Wednesday, October 30, 2019

Air Astana and Alliances Dissertation Example | Topics and Well Written Essays - 14750 words

Air Astana and Alliances - Dissertation Example It has been informed and increasingly taken in to account that the airline does not have any collaboration or tie up with regards to the fleet management or route management, with any other airline in the world. Air Astana being one of the most efficient and largest operators of airlines basing out of the Kazakhstan region is increasingly taking into consideration, the relative advantages and disadvantages that the company can have in terms of forming a chain of collaboration or network for the purpose of fleet management as well as route management. The project has been approached by giving a general overview of global airline industry that is operating in every part of the globe. The next part moves on towards the process of giving a brief insight in terms of airline industry operating in UK and Kazakhstan as well as providing vital information and insights on the airline Air Astana. The next part of the project provides an analysis of the external as well internal factors pertaini ng to the macro and micro economic conditions that can propose a series of threat and benefits to the working strategies and operations of the airline company. The next parts comprises of the research methodology as well as the relevant findings and discussions in line with the research methodology.... the relative advantages and disadvantages that the company can have in terms of forming a chain of collaboration or network for the purpose of fleet management as well as route management. The project has been approached by giving a general overview of global airline industry that is operating in every part of the globe. The next part moves on towards the process of giving a brief insight in terms of airline industry operating in UK and Kazakhstan as well as providing vital information and insights on the airline Air Astana. The next part of the project provides an analysis of the external as well internal factors pertaining to the macro and micro economic conditions that can propose a series of threat and benefits to the working strategies and operations of the airline company. The next parts comprises of the research methodology as well as the relevant findings and discussions in line with the research methodology. The last comprises of the conclusions and discussions which have be en found, determined and or identified as a part of the research analysis of the project. Chapter 1: Introduction 1.1 Background of the Study 1.2 Objectives of the Study 1.3 Research Questions 1.4 Significance of the Study 1.5 Research Structure 1.1 Background of the Study Aviation is regarded as a highly important and critical management process which is followed actively in the sector of airline industry. The prime and fundamental responsibility and objective of the aviation industry is to strategically manage and overlook the entire operational performance as well as business related performances in the airline sector. The secondary objectives comprises of overlooking and encouraging necessary technological developments for the purpose of increasing of operational and business

Monday, October 28, 2019

Impact of Employee Retention Essay Example for Free

Impact of Employee Retention Essay Griffeth Hom (2001) have argued that employee turnover is assuming crisis proportions for many employers who struggle to retain people in the tightest labour market. Griffeth Hom (2001, Pg 1) 52% of companies report that their turnover is increasing and quit rates are running high of 1.1% a month.† Turnover can be a real problem in many organisations. Companies spend a great deal of time and money recruiting and training employees and the cost of replacing staff members lost through turnover are great. The monetary cost of replacing one employee is generally estimated to range from 50 percent to 200 percent of the annual salary for the position, and may even be higher in very specialized fields. Furthermore, poor employee retention can have a negative impact on workplace productivity, job satisfaction, and also on the overall morale of the organisation. It is proven that a high turnover percentage can cost employers a great deal of financial distress. Depending on the size of the company, to many employers it can make the difference in staying or going out of business. Phillips (2003,Pg 4) noted that, â€Å"of late employee retention has captured the attention of the business, financial, and executive community as a critically important strategic issue that can have a dramatic effect on productivity and profits.† Cascio, 2000 and Johnson,1995 cited in Griffeth Hom, Retaining Valued Employees (2001), are of the opinion that, human resources professionals and researchers project that the cost of one turnover incidence ranges from between 93% to 200% of a leavers salary, depending on his or her skill and level of job responsibility. Labour turnover has a negative impact on the organizations. Although every manager and team member is aware of problems associated with high turnover, a review of its foremost consequences puts employee retention in the appropriate perspective. Patricia (2002, pg 4, 5) noted that â€Å"employee turnover has a serious impact on organisations. Firstly high financial costs, which is both in terms of direct and indirect costs and the performance of companies has been inhibited in many ways by high turnover rates. Sometimes the costs alone causes turnover to become a critical strategic issue. Secondly, in terms of survival as an issue, where in a tight labour market in which the company depends on having employees with critical skills, recruiting and retaining the appropriate talent can determine the success or failure of the organisation. Thirdly in terms of productivity loses and workflow interruptions , where an employee who quits abruptly not only leaves a productivity gap but also causes problems for others on the same team and within the same flow of work. Fourthly in terms of loss of know-how especially with regards to knowledge industry, where a departing employee may have the critical knowledge and skills needed for working with specific software. This can be a negative impact at least in the short run. Fifthly, turnover can have a serious impact on the image of the organisations.† Patricia (2002) also noted that some of the other impacts of turnover on organisations may be with regards to loss of business opportunities, administrative problems, disruption of social and communication networks, and job satisfaction of remaining employees. Patricia (2002) noted that it is important to remember that turnover can have a negative impact on the individual, particularly if an employee is leaving because of problems that could have been prevented. Furthermore, Patricia (2002) noted that a voluntary turnover because of problems that could have been avoided creates a variety of consequences such as loss of employee benefits or job seniority, financial difficulties, loss of social network, relocation costs, wasted efforts and uncompleted projects, and even more in terms of career problems. Branham (2005) noted that employees quit because of the disengagement process and deliberation process. Branham (2005) also noted that there are 7 reasons as to why employees leave organisations. They are as follows: 1. The job or the workplace was not expected. 2. The mismatch between job and person. 3. Very little coaching and feedback. 4. Few growth and advancement opportunities. 5. Feeling devalued and unrecognised. 6. Stress from overwork and work-life imbalance. 7. Loss of trust and confidence in senior leaders. There is no set level of employee turnover that determines at what point turnover starts to have a negative impact on an organisations performance. Everything depends on the type of labour markets in which you compete. Where it is relatively easy to find and train new employees quickly and at relatively little cost (that is where the labour market is loose), it is possible to sustain high quality levels of service provision despite having a high turnover rate. By contrast, where skills are relatively scarce, where recruitment is costly or where it takes several weeks to fill a vacancy, turnover is likely to be problematic for the organisation. This is especially true of situations in which you are losing staff to direct competitors or where customers have developed relationships with individual employees. Some employee turnover positively benefits organisations. This happens when a poor performer is replaced by a more productive employee, and can happen when a senior retirement allows the promotion or acquisition of welcome fresh blood. The more valuable the employees in question the more damaging the resignation, particularly when they move on to work for competitors. Moderate levels of staff turnover can also help to reduce staff costs in organisations where business levels are unpredictable month on month. When business is slack it is straightforward to hold off filling recently created vacancies for some weeks. Staw (1980 cited in Griffeth and Hom (2002), argues that turnover is not always bad. For instance, vacating employees or employees who quit can increase promotional opportunities for other employees or can infuse new ideas and technologies when new employees replace those who left. Dalton, Krackhardt and Porter (1981cited in Griffeth and Hom (2002), are of the opinion that certain kinds of jobs exits or quits among marginal perfor mers are even desirable. Abelson Bay singer (1994, cited in Griffeth and Hom (2002) that a certain quit rate might be tolerated as a cost of doing business in a particular industry. Stephen Taylor (2002, Pg 15) noted that for many HR specialists, rising staff turnover is seen as being an important organisational problem. It follows that improving retention rates should be high on the management agenda, and it is proper for resources to be devoted to achieving this aim. However a certain amount of turnover is actively welcomed by many managers. â€Å"Nonetheless, Griffeth Hom (2001) have noticed that organisational-level research and corporate studies report that high exit rates generally worsen organisational effectiveness. Though there are diverse opinions from various authors, and taking the above argument into consideration, it is clear that employees play a fundamental role in the success of any organisation and therefore by retaining talented or rather key employees is a very important task that the managers should undertake. Phillips Connell (2002) noted that, some organisations do a superb job of managing retention, whereas others fail miserably. The issues are not always externally driven but often lie within the organisation.

