Manual Deployment of SELinux Policies

SELinux policies are deployed automatically during CloudBlue Commerce installation and upgrade. However, they are not deployed on:

  • the nodes that are not registered in CloudBlue Commerce,
  • the nodes that do not meet prerequisites.

If policies were not deployed automatically, you can install them manually using the instructions below.

Prerequisites

Before you deploy the SELinux policies, update the selinux-policy-targeted package to the latest version on all nodes where SELinux should be enabled:

yum update selinux-policy-targeted

CloudBlue Commerce Management and UI Nodes

To install and apply SELinux policies to the CloudBlue Commerce management and UI nodes, do the following:

  1. Connect to the CloudBlue Commerce management node and UI nodes as root via SSH.

  2. Import the PA agent and jboss policies using the following commands:

    semodule -i /usr/share/selinux/packages/pa-agent/pa_agent.pp
semodule -i /usr/local/pem/u/selinux/pa_jboss.pp

  3. Apply the imported policies:

    restorecon -R -v /usr/local /var/log/pa /etc/rc.d/init.d

  4. Apply the changes by restarting pa-agent and pau services:

    systemctl restart pau
    systemctl restart pa-agent

Billing Application Node

To install and apply SELinux policies to Billing application node, do the following:

  1. Connect to the Billing application node as root via SSH.

  2. Import the PA agent, jboss and billing policies using the following commands:

    semodule -i /usr/share/selinux/packages/pa-agent/pa_agent.pp
    semodule -i /usr/local/pem/u/selinux/pa_jboss.pp
    semodule -i /usr/local/bm/etc/selinux/bm.pp

  3. Apply the imported policies:

    restorecon -R -v /usr/local /var/log/pa /etc/rc.d/init.d /run /dev/shm

  4. Apply the changes by restarting the pa-agent, pau and pba services:

    systemctl restart pau
    systemctl restart pa-agent
systemctl restart pba

CloudBlue Commerce Database Nodes

To install and apply the SELinux policies to the CloudBlue Commerce Database Nodes, do the following:

  1. Connect to the CloudBlue Commerce database nodes as root via SSH.

  2. If the database node is registered in CloudBlue Commerce:

    1. Import the PA agent policy using the following command:

      semodule -i /usr/share/selinux/packages/pa-agent/pa_agent.pp

    2. Apply the imported policy:

      restorecon -R -v /usr/local /var/log/pa /etc/rc.d/init.d /usr/pgsql /var/lib/pgsql
  3. If the database node is not registered in CloudBlue Commerce:
    1. Copy the the pa_agent.pp file to a directory on the database node.

    2. Import the PA agent policy using the following command: 

      semodule -i ./pa_agent.pp

    3. Apply the imported policy to pgsql directories:

      restorecon -R -v /usr/pgsql /var/lib/pgsql

Other Nodes

To install and apply the SELinux policies to other nodes, do the following:

  1. Connect to a node registered in CloudBlue Commerce as root via SSH.

  2. Import the PA agent policy using the following command:

    semodule -i /usr/share/selinux/packages/pa-agent/pa_agent.pp

  3. Apply the imported policy:

    restorecon -R -v /usr/local /var/log/pa /etc/rc.d/init.d

After that, all necessary policies are imported and applied and SELinux mode can be changed to enforcing.

© 2024 Ingram Micro, Inc. All Rights Reserved. Privacy Policy, Terms of Use and Legal