without a glitch. To make that happen, you need to build an online store with a trusted platform in addition to your business’s WordPress website.

      It’s surprisingly easy to get an online shop up and keep it going — you just need the right tools and tips. We love WooCommerce and Shopify, and you’ll learn about both, plus more tips and tricks for selling online, in the helpful guides below.

      Small Business Advice

      You small business owners are a scrappy bunch, and much of what you know you learned through good, old fashioned experience. There’s no education like the one that comes from getting out there and making your own mistakes.

      As valuable as mistakes and failures are, we want to set you up as much as possible for success and triumph. In this section, you’ll find a roundup of our best advice for entrepreneurs — learn how to manage everything from your stress to your small business website and beyond.

      Small-Biz Tools and Resources

      You want your small business to reach its full potential — and so do we! No person is an island, and the same goes for businesses. We all need a little help and support sometimes, and when we use available tools, we can get more done in less time.

      There are so many tools out there to help you manage and grow your business, and to optimize the whole enterprise for success. Stop doing things the hard way. Here you’ll find all of our favorite tools, apps, plugins, and more for making the work of running your business a little easier.

      Ways to Make Money Online

      Thanks to the internet, there’s never been a better time to start a side hustle. Money-making opportunities abound online, from blogging to affiliate marketing.

      Whether you want to build up an extra income source on top of your full-time gig or are looking for ideas to build up your business, we got you. Let’s walk through our favorite — not to mention lucrative and legitimate — ways to make money online.

      Small-Biz Marketing Tips

      There are more than 1.5 billion (and counting) websites on the internet today. So how does your humble food blog or photography portfolio get noticed, by the right people, amid all the noise?

      One word: marketing.

      “If you build it, they will come” is an adage that doesn’t hold up so well when it comes to your business’s presence online. Merely having a website just isn’t enough; you need to draw people to it for it to do any good. You need some smart strategies to bump your website up to the top of search results, find and engage social media followers, and encourage positive reviews.

      Do you want your brand to get noticed? Find your target market. Drive traffic to your website. Do some smart social media and email marketing. Create killer content and optimize your site for top search engine results. How? We thought you’d never ask: Learn or brush up on these skills with our handy dandy guides to marketing your small business.

      Want More Small-Biz Hacks?

      Whether you need marketing advice or a heads-up on the latest web design trends, we’ve got content for that! Subscribe to our monthly newsletter so you never miss an article.

      You’ve Got This

      There you have it — everything we’ve ever written to guide, inform, and inspire small business owners in one handy guide. We know that you’ve got what it takes to make it through this crisis, and we hope these resources can help you get there.

      Now, we have a question for you: How can we help? What small-biz related questions are keeping you up at night? Holler at us over on Twitter to let us know which additional topics and resources you’d like us to cover for small business owners.

      Are you wondering where to get started? You can easily build an online presence for your small business with shared hosting. Our plans, which start at just $2.59 per month, offer all the tools you need to build your business and reach your customers.





      Source link

      A Beginner's Guide to SELinux on CentOS 8


      Updated by Linode

      Contributed by
      Linode

      SELinux is a Mandatory Access Control (MAC) system, developed by the NSA. SELinux was developed as a replacement for Discretionary Access Control (DAC) that ships with most Linux distributions.

      The difference between DAC and MAC is how users and applications gain access to machines. Traditionally, the command sudo gives a user the ability to heighten permissions to root-level. Root access on a DAC system gives the person or program access to all programs and files on a system.

      A person with root access should be a trusted party. But if security has been compromised, so too has the system. SELinux and MACs resolve this issue by both confining privileged processes and automating security policy creation.

      SELinux defaults to denying anything that is not explicitly allowed. SELinux has two global modes, permissive and enforcing. Permissive mode allows the system to function like a DAC system, while logging every violation to SELinux. The enforcing mode applies a strict denial of access to anything that isn’t explicitly allowed. To explicitly allow certain behavior on a machine, you, as the system administrator, have to write policies that allow it. This guide provides a brief and basic introduction to commonly used commands and practices for SELinux system administration.

      Before You Begin

      1. Ensure that you have followed the Getting Started and Securing Your Server guides.

        Note

        This guide is written for a non-root user. Commands that require elevated privileges are prefixed with sudo. If you’re not familiar with the sudo command, you can check our Users and Groups guide.
      2. Update your system:

        sudo yum update
        

        Note

        The Linode kernel does not support SELinux by default. However, all new Linodes running CentOS 8 use the distribution provided kernel, which has SELinux enabled by default.