Saturday, October 26, 2019

Abolishing Welfare will NOT Reduce Teenage Pregnancy :: essays research papers

Abolishing Welfare will NOT Reduce Teenage Pregnancy Robert J. Samuelson, a freelance writer for â€Å"Newsweek† magazine believes that the present welfare system needs to be abolished for certain age groups, and that as a result, teenage pregnancy is on the rise. Either this writer is desperate or he just does not care what he writes about. I believe that Samuelson’s article displays non conclusive data for his facts, financial flaws, and severe racial issues, but what really infuriate me is that he believes that abolishing welfare is the solution to eliminating teenage pregnancy and â€Å"Newsweek† magazine really printed this article.   Ã‚  Ã‚  Ã‚  Ã‚  Samuelson focuses on the black family from the beginning of his article by giving statistics that are non conclusive. He states that â€Å"A young black child now has only a one-in-five chance of growing up with two parents.†(43) How does he know this? He is not giving any supporting information on this at all to make me believe that it is accurate and factual information. Nevertheless, in making comparisons, he should have given the chances for whites and supported his research better. I am not saying that this information is incorrect, but what I am implying is that I could have believed it if I would have been able to see it for myself. Samuelson also used information from Leon Dash, a black reporter for the â€Å"Washington Post† in his article. First of all, Dash is a black man giving his insight on living in the black community for a year to understand teenage pregnancy. Samuelson is a white man viewing Dash’s conclusion in his own words to make his story look good. This is irrelevant and Samuelson should have gone to live in the black community to do his own research instead of giving his overall conclusion on Dash’s research. Samuelson believes that financial hardship is basically the problem, but of course I disagree. He states â€Å"In 1991, median family income for black married couples was $33,000; for a single mother, median income was $11,400.†(43) This is another case of not having supporting information as well as non comparisons to white’s income. Yes, you do need money to provide for your family, but does not having a lot of money really mean that your kids will be unsuccessful? No, money does not dictate how successful kids are. Let’s look at my family for example: my mother was a single parent and she did not have a lot of money, but my brother and I are very successful.

Thursday, October 24, 2019

Compare and Contrast Essay Art

Work #1 Mona Lisa Leonardo de Vinci, i503-i507 Oil on poplar, (77 x 55cm, 30 x 21in) Muste de Louve, Paris Work # 2 Flowers of Edo: Young Woman’s narrative Chanting to the Shamison Kitagowa Utamoro, Mid 17903 Color wood block print (15 1/8 x 10/38. 5 x 25. 5 cm) Spencer Museums Art The University of Kansas I am not a professional art critic, I just like beautiful paintings. It is very fascinating to me the talent that some are born with. Dilect changes with time but a painting or message or imaginary stays the same. I chose two very important paintings both are portraits of woman. They were created during different time periods. Comparing the two work one (Mona Lisa) is very detailed, while work two (Flowers of Edo: Young woman’s narrative chanting to the shamisen) is more sketched. I am left wondering if work two was a real person or drawing that was later painted. Mona Lisa or La Giocanda (Lajaconde) is the 16th century, oil paintings on polar wood by Leonardo Da Vinci, and is one of the world’s most famous paintings. Few works of art have been subjected to as much scrutiny, study, mythologizing and parody. It is owned by the French government and hangs in the Musee da Louvre in Paris. The painting, a half-length portrait, depicts a woman whose gaze meets the viewers with an expression often described as enigmatic. The title Mona Lisa stems from the Giorgio Vasari biography of Leonard De Vinci published 31 yrs after Leonard’s death. In it he identified the sitter as Lisa Gherardini, the wife of a wealthy businessman; Mona was a common name from the title Madonna, meaning my lady, the English version of Madam. The alternative title is the Italian version which means light-hearted was derived because of her smile. The â€Å"Flowers of Edo† was a series of creations by artist kawakawa Utamoro, who was a Japanese print maker and painter, and he is considered one of the greatest artists of wood block prints. He is especially known for his masterfully composed studies of women. His sensuous female beauties are generally considered the finest and most evocative. He also produced nature studies particularly illustrated books of insects. Kitagawa work reached Europe in the middle of the 19th century, where his works were very popular; enjoying particular fame in France. He influenced the European impressionist, particularly with his use of partial views, with an emphasis or light and shade. Sources The Mona Lisa Exposed Http://www. hepgura. com/mona Lisa, an ad supported tufts University student website dedicated to the Mona Lisa. Shrug asana, Timothy Clark, The passionate art of Kitagowa Utamaro British Museum Press, London, 1995

Wednesday, October 23, 2019

My Life in 10 Years Essay

I always wanted to see what will be my life in the future, what will be my career and what will I become? As I reflected my childhood I have many dreams and aspirations that I would like to accomplish within the next ten years to come. In ten years, I can see myself having many of my goal accomplished, if not accomplished, I will be working on accomplishing those goals to fulfil my life. We all know when growing up that we all wanted that fairy tale ending with the house, car, kids, and the dog. Ten years from now I plan to be raising my children, coming out of college with several degrees, and being happy. They say in one’s life we all make choices, but in the end, our choices make us. You’re about to embark with me unto the long, curvy road of my life, and Watch upon it as it unfolds through my eyes. This is my life as I see it will be ten years from now. I have most of it planned out already. This is my story. see more:where do you see yourself in 5 years essay School has always been an important goal in my life. Growing up I always wanted to attend college for at least 10 years to receive an accounting degree. Now that I’m older I realized that accountancy is not what I want. I want to be a doctor. I am interested in M.D. /Ph.D. dual degree program, receiving a certificate, and a licence for medicine. I’m sure I am going to be professional doctor someday. I love helping other people with their sickness.

Tuesday, October 22, 2019

Jane Eyre Essays - English-language Films, British Films, Jane Eyre

Jane Eyre Essays - English-language Films, British Films, Jane Eyre Jane Eyre Jane Eyre of Charlotte Brontes Jane Eyre, develops drastically within the first few chapters of the novel. Her environment was a major influential factor in Janes development. It would shape the person she is and will be. Jane is a character of strength as a result of her vivid imagination and strong emotions, these made her extremely vulnerable to the environment around her. At the very beginning Jane is very feisty, and almost rebellious towards everyone around her. She seems to be aggravated and irritated by everything around because she is an orphan. With the progression of the novel she transforms by allowing the environment she is in to influence her by opening up to others and slowly terminating that rude little girl which existed at the very beginning. As Jane grows she becomes the influence of her environment. Her boldness, intelligence, kindness, as well as vulnerability transform her role in the novel. Jane has become the authority figure, a woman taking a strand without allowing others to stomp all over her. Janes role has reversed. Jane isnt only the main character of Charlotte Brontes Jane Eyre she is also a revolutionary character. She is a representation of strength, symbolizing the new woman of literature. She was and has influenced her environment by being a blunt and outspoken person.

