Just curious, and perhaps naive... what can an attacker achieve if biomart is using a read-only database user? (Or is read-write needed for session storage or something? [I am not a current biomart instance admin.] Even so, you could lock down the privileges sufficiently to prevent any nefarious activity...?)
On Tue, Jul 5, 2011 at 4:38 PM, Joachim Baran <[email protected]>wrote: > Hi! > > On 11-07-05 11:17 AM, "Julian Selley" <[email protected]> wrote: > > I wondered if any of the users out there had any experience with either > configuring SELinux or mod_security to work with a biomart installation. > > Are you using BioMart 0.7 or 0.8? > > At Manchester, the pubmed2ensembl56.smith.man.ac.uk server runs BioMart > 0.7 under SELinux and as far as I remember, I only had to create some custom > modules to allow for outgoing connections in order to query NCBI's eutils. > You can create SELinux policy modules as described here: > http://wiki.centos.org/HowTos/SELinux#head-faa96b3fdd922004cdb988c1989e56191c257c01 > If > you get in touch with Casey in Manchester, then he should be able to direct > you to his internal wiki where I have described the workflow to create > custom policy modules step-by-step. > > If you are using BioMart 0.8, then you also should be able to create the > SELinux policy modules as described above. You might have to iterate the > process up to 5 times before you have created enough policies that allow the > server to function correctly. Unfortunately, this process cannot be > optimised, because each time you grant the server a bit more rights, it will > proceed a tad further before running into another violation. Policy creation > has to be done iteratively. > > Joachim >
_______________________________________________ Users mailing list [email protected] https://lists.biomart.org/mailman/listinfo/users