        If your system is running a Linode kernel, you will need to change to an upstream kernel in order to use SELinux. See the How to Change Your Linode’s Kernel for more steps. Once you’re kernel is set to the upstream kernel, continue on with the steps in this guide.

      Install Supporting SELinux Packages

      In this section, you will install various SELinux packages that will help you when creating, managing, and analyzing SELinux policies.

      1. Verify which SELinux packages are installed on your system:

        sudo rpm -aq | grep selinux
        

        A newly deployed CentOS 8 Linode should have the following packages installed:

          
        libselinux-2.5-14.1.el7.x86_64
        selinux-policy-3.13.1-252.el7_7.6.noarch
        selinux-policy-targeted-3.13.1-252.el7_7.6.noarch
        libselinux-utils-2.5-14.1.el7.x86_64
        libselinux-python-2.5-14.1.el7.x86_64
            
        
      2. Install the following packages and their associated dependencies:

        sudo yum install policycoreutils policycoreutils-python setools setools-console setroubleshoot
        
        • policycoreuitls and policyoreutils-python contain several management tools to administer your SELinux environment and policies.
        • setools provides command line tools for working with SELinux policies. Some of these tools include, sediff which you can use to view differences between policies, seinfo a tool to view information about the components that make up SELinux policies, and sesearch used to search through your SELinux policies. setools-console consists of sediff, seinfo, and sesearch. You can issue the --help option after any of the listed tools in order to view more information about each one.
        • setroubleshoot suite of tools help you determine why a script or file may be blocked by SELinux.

        Optionally, install setroubleshoot-server and mctrans. The setroubleshoot-server allows, among many other things, for email notifications to be sent from the server to notify you of any policy violations. The mctrans daemon translates SELinux’s output to human readable text.

      SELinux States and Modes

      SELinux States

      When SELinux is installed on your system, it can be either enabled or disabled. By default, the CentOS 8 image provided by Linode has SELinux in an enabled state.

      • To disable SELinux, update your SELinux configuration file using the text editor of your choice. Set the SELINUX directive to disabled as shown in the example.

        /etc/selinux/config
         1
         2
         3
         4
         5
         6
         7
         8
         9
        10
        11
        12
        
        # This file controls the state of SELinux on the system.
        # SELINUX= can take one of these three values:
        #     enforcing - SELinux security policy is enforced.
        #     permissive - SELinux prints warnings instead of enforcing.
        #     disabled - No SELinux policy is loaded.
        SELINUX=disabled
        # SELINUXTYPE= can take one of three values:
        #     targeted - Targeted processes are protected,
        #     minimum - Modification of targeted policy. Only selected processes are protected.
        #     mls - Multi Level Security protection.
        SELINUXTYPE=targeted
              

        Note

        You can update the SELINUX directive with any of the available SELinux states or modes.
      • Reboot your Linode for the changes to take effect:

        sudo reboot
        
      • Connect to your Linode via SSH (replace 192.0.2.0 with your own Linode’s IP address) and verify your SELinux installation’s status:

        ssh [email protected]
        sudo sestatus
        

        Its output should display disabled

          
        SELinux status:                 disabled
            
        

      SELinux Modes

      When SELinux is enabled, it can run in either enforcing or permissive modes.

      Note

      If SELinux is currently disabled, update your SELinux configuration file with the SELINUX directive set to enabled, then reboot your system, and SSH back into your Linode. These steps are outlined in the SELinux States section of the guide.
      • In enforcing mode, SELinux enforces its policies on your system and denies access based on those policies. Use the following command to view SELinux policy modules currently loaded into memory:

        sudo semodule -l
        
      • Permissive mode does not enforce any of your SELinux policies, instead, it logs any actions that would have been denied to your /var/log/audit/audit.log file.

      • You can check which mode your system is running by issuing the following command:

        sudo getenforce
        
      • To place SELinux in permissive mode, use the following command:

        sudo setenforce 0
        

        Permissive mode is useful when configuring your system, because you and your system’s components can interact with your files, scripts, and programs without restriction. However, you can use audit logs and system messages to understand what would be restricted in enforcing mode. This will help you better construct the necessary policies for your system’s user’s and programs.