Monday, October 21, 2019

Switch Statement in Ruby

How to Use the Case/Switch Statement in Ruby In most computer languages, the case or conditional (also known as  switch) statement compares the value of a variable with that of several constants or literals and executes the first path with a matching case. In Ruby, its a bit more flexible (and powerful). Instead of a simple equality test being performed, the case equality operator is used, opening the door to many new uses. There are some differences from other languages though. In C, a switch statement is a kind of replacement for a series of if and goto statements. The cases are technically labels, and the switch statement will go to the matching label. This exhibits a behavior called fallthrough, as the execution doesnt stop when it reaches another label. This is usually avoided using a break statement, but fallthrough is sometimes intentional. The case statement in Ruby, on the other hand, can be seen as a shorthand for a series of if statements. There is no fallthrough, only the first matching case will be executed. The Basic Form of a Case Statement The basic form of a case statement is as follows. As you can see, this is structured something like an if/else if/else conditional statement. The name (which well call the value), in this case inputted from the keyboard, is compared to each of the cases from the when clauses (i.e.  cases), and the first when block with a matching case will be executed. If none of them match, the else block will be executed. Whats interesting here is how the value is compared to each of the cases. As mentioned above, in C, and other C-like languages, a simple value comparison is used. In Ruby, the case equality operator is used. Remember that the type of the left-hand side of a case equality operator is important, and the cases are always the left-hand side. So, for each when clause, Ruby will evaluate case value until it finds a match. If we were to input Bob, Ruby would first evaluate Alice Bob, which would be false since String# is defined as the comparison of the strings. Next, /[qrz]./i Bob would be executed, which is false since Bob doesnt begin with Q, R or Z. Since none of the cases matched, Ruby will then execute the else clause. How the Type Comes Into Play A common use of the case statement is to determine the type of value and do something different depending on its type. Though this breaks Rubys customary duck typing, its sometimes necessary to get things done. This works by using the Class# (technically, the Module#) operator, which tests if the right-hand side is_a? left-hand side. The syntax is simple and elegant: Another Possible Form If the value is omitted, the case statement works a bit differently: it works almost exactly like an if/else if/else statement. The advantages of using the case statement over an ​if statement, in this case, are merely cosmetic. A More Compact Syntax There are times when there are a large number of small when clauses. Such a case statement easily grows too large to fit on the screen. When this is the case (no pun intended), you can use the then keyword to put the body of the when clause on the same line. While this makes for some very dense code, as long as each when clause is very similar, it actually becomes more readable. When you should use single-line and multi-line when clauses are up to you, its a matter of style. However, mixing the two is not recommended - a case statement should follow a pattern to be as readable as possible. Case Assignment Like if statements, case statements evaluate to the last statement in the when clause. In other words, they can be used in assignments to provide a kind of table. However, dont forget that case statements are much more powerful than simple array or hash lookups. Such a table doesnt necessarily need to use literals in the when clauses. If there is no matching when clause and no else clause, then the case statement will evaluate to nil.

Sunday, October 20, 2019

How to answer What are you most passionate about in an interview

How to answer What are you most passionate about in an interview When we’re on the job hunt in search of our next great career opportunity, many of us spend the bulk of our time in prep mode, where we do everything we can to try and get our foot in the door of a company that we want to work for. This includes research to see which companies are hiring, catching up on the latest industry news and trends, and frantic networking to kick open the doors of opportunity. Meanwhile, we’re also polishing our cover letters and resumes until they’re razor-sharp, and- if we’re lucky enough to score an interview- spending an almost embarrassing amount of time thinking about what we’re going to wear to make a perfect impression. Sure, these are positive steps to take and will help you get closer to making your goal a reality. But the truth is, today’s savvy interviewers are looking for more than just walking bulleted lists of skills and accomplishments. They want to make sure they hire well-rounded candidates who are pa ssionate about work and life who will fit well into their company cultures. According to a recent article by Inc., â€Å"†¦ employees who fit well with their organization, coworkers, and supervisor had greater job satisfaction, were more likely to remain with their organization, and showed superior job performance.†Think about it- hiring personnel are going to be bombarded with a blizzard of successful candidates who have the requisite abilities to handle the job effectively. Do you want to be just one more qualified person, or do you want to stand out from the crowd and make a deeper impression?Hopefully, we’ve convinced you that today’s successful job candidates are able to demonstrate what motivates and drives them, and what they’re truly passionate about in life- a question that is increasingly popping up during interviews. The truth is, many candidates (even ones who have prepared intensely) stumble when asked what they’re passionate abou t during interviews. But you don’t have to! Use the following strategies to help you hit a home run when this question comes flying your way.Be honestThe truth is, seasoned hiring managers are great lie detectors and will likely know when you’re telling the truth and when you’re just floundering in an effort to try and make a good impression. Today’s progressive companies often dedicate time, energy, and resources to a variety of helpful humanitarian causes, and if your passions naturally align with theirs then that’s a sign of a great fit. So, if you’re truly passionate about helping orphans in third-world countries or dedicated to ending ocean pollution that’s fantastic, but if you’re just trying to make yourself sound good, chances are it will backfire- especially if you’re asked follow-up questions that you don’t have answers for. Being honest about what you’re passionate about in life, whatever it is, is your best approach, and the right company will appreciate who you are and what moves you.Be boldChances are if you’re asked about what you’re passionate about in life then so are those other qualified candidates, so do what you can to make sure your response stands out. Use bold and genuine language and imagery when discussing your passions, and if you have a compelling story to back it all up, even better. The goal here is to make a strong impression that you’re the sort of person who dedicates 100% of themselves to the things in life that matter to you- an impression that lasts long after the interview is over.Tie it all togetherAs previously mentioned, today’s companies are bolstering their corporate brands by dedicating themselves to all sorts of worthwhile global causes, and if you can show how your passions complement theirs, it’s really going to help you stand out as a potential hire. Also, try to tie your life’s passions to your w ork life, if possible. Show how you’re the sort of person who is naturally driven and motivated by professional challenges, and how work for you is more than just a paycheck. If you can convince interviewers that your passion for your work is undeniable, you’re going to have a much better shot at demonstrating your potential value as a member of their team.If you’re looking to have a stand-out performance during interviews and make a lasting impression, then make sure that your passions- in work and in life- are made clear. Use the advice and strategies presented here to help make that happen, and to ensure that you’re doing your absolute best while on the job hunt. Good luck!

Saturday, October 19, 2019

Teaching Music Essay Example | Topics and Well Written Essays - 750 words

Teaching Music - Essay Example The song is in five sections composed with an introduction and a coda, which is, based on the introduction material obscure the tonality (measure 87). The introductory materials are used throughout the art as a transitional and unifying material. Therefore, regarding the tone, it is heavily influenced by jazz harmonies as initially discussed and with linear passages. The key centers are undecided between C and D. Moreover, the song’s tonal centers are weak because it has used Quartal harmony in horns and trumpets, it lacks cadential harmony structure and emphasizes on horizontal lines, as opposed to vertical sonorities. The vertical sonorities that are present in the composition are cluster chords, extended chord structures, double inflection sonorities and at the very end, one C Major Chord. Wilson makes a broad use of jazz or changed and synthetic scales, which include, changed blues scales, and Minor and major-Locrian scales (Treadwell 8). The opening rhythm in C Section is hocked between all voices. The theme of the piece is to make a harmonious journey to â€Å"home† and with a C major Chord at ever end. Whitacre produces pieces of art that have a unique style that is amazingly powerful and captivating to its audience because of its originality. He is known to write his music in at least eight voice parts, with the strange chord progression, and use of spoken word and percussion. Cloudburst is incredibly complex, and it is set to adopt a Spanish poem by Octavio Paz, â€Å"El Cantaro Roto.† The first part sung without instrumental accompaniment (Cappella section) brings the tone of the piece. In addition, it has a section where the choir has sustained notes with the text that each choir members randomly speaks. The spoken words are not meant to consist of a rhythm as they also have a haunting and disorientating effect on the public or spectators.  

