配置selinux策略加固nginx

默认情况下，SELinux没有保护Nginx Web服务器，可以手动配置进行保护，首先安装SELinux编译时需要的支持包：
 
# yum -y install selinux-policy-targeted selinux-policy-devel
 
从主页（http：//sourceforge.net/projects/selinuxnginx/）下载SELinux策略：
 
#cd /root/install && wget http：//downloads.sourceforge.net/project/selinuxnginx/se-ngix_1_0_10.tar.gz?use_mirror=nchc

# tar zxf se-ngix_1_0_10.tar.gz
# cd se-ngix_1_0_10/nginx
# make
 
输出示例：
[root@bogon nginx]# make
Compiling targeted nginx module
/usr/bin/checkmodule:  loading policy configuration from tmp/nginx.tmp
/usr/bin/checkmodule:  policy configuration loaded
/usr/bin/checkmodule:  writing binary representation (version 6) to tmp/nginx.mod
Creating targeted nginx.pp policy package
rm tmp/nginx.mod.fc tmp/nginx.mod

安装生成的nginx.pp SELinux模块：
# /usr/sbin/semodule -i nginx.pp?