      • Use the sealert utility to generate a report from your audit log. The log will include information about what SELinux is preventing and how to allow the action, if desired.

        sudo sealert -a /var/log/audit/audit.log
        

        The output will resemble the example, however, it varies depending on the programs and configurations on your system. The example was generated using a Linode running the Apache webserver with a virtual hosts configuration.

          
        SELinux is preventing /usr/sbin/httpd from write access on the directory logs.
        
        *****  Plugin httpd_write_content (92.2 confidence) suggests   ***************
        
        If you want to allow httpd to have write access on the logs directory
        Then you need to change the label on 'logs'
        Do
        # semanage fcontext -a -t httpd_sys_rw_content_t 'logs'
        # restorecon -v 'logs'
            
        
      • To allow /usr/sbin/httpd write access to the directory logs, as shown by the output, you can execute the suggested commands, semanage fcontext -a -t httpd_sys_rw_content_t 'logs' and restorecon -v 'logs'.

      SELinux Context

      SELinux marks every single object on a machine with a context. Every file, user, and process has a context. The context is broken into three parts: user, role, and type. An SELinux policy controls which users can get which roles. Each specific role places a constraint on what type of files that user can access. When a user logs in to a system, a role is assigned to the user as seen in the ls -Z example, the output unconfined_u is a user role.

      1. Create a directory in your home folder:

        mkdir ~/example_dir
        
      2. Print the SELinux security context of your home folder’s directories and files :

        ls -Z ~/
        

        The output is similar to:

          
        drwxrwxr-x. example_user example_user unconfined_u:object_r:user_home_t:s0 example_dir
            
        

        The SELinux specific information is contained in the unconfined_u:object_r:user_home_t:s0 portion, which follows the following syntax: user:role:type:level. To learn more about users, roles, and related access control, see the CentOS SELinux documentation.

      SELinux Boolean

      An SELinux Boolean is a variable that can be toggled on and off without needing to reload or recompile an SELinux policy.

      1. You can view the list of boolean variables using the getsebool -a command. Pipe the command through grep to narrow down your results.

        sudo getsebool -a | grep "httpd_can"
        

        You will see a similar output:

          
        httpd_can_check_spam --> off
        httpd_can_connect_ftp --> off
        httpd_can_connect_ldap --> off
        httpd_can_connect_mythtv --> off
        httpd_can_connect_zabbix --> off
        httpd_can_network_connect --> off
        httpd_can_network_connect_cobbler --> off
        httpd_can_network_connect_db --> off
        httpd_can_network_memcache --> off
        httpd_can_network_relay --> off
        httpd_can_sendmail --> off
            
        

        You can change the value of any variable using the setsebool command. If you set the -P flag, the setting will persist through reboots. If, for example, you want to allow HTTPD scripts and modules to connect to the network, update the corresponding boolean variable

        sudo setsebool -P httpd_can_network_connect ON
        

        When viewing a list of your boolean variables, you should now see that it is set to ON.

        sudo getsebool -a | grep "httpd_can"
        
          
        httpd_can_check_spam --> off
        httpd_can_connect_ftp --> off
        httpd_can_connect_ldap --> off
        httpd_can_connect_mythtv --> off
        httpd_can_connect_zabbix --> off
        httpd_can_network_connect --> on
        httpd_can_network_connect_cobbler --> off
        httpd_can_network_connect_db --> off
        httpd_can_network_memcache --> off
        httpd_can_network_relay --> off
        httpd_can_sendmail --> off
              
        

      Next Steps

      This guide provides a brief and basic introduction to SELinux administration. You can now take a deeper dive into SELinux by consulting some of the resources include in the More Information section of this guide.

      More Information

      You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.

      This guide is published under a CC BY-ND 4.0 license.



      Source link

      A Beginner's Guide to SELinux on CentOS 7


      Updated by Linode

      Written by Angel Guarisma

      Getting Started with SELinux

      SELinux is a Mandatory Access Control (MAC) system, developed by the NSA. SELinux was developed as a replacement for Discretionary Access Control (DAC) that ships with most Linux distributions.

      The difference between DAC and MAC is how users and applications gain access to machines. Traditionally, the command sudo gives a user the ability to heighten permissions to root-level. Root access on a DAC system gives the person or program access to all programs and files on a system.

      A person with root access should be a trusted party. But if security has been compromised, so too has the system. SELinux and MACs resolve this issue by both confining privileged processes and automating security policy creation.