Module 3 Case Assignment Example | Topics and Well Written Essays - 750 words - 2

Module 3 Case - Assignment Example Old Navy targets young adult males who are aged 25 to 35 years old. As most countries recover from the 2008 recession, the level of employment among the young adults has significantly increased. As a result, the income of the young consumers has improved leading to high purchasing power and demand for households and cloths. This implies that by targeting the young adults, Old Navy has taken an effective promotion strategy that will result to increase in the level of sales. In the current times, most of the You Tube and Facebook as well as Twitter visitors are young consumers. In its effort to create strong customer awareness, Old Navy uses social media thus ensuring that its target customers are aware of the new products that the company introduces in the market. The fact that most young men like using mobile devices with fast internet, the company will benefit from sending its information in a high speed to its large customers base. Old Navy prefers the use of mobile devices instead of promoting their brands through the television. One of the key assumptions that were made about the viewing habits of the targeted consumers is that they are not in their mindset while watching the television. According to Ms. Curtis-McIntyre, when men are watching sports through the television, they are not in a position to notice a polo shirt or a pair of jeans. I believe this assumption is valid taking into consideration the strong admiration of sports such as FIFA World Cup and England championships by men. As they continue to watch the games, men may fail to notice a new brand on the screen and thus the use of a mobile device is the best option (Elliott, 2011). As compared to watching the television, men are more interested in watching videos such as Supar Tool and Corporado videos (Lefebvre, 2013). As the result, Old Navy embarked on using the videos an

Friday, October 18, 2019

Strategic human resource management Essay Example | Topics and Well Written Essays - 1000 words

Strategic human resource management - Essay Example Human resources of a company are the most valuable and important assets.The terms Human resource management deals with a wide range and dimension of people. Human resources form the heart of every company The various skills as well as the motivation of the individuals help each individual enhance their performance and together they work towards achieving the goals of the organization. Human resource management is a very crucial part of any business and the human resource managers play a crucial role in the overall success of the business as well (Armstrong). This paper aims at discussing the role of HR in strategic planning of an organization as well as how the human capital planning has an impact on the overall business planning. The next section will briefly deal with the strategic role of HR. Strategic Role of HR: Human Resources Management is one of complex nature and the skills of the people in the organizations are very different and varied. Hence due to complex nature of the s kills and the people HR is more a strategic function than anything else (Carlie). The strategic planning of an organization depends on the Human Resources Management to a great extent, as HRM plays an important role throughout the life span of an employee in the organization, including recruitment, training, development and retention. It has been noted in the current times that the role of the HR is more strategic in nature than the traditional approach. There are mainly two areas that the HR tends to follow, i.e. the overall performance of the company and the role of the HR in terms of solving and resolving the business problems. Hr focuses more so on the overall issues and performance of the company than the performance of individuals and the individual roles (Noe, Hollenbeck and Gerhart). With the intense levels of competition, strategic human resource management involves management of available resources both for short as well as long term goals of the organisation. Business str ategy has been defined as game plan of the management and business strategies have been recognised to be the main source that allows better usage of all resources within the business. In the current time where competition is at its peak, it is clear that every business wishes to use all of its resources to the maximum and to benefit the most of all the resources (Carlie). Strategically using the resources to gain optimum utilisation of the resources is referred to as strategic human resource management. It is crucial that these strategies are in sync with the overall business strategy to create a well balanced business including all aspects like finance and marketing. Importance of HR: Effective human resources management is an important element of business in the current time. The success or failure of a business can clearly be based on the competencies and the attitudes of the human resources of a company and it is now becoming imperative for businesses to attract, retain and also nurture good talent (Noe, Hollenbeck and Gerhart). Currently the boundaries of human resources are clearly being defined by innovativeness and proactive. It is now evident that the success of a business is more so based on the human resources rather than simply wealthy physical resources. The quality of the human resources has become a major element for the overall success of the businesses and also the nation as well. With the intensive growth of technology and the high levels of globalization, it is clear that the businesses are now more knowledge and information based, service oriented, customer centric and competitive. Success of any business is clearly dependent on the level of dynamics of the business and it is here that the human resourc

Analyzing Jack Assignment Example | Topics and Well Written Essays - 1000 words

Analyzing Jack - Assignment Example However, immediately after moving in with him, trouble starts, as the man transforms into a different character. Not only does he physically and psychologically abuse the helpless boy, he also takes advantage of him, forcing him to sell newspapers and taking away the money, he made from the sales. Jack however shows resilience and hope of a better life, evidenced by his constant dreams that he had of a good life someday. In fact, his current life situation little affects him, as he seeks solace in his dreams and ambitions. It is due to his ambitions that he seeks to apply for a scholarship ion far off places. In his view, he believes that he will one day change his and his mother’s life. Compassionately, he takes care of his mother, despite his young age. Regardless of the problems that the two face, Jack shows extreme loyalty to his mother, with whom he ran away with. He is oblivious of his brother’s good education, understands that his father at that particular time h ad married a billionaire, and can thus afford to pay his school fees. However, he chooses to remain with his mother, their poor and desperate state, with high hopes that one day he would become a successful man. Choosing to remain with his mother, run away with her from his father shows the level of braveness in him. There is no particular indication that he had ever been to Utah previously. Thus, his choice to leave his only home and wander in the streets of a completely new town shows his brave nature. When they could not find uranium and his mother became desperate, she began a relationship with Mr. Dwight, who then appeared harmless and caring. Immediately after moving in with him, Jack realizes that the man was completely different of what they had thought him to be. He was an arrogant man, with an immense appetite to dominate other people. Moreover, he was abusive, physically and emotionally, yet Jack

Thursday, October 17, 2019

Jaw the movie Essay Example | Topics and Well Written Essays - 500 words

Jaw the movie - Essay Example To connect scenes, they chose most stimulating, startling and moving ways. Use of conflict is reflected when Brody fear is the opposite of his goal to kill the shark. He fears water, which is less dangerous as compared with confronting a shark. Though Brody is a hero, issues of imperfect marriage is brought in. This creates a platform to show that problems need solutions. Brody and his wife Ellen fail to agree on moving from the town to a nicer place. The wife wants a better life. Thus, problems arise. Use of suspense is well demonstrated; Peter Benchley and Carl Gottlieb used suspense to drive the story (King). This is best done when a series of disasters are linked together. In the story, Brody and other characters are trying to find the shark and stop it â€Å"but what we are really waiting for is that next shark kill† (the jaw script). Urgency alert is well presented, Peter Benchley and Carl Gottlieb chose 4 July weekend â€Å"That is the biggest weekend of the year, the weekend all the tourist show up. And it’s coming soon!† (Jaws Script) The urgency comes in when the hero, Brody is expected to find the shark and kill it before the weekend. Memorable characters are brought in the story to spice it up. Quint is one of the characters used in the Jaws. The characters are always secondary characters and are depicted differently from other characters in the story (King). They act differently, chat in a unique way. He must be a character who seeks live in his own world as opposed to the other characters. Quint is best placed he is exceptional as compared with the rest of the characters in the story. Peter Benchley and Carl Gottlieb have made Hero’s goal as hard as possible. However, the solution to the ranking problem (shark attack) could have been easily solved by closing down the beach they did not allow that to happen. To overturn the

Discussion questions Assignment Example | Topics and Well Written Essays - 250 words - 5