      SELinux defaults to denying anything that is not explicitly allowed. SELinux has two global modes, permissive and enforcing. Permissive mode allows the system to function like a DAC system, while logging every violation to SELinux. The enforcing mode applies a strict denial of access to anything that isn’t explicitly allowed. To explicitly allow certain behavior on a machine, you, as the system administrator, have to write policies that allow it. This guide provides a brief and basic introduction to commonly used commands and practices for SELinux system administration.

      Before You Begin

      1. Ensure that you have followed the Getting Started and Securing Your Server guides.

        Note

        This guide is written for a non-root user. Commands that require elevated privileges are prefixed with sudo. If you’re not familiar with the sudo command, you can check our Users and Groups guide.
      2. Update your system:

        sudo yum update
        

        Note

        The Linode kernel does not support SELinux by default. However, all new Linodes running CentOS 7 use the distribution provided kernel, which has SELinux enabled by default.

        If your system is running a Linode kernel, you will need to change to an upstream kernel in order to use SELinux. See the How to Change Your Linode’s Kernel for more steps. Once you’re kernel is set to the upstream kernel, continue on with the steps in this guide.

      Install Supporting SELinux Packages

      In this section, you will install various SELinux packages that will help you when creating, managing, and analyzing SELinux policies.

      1. Verify which SELinux packages are installed on your system:

        sudo rpm -aq | grep selinux
        

        A newly deployed CentOS 7 Linode should have the following packages installed:

          
        libselinux-2.5-14.1.el7.x86_64
        selinux-policy-3.13.1-252.el7_7.6.noarch
        selinux-policy-targeted-3.13.1-252.el7_7.6.noarch
        libselinux-utils-2.5-14.1.el7.x86_64
        libselinux-python-2.5-14.1.el7.x86_64
            
        
      2. Install the following packages and their associated dependencies:

        sudo yum install policycoreutils policycoreutils-python setools setools-console setroubleshoot
        
        • policycoreuitls and policyoreutils-python contain several management tools to administer your SELinux environment and policies.
        • setools provides command line tools for working with SELinux policies. Some of these tools include, sediff which you can use to view differences between policies, seinfo a tool to view information about the components that make up SELinux policies, and sesearch used to search through your SELinux policies. setools-console consists of sediff, seinfo, and sesearch. You can issue the --help option after any of the listed tools in order to view more information about each one.
        • setroubleshoot suite of tools help you determine why a script or file may be blocked by SELinux.

        Optionally, install setroubleshoot-server and mctrans. The setroubleshoot-server allows, among many other things, for email notifications to be sent from the server to notify you of any policy violations. The mctrans daemon translates SELinux’s output to human readable text.

      SELinux States and Modes

      SELinux States

      When SELinux is installed on your system, it can be either enabled or disabled. By default, the CentOS 7 image provided by Linode has SELinux in an enabled state.

      • To disable SELinux, update your SELinux configuration file using the text editor of your choice. Set the SELINUX directive to disabled as shown in the example.

        /etc/selinux/config
         1
         2
         3
         4
         5
         6
         7
         8
         9
        10
        11
        12
        
        # This file controls the state of SELinux on the system.
        # SELINUX= can take one of these three values:
        #     enforcing - SELinux security policy is enforced.
        #     permissive - SELinux prints warnings instead of enforcing.
        #     disabled - No SELinux policy is loaded.
        SELINUX=disabled
        # SELINUXTYPE= can take one of three values:
        #     targeted - Targeted processes are protected,
        #     minimum - Modification of targeted policy. Only selected processes are protected.
        #     mls - Multi Level Security protection.
        SELINUXTYPE=targeted
              

        Note

        You can update the SELINUX directive with any of the available SELinux states or modes.
      • Reboot your Linode for the changes to take effect:

        sudo reboot
        
      • Connect to your Linode via SSH (replace 192.0.2.0 with your own Linode’s IP address) and verify your SELinux installation’s status:

        ssh [email protected]
        sudo sestatus
        

        Its output should display disabled

          
        SELinux status:                 disabled
            
        

      SELinux Modes

      When SELinux is enabled, it can run in either enforcing or permissive modes.

      Note

      If SELinux is currently disabled, update your SELinux configuration file with the SELINUX directive set to enabled, then reboot your system, and SSH back into your Linode. These steps are outlined in the SELinux States section of the guide.
      • In enforcing mode, SELinux enforces its policies on your system and denies access based on those policies. Use the following command to view SELinux policy modules currently loaded into memory:

        sudo semodule -l
        
      • Permissive mode does not enforce any of your SELinux policies, instead, it logs any actions that would have been denied to your /var/log/audit/audit.log file.