Discussion questions - Assignment Example The group specializes mainly in entertainment and travel industries but also have a diversification of 200 businesses distributed across the United Kingdom and the Europe. However, Virgin Group has not been able to tap into the American market or create its brand name as it has done in UK and Europe. If Virgin group would concentrate more on tapping on to the opportunity in the American market then it means that its diversification strategy needs to be laid out well and if successful will reap huge benefits in terms of finances. However, Virgin Group has built its value proposition around its image variable. It is highly diversified and therefore benefits by establishing companies in sectors they have not ventured in leading to a better image variable and an increase in its value. Tesco is an example of a company that has built its value proposition around its image variable. It started as an economy supermarket. A variety of products ranging from furniture to insurance are being sold by Tesco. However it attributes its brand name Tesco to it venturing into new market without changing its core identity thus adding value to it. Another company is the Apple Company which has gradually changed from being a computer manufacturer to a giant in media as they came up with new services around the products they offered. Other examples include; Google, Nike, Intel, JetBlue, Amazon.com and Zapppos (Weinstein, 2012). Virgin Group Company being a diversified company has reaped huge benefits. They have planned carefully, carried out their market research, gotten the right people to manage their businesses and reaped the benefits. In the case of the Virgin Group, market perception and image indeed defines their

Wednesday, October 16, 2019

Jaw the movie Essay Example | Topics and Well Written Essays - 500 words

Jaw the movie - Essay Example To connect scenes, they chose most stimulating, startling and moving ways. Use of conflict is reflected when Brody fear is the opposite of his goal to kill the shark. He fears water, which is less dangerous as compared with confronting a shark. Though Brody is a hero, issues of imperfect marriage is brought in. This creates a platform to show that problems need solutions. Brody and his wife Ellen fail to agree on moving from the town to a nicer place. The wife wants a better life. Thus, problems arise. Use of suspense is well demonstrated; Peter Benchley and Carl Gottlieb used suspense to drive the story (King). This is best done when a series of disasters are linked together. In the story, Brody and other characters are trying to find the shark and stop it â€Å"but what we are really waiting for is that next shark kill† (the jaw script). Urgency alert is well presented, Peter Benchley and Carl Gottlieb chose 4 July weekend â€Å"That is the biggest weekend of the year, the weekend all the tourist show up. And it’s coming soon!† (Jaws Script) The urgency comes in when the hero, Brody is expected to find the shark and kill it before the weekend. Memorable characters are brought in the story to spice it up. Quint is one of the characters used in the Jaws. The characters are always secondary characters and are depicted differently from other characters in the story (King). They act differently, chat in a unique way. He must be a character who seeks live in his own world as opposed to the other characters. Quint is best placed he is exceptional as compared with the rest of the characters in the story. Peter Benchley and Carl Gottlieb have made Hero’s goal as hard as possible. However, the solution to the ranking problem (shark attack) could have been easily solved by closing down the beach they did not allow that to happen. To overturn the

Tuesday, October 15, 2019

Radio Frequency Identification(RFID) Chip Research Paper

Radio Frequency Identification(RFID) Chip - Research Paper Example It is not merely businesses or trade that utilizes the admirable invention. Healthcare industry and departments like defense or investigation also take advantage of this invention. The impact of RIFD is exciting as it is widely accepted and handled for different purposes. However, there are positive and negative impacts or influences of this modern technology on individuals and society as a whole. Initially, considering certain positive impacts of RFID in business management sector is relevant. Business functions normally encounter problems every now and then since it involves greater complications in information sharing. The RIFD chip is the consolation in times of difficulties associated with handling functions that are beyond human control and capacity. As pointed out by Lin and Teh-Hsing, the greater reliability of such radio frequency identification is that it assists in maintaining clear data and information along with the identification process (13). Moreover, the information collected is more reliable and much more valuable as the operation or system solely depends on the radio wave which is entirely a technical process. Apart from this, in supply chain management also it plays a remarkable role. Being the source and summit of business industry, the technology boosts the system of management in various ways, namely, â€Å"in manufacturing, warehousing/distribution centers, logistics and retailing environments† which are the essential areas of high recognition and importance (as qtd in EPC Global). Furthermore, the department of health and defense are benefited much from this invention when it is applied effectively in respective fields. First of all, for detecting animals and other human features are sought by the informative waves. Attaching such kind of chip eases the difficulty in understanding and analyzing the factors carefully. Similarly, RFID is major equipment used in defense or investigation sector. During the Second World War, radar was used to collect the information and activities of the rivals. As the developed form of radar today, the Radio Frequency Identification contributes significantly toward knowing the subversive activities undertaken by neighboring and rival nations. And, this magical invention is beneficial in tracing many of the cases of theft. It was a common issue prevailing in the business world that when companies experienced huge loss, most of the goods or items had been found stolen. The impact of RFID is so magnificent that it traces any such activities existing in business field. According to Sennewald, and John, it was not merely the money which was stolen but the documents and other important files which resulted in crisis (15-16). On the flip side, the adverse effects of RFID cannot be ignored or neglected. One of the main drawbacks of this waves system is nothing but it prevents privacy. The collected information or the details of other companies and their activities can be easily accesse d or tracked through this wave processing. Therefore, the business organizations find it hard to keep any secrecy related to its different management or operation tactics and techniques. Evidently, this information would assist the governments and higher authority to interfere in the activities of the private firm or organization headed by individuals. Inconsistency is the other matter of concern as the retailers often fail to have such an establishment of

Monday, October 14, 2019

Keeping school safe Essay Example for Free

Keeping school safe Essay Keeping the Same School Schedule Everything in life is a chain reaction. An event happen because of a certain event. The New york City Department of Education want to change the schedule of the school. Instead of having 8 hours of school we student would be having an extra 2 to 3 hours of school. The positive part is having a friday as a weekend but this plan is not a 100% plan proof because we cant tell the future of all the good and bad that will happen because of this event. Although we can predict the event with the evidence that is there. Why change something that is plan proof?We live using this schedule for decades. Why change that now? If we change the schedule of the school day, students would travel late makes it the most critical problem to having the schedules change. Traveling late leads to traveling in the dangers darkness.As students it would be harder to see so it makesit harder for us students to watch our waysand watch where are we stepping In some case people are too lazy to pick up and clean their dog poop and we the accidental steppin it.In this case your child will come home with a dirty smelly shoe everyday.In another case murderers would camouflage them self.this way they are ready to attack a child while the child will be the victims without knowing. This child could be yours . Statistics show 414 homicides happen in New york city in 2012.If you think youre safe just because the average of homicides decreased by 20% from 2011,then your wrong.According to New York Times we are the third largest homicide city out of the selected 6 cities. This is not good because your child could be the next victim.The younger ones are more vulnerable. Your child could be the next victims and you woud be weeping for your child to come back in to your arm but hopes are lost.Also school time occur throughout winter and fall.These season are the coldest seasons.So student will get sick more easily because we taveling at night time which is more colder.It more worst for student who hve the school near a bay,river or oceanic land mass.Also imagine your child coming home freezing to death with froz bite. This lead to student be absent more and having medical notes increasing.with the amount of increasing medical notes the child will be missing out on at least twice as much as we are learn because of the longer  day(which equal to more information learned). We will face hunger as another of our big problems. Hunger lead to giant gap of opportunities to eat since the earliest lunch period is third which we call breakfast but some calls it b ranch. Already students are complaining about the lack of food they eat and being hungry all the time in school just because they dont want to eat the nasty and grossing school lunch food. This is a problem because student will be missing out on nutritional value. Missing out on nutritional value leads to malnutrition. Not only student are hungry teacher are human being too. Teacher will get cranky if the dont eat .They will most likely intend to eat in class. This makes student more hungry and can make some students cranky too.As for the elementary school kids like kindergraten and first grades will nagg and win to get food from the teachers.Some student may be violent and will fight for food.This is the idea of Surival of the fittest created by Charles Darwin. Lasty imagine a chid passing out in class due to lack of food being eaten.Also you child would not learn anything because the will fall a sleep in class and will not focus because they are too weak too put their mind to work.In addiction to that when human are hungry we will get sleepy to replace the hungerness because your bodyis too weak and will shut down to save energy. All in total of these factor lead to the the stress level on children increases.Which make adults nervous.The factors increase stress level is overload in work due to the extra classes or longer period of class because of more lessons being done in class.This lead to less work time at night and more homework.Which lead to to lack of sleep.This lead to children unable to pay attention because they are sleepy and will fall asleep in class.If the student dont sleep the student will pass out and go into a coma.Also college resume would not look good without after school activities which we student dont have time for. This will have an increasing amount of children have panic attack and nervous breakdown and high school students unable to continue to a go college and get scholarship. In conclusion,all the possibilities will happen just because of this change will happen.There will be other negative unknown happening coming along the way. LIke without after school activities the obesity level will increase.obesity Is one of Americas biggest concern.It one of the top concern in New york City.Along with the stress level on childrens increases which leads.This will have an increasing amount of children have panic attack and nervous breakdown. Also facing hunger will be a large problem because we are starving our children of the future. and Traveling late leads to traveling in the dangers darkness lead â€Å"accidents†.

Sunday, October 13, 2019

DNA, Genes and chromosomes

DNA, Genes and chromosomes Introduction Assignment two will firstly explain about DNA, genes and chromosomes. It will then evaluate some pre- disposed genetic factors that affect normal human functioning and look a range of different diseases. It will then evaluate pre-disposed environmental factors that may also affect normal human functioning and discuss another range of diseases. Genetic information is contained in nucleic acids, which are the molecules that hold the information. All living cells and viruses contain information and there are two types of nucleic acid, deoxyribonucleic acid (DNA), the self replicating genetic material in living cells and ribonucleic acid (RNA). The structure of DNA was worked out by Watson and Crick in the 1950s. Nucleic acids are made of units called nucleotides and an individual nucleotide is in three parts which combine by condensation reactions. These are phosphoric acid, pentose sugar, which in DNA is deoxyribose and in RNA ribose and there is an organic base comprising of five and divided into two groups. The DNA is a double stranded polymer of nucleotides (polynucleotide) comprising of many million nucleotide units. Its structure is in the form of double helix which is maintained by hydrogen bonding and it contains four organ bases, adenine, guanine, cytosine and thymine. A gene is the unit of heredity, comprising of a length of DNA that influences an organisms form and function. The protein produced when a gene is expressed produces a characteristic and each gene occupies its own position on the chromosome called the locus. Different forms of the same genes are called allele and there may be different alleles of the same gene with slightly different DNA structure. The chromosome is one long coiled DNA molecule which has genes dotted along its length. The genetic material of each cell is packaged together in the nucleus as chromosomes and each one of these contains very long DNA molecules. The human body has 46 chromosomes and in each body cell the chromosomes are in pairs, called homologous and a full set of chromosomes is called the karotype. Chromosomes make copies of each other so that when they divide, each daughter cell receives an exact copy of the genetic information. This is called replication and results in two DNA molecules. The Human Genome Project started in 1990 and it was a huge task to determine the order of bases in the human genome as well as identifying all the genes formed by the bases. Its other aims were to find the location of the genes on the 23 chromosomes and store the information on a data base. The purpose of collating the information was for scientists to know which sections of DNA, on which chromosomes are responsible for many inherited diseases. The main uses of genetic testing are in carrier screening, pre-implantation genetic diagnosis, new born baby screening, and for prediction testing of onset disorders such as Huntington disease, onset cancers and Alzheimers disease. Using a sample of DNA it is possible to find out whether a person is carrying a faulty gene which causes a disease such as cystic fibrosis, or to identify genes that play a contributory role in diseases such as breast cancer. From results it is possible to eliminate all risk of the disease by correcting the faulty a llele. Sexual reproduction produces genetic variation amongst individuals in a population. Mitosis is when cell division takes place and it results in growth or repair of body tissues which is not to be confused with Meiosis which is the cell division that produces gametes (sex cells). In mitosis, one cell divides into two identical cells and in meiosis one cell divides into four daughter cells that a genetically unique. A species must change to its environment if it is to survive and the genotype of an organism gives it the potential to show a particular characteristic. Characteristics that are determined by a number of genes are called continuous variation such a height and characteristics that are clear cut are by a single gene are called discontinuous variation. The origins of variation are either non-inheritable or heritable. The environment has a huge role in determining phenotypic variation and factors in humans can include diet and exercise. Heritable variations are when an organism, for example, inherits genes which will determine its eventual size, although this can depend on nutritional influences. Monohybrid inheritance is when a characteristic controlled by a single gene is passed on from one generation to another. Examples of genetic diseases that are passed on in this way are Huntingtons disease and cystic fibrosis. The gene can be either dominant or recessive. Huntingdons disease is due to a mutation in a single gene that occurs on chromosome 4. Every cell nucleus has two copies on the gene and the codes for the protein are Huntingdin. People who develop the disease carry a mutation in one of copy of the Huntingdin gene. Huntingdin is concentrated in areas of the brain and that degeneration of the gene is called Huntingdons disease. Huntingdons disease is rare but another more common disease is cystic fibrosis which is caused by a recessive allele. To inherit the disease both parents have to be carriers of the defective alleles. In the UK one person in 2000 suffers from this condition and people that develop the disease produce a thick sticky mucus from the epithelial cells lining some passages in the body. The pancreatic duct can become blocked so food digestion can not complete and the bronchioles and alveoli of the lungs can become blocked. The normal allele of the cystic fibrosis gene makes an important protein called CFTR. Normally CFTR will transport chloride ions through the plasma membrane, however, the mutated allele causes production of a channel protein that does not transport the ions so the person who is homozygous suffers from cystic fibrosis. The full amount of alleles and their combination a person has is called their genotype and some of these are recessive and some dominant. The effect that these alleles have is called the phenotype. Different alleles of a gene do not have to be recessive or dominant and if two alleles both produce a protein that can function then the alleles can be codominant. An example of a disease that is codominance is Sickle cell anaemia, where a mutant allele of a normal haemoglobin gene causes one amino acid in the two beta polypeptide chains to be different. The shape of the molecule is altered and the red blood cells can be crescent or sickle shaped. These can be easily damaged and the number of working cells decreases the amount of oxygen going to the tissues. The heart works harder and the defective cells join together making the blood sticky. This can result in many side effects including kidney failure, heart attack and strokes. The spleen is over burdened and can stop its ability to remo ve bacteria from the blood so infections can be common. Another type of faulty cell division is called non disjunction where the daughter cell receives two copies of a chromosome and the other gets none. This can result in the condition called Downs syndrome where chromosome 21 is affected. The genetic condition is known as trisomy, where a person inherits an extra copy of one chromosome. People with the syndrome have three copies of chromosome 21 rather than two and this additional genetic material affects the balance of the body and results in characteristic physical and intellectual features. Many people have alleles of genes which can make them much more susceptible to certain diseases. The disease may only develop if the person become in contact with something in the environment such as a chemical. An example of this would be lung cancer as some smokers die from cancer in middle age, while others carry on well into old age without being affected. The expression of genes can also be affected by environmental factors such as diet, disease and temperature during development. Mutagenic agents can cause gene mutations in tissues which then grow abnormally. There much scientific disagreement about a persons intelligence as is it determined by genes or by the environment that they grow up in. Asthma is a condition that tends to run in families that are prone to allergies. Although there are many factors that cause and influence asthma there is no single gene that is involved, although scientists are searching for the gene involved which may lead to a cure. The condition affects the bronchioles that carry air in and out the lungs which become swollen or narrowed and excess mucus is produced. It is a chronic condition and symptoms are wheezing, shortness of breath and a tight feeling in the chest. There are environmental factors which increase the risk of the disease such as being brought up in a house that has a pet, exposure to cigarette smoke in the uterus or in early life, air pollution and being born at the time of year when pollen is at is highest. Coronary heart disease is a condition in which genetics and environmental factors determine which humans get the disease. The disease is caused by a blockage of the coronary arteries which supply blood to the heart. In a healthy heart the walls are smooth and the blood flows easily, but the disease develops when material blocks the walls of the arteries causing narrowing of the vessels and possibly a complete blockage. This can lead to a wide range of cardiac problems including angina. The disease often occurs within the same family which can indicate that there maybe genetic link between people with the condition. It is difficult to establish if there is a direct correlation between family members due to genes or whether it is the environmental factors which they all are exposed to. Some of the main environmental factors that increase the risk of developing the disease are smoking, lack of exercise, obesity, unhealthy diet, mental stress, alcohol and coffee. It has been proved that genetic factors have an influence on cholesterol levels, but overall, it seems that a combination of genetics and the environment would best explain the family link to heart disease.