      • You can check which mode your system is running by issuing the following command:

        sudo getenforce
        
      • To place SELinux in permissive mode, use the following command:

        sudo setenforce 0
        

        Permissive mode is useful when configuring your system, because you and your system’s components can interact with your files, scripts, and programs without restriction. However, you can use audit logs and system messages to understand what would be restricted in enforcing mode. This will help you better construct the necessary policies for your system’s user’s and programs.

      • Use the sealert utility to generate a report from your audit log. The log will include information about what SELinux is preventing and how to allow the action, if desired.

        sudo sealert -a /var/log/audit/audit.log
        

        The output resembles the example, however, it varies depending on the programs and configurations on your system. The example was generated using a Linode running the Apache webserver with a virtual hosts configuration.

          
        SELinux is preventing /usr/sbin/httpd from write access on the directory logs.
        
        *****  Plugin httpd_write_content (92.2 confidence) suggests   ***************
        
        If you want to allow httpd to have write access on the logs directory
        Then you need to change the label on 'logs'
        Do
        # semanage fcontext -a -t httpd_sys_rw_content_t 'logs'
        # restorecon -v 'logs'
            
        
      • To allow /usr/sbin/httpd write access to the directory logs, as shown in the output, you can execute the suggested commands, semanage fcontext -a -t httpd_sys_rw_content_t 'logs' and restorecon -v 'logs'.

      SELinux Context

      SELinux marks every single object on a machine with a context. Every file, user, and process has a context. The context is broken into three parts: user, role, and type. An SELinux policy controls which users can get which roles. Each specific role places a constraint on what type of files that user can access. When a user logs in to a system, a role is assigned to the user as seen in the ls -Z example, the output unconfined_u is a user role.

      1. Create a directory in your home folder:

        mkdir ~/example_dir
        
      2. Print the SELinux security context of your home folder’s directories and files:

        ls -Z ~/
        

        The output is similar to:

          
        drwxrwxr-x. example_user example_user unconfined_u:object_r:user_home_t:s0 example_dir
            
        

        The SELinux specific information is contained in the unconfined_u:object_r:user_home_t:s0 portion, which follows the following syntax: user:role:type:level. To learn more about users, roles, and related access control, see the CentOS SELinux documentation.

      SELinux Boolean

      An SELinux Boolean is a variable that can be toggled on and off without needing to reload or recompile an SELinux policy.

      1. You can view the list of boolean variables using the getsebool -a command. Pipe the command through grep to narrow down your results.

        sudo getsebool -a | grep "httpd_can"
        

        You will see a similar output:

          
        httpd_can_check_spam --> off
        httpd_can_connect_ftp --> off
        httpd_can_connect_ldap --> off
        httpd_can_connect_mythtv --> off
        httpd_can_connect_zabbix --> off
        httpd_can_network_connect --> off
        httpd_can_network_connect_cobbler --> off
        httpd_can_network_connect_db --> off
        httpd_can_network_memcache --> off
        httpd_can_network_relay --> off
        httpd_can_sendmail --> off
            
        

        You can change the value of any variable using the setsebool command. If you set the -P flag, the setting will persist through reboots. If, for example, you want to allow HTTPD scripts and modules to connect to the network, update the corresponding boolean variable.

        sudo setsebool -P httpd_can_network_connect ON
        

        When viewing a list of your boolean variables, you should now see that it is set to ON.

        sudo getsebool -a | grep "httpd_can"
        
          
        httpd_can_check_spam --> off
        httpd_can_connect_ftp --> off
        httpd_can_connect_ldap --> off
        httpd_can_connect_mythtv --> off
        httpd_can_connect_zabbix --> off
        httpd_can_network_connect --> on
        httpd_can_network_connect_cobbler --> off
        httpd_can_network_connect_db --> off
        httpd_can_network_memcache --> off
        httpd_can_network_relay --> off
        httpd_can_sendmail --> off
              
        

      Next Steps

      This guide provides a brief and basic introduction to SELinux administration. You can now take a deeper dive into SELinux by consulting some of the resources include in the More Information section of this guide.

      More Information

      You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.

      This guide is published under a CC BY-ND 4.0 license.



      Source link