Saturday, October 12, 2019

Racism: Similarities and Differences In Two Essays -- Discrimination,

In the two essays, â€Å"Just Walk on By: A Black Man Ponders His Power to Alter Public Space† by Brent Staples and â€Å"I’m Not Racist But†¦Ã¢â‚¬  by Neil Bissoondath, there are both differences and similarities. The two authors differ in their opinion on the causes of racism and life experiences involving racism, but are similar in regards to the use of stereotypes in the world In Brent Staples’ opinion, causes of racism are derived from fear and the insufficient knowledge that a person might have about another that may cause them to be racist. In his piece, he writes, â€Å"Another time I was on assignment for a local paper and killing time before an interview. I entered a jewellery store on the city’s affluent Near North Side. The proprietor excused herself and returned with an enormous red Doberman pinscher straining at the end of the leash. She stood, the dog extended toward me, silent to my questions, her eyes bulging nearly out of her head. I took a cursory look around, nodded, and bade her good night.† (Staples 227) This quote shows that the woman that owned the jewellery store was afraid that she might get robbed by Staples and therefore acted by protecting herself with her vicious dog, with the intention to scare away the â€Å"robber†, whom she believed to be Brent Staples. She assumed that because she was in an affluent neighbourhood and because Brent Staples was black, he was there with the intention to rob her rather than the true reason, which was to kill some time prior to his next interview. She showed prejudice and racism towards Staples because of she was afraid of his skin colour and did not have true information about him. Neil Bissoondath differs in his definition of racism. He writes that the cause of racism derives fr... ... became afraid and tried to get away from him. (Staples 224) In Neil Bissoondath’s essay, we see an example with the mover complaining about a Chinese driver he encountered. He said, â€Å"I’m not racist, but the Chinese are the worst drivers on the road.† (Bissoondath 271) The accusation that the mover made was a stereotype which exists about the Chinese, in general, because of the shape of their eyes because of their ethnicity. Their eye sight is not impaired in any way because of the shape of their eyes, but because they are different and people are afraid of them, they are made fun of because they are different. In regards to racism, Brent Staples and Neil Bissoondath may have different view points about its causes and by their life experiences involving racism, but they have similar views on the use of stereotypes and how they affect the races they pertain to.

Friday, October 11, 2019

Youth Sports

Youth Sports According to the Center for Kids First, there are more than 40 million youth athletes that play sports in America today. These youth athletes have a plethora of organizations they can pursue. From super competitive programs like the Amateur Athletic Union (AAU) which includes sports like baseball/softball, basketball, soccer and volleyball to the supposedly fun programs like PAL, POP Warner, and Little League Baseball/Softball there is a league for anyone regardless of their skill level or competitive fire.The big question is do playing youth sports affect the athlete in the long run? There are many factors involved in the competition of youth sports that in the long run may push the athlete away from sports all together. Not only is it the athlete that is involved in this process, the coaches, parents, and fellow competitors play a huge role in the affect youth athletics have on its athletes. As we go along we are going to talk about some of the problems associated with youth athletics, and try to find solutions to these problems.The first thing that comes to mind when you think about problems in youth sport would be the overzealous parents. The parent that goes above and beyond to push their child to his/her limits. A study conducted by the Citizens Through Sports Alliance gave what they call a â€Å"report card† showing the results of how parents effect youth sports (Emmons). This panel of experts essentially based their results on youth sports programs with ages ranging from 6-14(Emmons). Parents received low grades in the areas of a win at all costs mentality and overall parent behavior.Executive director for the Positive Coaching Alliance, Jim Thompson said,† We really hope this is a wake-up call. This is such an important part of kid’s lives and if there is something wrong with youth sports, then we ought to start thinking about the ways we can change it. †(Emmons) The parent’s role in a child’s youth sport experience could range from being the driver to and from practices and games all the way to being the coach of the team and officiating the game itself for that matter (Hedstrom/Gould). But what is really going on?Early studies have shown that the role of the parents in youth sports has become more of a problem as time has passed. Results show that the five biggest problems that parents have involving there child in youth sports include; overemphasis on winning, unrealistic expectations, coaching their own child, criticizing, and pampering there child too much (Hedstrom/Gould). There have been documented accounts of parents arguing with coaches, confronting referees, and even unforeseen altercations while attending a youth sporting event. So how do we attempt to remedy this situation?One approach would be for the parents too fully immerse themselves into the culture of the league. Do some reading, attend informative sessions, and talk to other parents involved in the league to try and get a full sense of the philosophy and goals of the organization (Emmons). Doing this will allow for the parent to get a scope of how the league operates and see what values and goals the league holds true. It is important that the parent be involved in the children’s experience in youth sport, but it’s more important that they don’t pressure the child before, during, and after a contest.Just being there attending games, driving to away games, and joining in team celebrations will show a strong support for the child and enhance their experience in youth sports (Hedstrom/Gould). One final approach that I personally like would be at the very beginning of the season before you even have your first practice, the coach of the team should call a team meeting and have all the parents of the players attend. The purpose of this meeting would be to discuss the main objectives of the season and make sure that everyone is on the same page (Hedstrom/Gould).While run ning this meeting it is important to stress the roles of everyone involved and stress good sportsmanship. Burnout is said to be one of the biggest factors that attributes to youth athletes quitting. What is burnout? The definition from the text of the book social issues in sport tells us that burnout is the exhaustion of physical or emotional strength as a result of prolonged stress that causes athletes to discontinue competitive sports. Studies have told us that an estimated 73% of athletes drop out of sports by the age of 13 (Adkins).This is a staggering figure that as time has passed continues to grow. Not only is it the fact that the athlete may be getting burned out by playing one sport, they may just give up and quit playing organized sports all together (Adkins). There are a few main explanations that can be attributed to athlete burnout. The first suggestion is the excessive stress and pressure put on the athlete. These days there is such an emphasis on winning and being the best that we see at a younger and younger age that athletes are pressured to win at all costs (Masterson).They are pushed above and beyond what their comfort level may be and exposed to excessive stress and pressure by parents, coaches, and fellow teammates (Adkins). A second theory suggests that the athlete experience what is called entrapment. They invest all this time into their sport but is not seeing any of the rewards or benefits of all the work they have put in. basically what is happening is that the costs are outweighing the benefits which over the long run is causing the athlete to burnout (Masterson). So how do we stop athletes from burning out and eventually dropping out of youth sports all together?In my opinion, it boils down to the factor of specialization. If at a young age you push your child to just play one sport year round your child over time is going to grow tired and bored of doing the same thing every single day. I feel that it is important for the parent to encourage their child to participate in multiple sports. This will not only keep them active all year round but it will keep their mind fresh and will allow for them to find different things to do with their time. Another suggestion would be for the parent of the child to not force anything on their child, especially at a young age.In youth sport, if the parent pushes their child to compete in a sport they are not willing or wanting to compete in this will only speed up the process of burnout and more than likely cause a disconnect in the relationship between the athlete and parent (Hill). This leads me into my next problem with youth sports which is the concept of specialization in sport. At younger and younger ages children are beginning to play sports and more and more the parents are pushing their child to focus on just one sport.Specialization is defined as an athlete limiting their athletic participation to one sport which is practiced, trained for, and competed in throughout the year (Hill). There are many arguments for and against specialization in sport. Sport specialization lives by a basic philosophy, if you start them early you can narrow there focus and concentrate on one sport (Hill). With the competitive nature of sports today and the overemphasis on winning, parents and coaches are beginning to feel that sport specialization is needed for athletes to keep up with one another.Especially at the collegiate level where there is such a spot light on athletes they may feel driven to specialize in one sport to enhance their chances of getting a college scholarship. In youth sports, with the overabundance of competitive leagues children can play in year round coaches feel that if you specialize in one sport overtime you will more effectively refine your skills and master your craft through increased practice time in that sport. These are some great arguments that support the sport specialization agenda, but I feel that there are more disadvantages to sport specialization than there are advantages.Bottom line is that a young age no one is 100% positive on what their child is going to be good at when they get older. So it is important that in youth sports children diversify their experience and try many different sports. Some of the disadvantages involved in specialization include psychological burn out which we touched on in the previous section. In some cases, when an athlete specializes in one sport they miss the opportunity to play other sports which may cause them to miss the sport they are best at. So, I feel that at a young age when kids get involved in youth sports that they should try everything (Hill).For example, when I was 6 I attempted to play little league soccer and after the first week of practice I decided to retire because I felt that it just wasn’t the best sport for me. When parents emphasize specialization on their children the child could possibly miss the sport that they are fit to play (Adkins). One of the main problems associated with specialization in youth sport is that if the athlete is playing the same sport year round and using the same muscles throughout the year, those muscles are bound to break down (Masterson).This if one reason why I am a true believer in sport diversification. Athletes who diversify their experience in youth sport are regularly using different muscle groups and have a reduced risk of overuse injury. Sport diversification also does a lot of other positive things to help youth athletes (Masterson). Sport sampling, especially at a young age in youth sports provides them with a variety of options for later sport activity. They are using different skill variations that may transfer from sport to sport.There is a cushion against failure knowing that when one sport ends that another one will be starting up soon (Hill). All these factors of sport diversification are great ways in which children can stay active and fit, stay involved in youth sport, and not get burned out too quickly. Youth sports are definitely a huge force in America today. But, if were not careful the negative aspects that have been mentioned throughout this paper are going to not only drive kids out of playing sports all together, they are going to hurt high school and eventually college athletics.Sport specialization is a huge force behind youth sports burnout and by age 13 you’re seeing more and more kids drop out of youth sports all together. We need to diversify the experience children are having in youth sports and get them to play different sports year round. The trend of overzealous parents is an easy fix if we just sit down with them and clarify exactly what we are looking for at the beginning of the season and continue to stress sportsmanship. We know that there are going to be those parents that can’t be controlled but maybe if we use this method we will reduce the number of outburst and control the overzealous parent.Youth sport is and alwa ys was meant to be a fun experience for children to go out play a great game and have fun with their friends. Let’s get back to those days and rebuild our youth sports programs to the fun loving carefree atmosphere they once were.Works CitedHill, Dr. Grant. â€Å"Sport Specialization: Causes and Concerns. † Utah Sport For Life | Utah Athletic Foundation. Web. 28 Nov. 2010.  http://utahsportforlife. comAdkins, Michael. â€Å"Youth Sports Issues. † EHow | How To Do Just About Everything! How To Videos & Articles. Web. 28 Nov. 2010.  http://www. ehow. comMasterson Ph. D, Gerald. â€Å"Problems in Youth Sports. † Family Resource. Web. 28 Nov. 2010.http://www. familyresource. comEmmons/ Mercury News, Mark. â€Å"Adults Hurting Youth Sports. † Ballistic United Soccer Club. Web. 28 Nov. 2010.http://www. busc. orgHedstrom, and Gould. â€Å"The Role of Parents in Childrens Sports. † College of Education – Michigan State University. Web . 28 Nov. 2010. http://www. educ. msu. edu

Thursday, October 10, 2019

Selinux

Blueprints First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Blueprints First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Note Before using this information and the product it supports, read the information in â€Å"Notices† on page 17. First Edition (August 2009)  © Copyright IBM Corporation 2009. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Introduction . . . . . . . . . . . . . v First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server . . . . . . . . . . . . 1 Scope, requirements, and support Security-Enhanced Linux overview Access control: MAC and DAC SELinux basics. . . . . . SELinux and Apache . . . . Installing and running HTTPD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1 1 2 5 5 HTTPD and context types . . . . . . . . . 5 HTTPD and SE Linux Booleans . . . . . . . 8 Configuring HTTPD security using SELinux . . . . 9 Securing Apache (static content only) . . . . . 9 Hardening CGI scripts with SELinux . . . . . 12 Appendix. Related information and downloads . . . . . . . . . . . . . 15 Notices . . . . . . . . . . . . . . 17 Trademarks . . . . . . . . . . . . . 18  © Copyright IBM Corp. 2009 iii iv Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Introduction This blueprint provides a brief introduction to basic Security-Enhanced Linux (SELinux) commands and concepts, including Boolean variables. In addition, the paper shows you how to increase the security of the Apache Web server with SELinux by using these concepts. Key tools and technologies discussed in this demonstration include security-enhanced Linux (SELinux), mandatory access control (MAC), getenforce, sestatus, getsebool, and setsebool. Intended audienceThis blueprint is intended for Linux system or network administrators who want to learn more about securing their systems with SELinux. You should be familiar with installing and configuring Linux distributions, networks, and the Apache Web server. Scope and purpose This paper provides a basic overview of SELinux, SELinux Boolean variables, and hardening Apache on Red Hat Enterprise Linux (RHEL) 5. 3. For more information about configuring RHEL 5. 3, see the documentation supplied with your installation media or the distribution Web site. For more information about SELinux, see â€Å"Related information and downloads,† on page 15.Software requirements This blueprint is written and tested using Red Hat Enterprise Linux (RHEL) 5. 3. Hardware requirements The information contained in this blueprint is tested on different models of IBM System x and System p hardware. For a list of hardware supported by RHEL 5. 3, see the documentation supplied with your Linux distribution. Author names Robert Sisk Other contributors Monza Lui Kersten Richter Robb Romans IBM Services Linux offers flexibility, options, and competitive total cost of ownership with a world class enterprise operating system.Community innovation integrates leading-edge technologies and best practices into Linux. IBM ® is a leader in the Linux community with over 600 developers in the IBM Linux Technology Center working on over 100 open source projects in the community. IBM supports Linux on all IBM servers, storage, and middleware, offering the broadest flexibility to match your business needs.  © Copyright IBM Corp. 2009 v For more information about IBM and Linux, go to ibm. com/linux (https://www. ibm. com/linux) IBM Support Questions and comments regarding this documentation can be posted on the developerWorks Security Blueprint Community Forum: http://www. bm. com/developerworks/forums/forum. jspa? forumID=1271 The IBM developerWorks ® discussion forums let you ask questions, share knowledge, ideas, and opinions about technologies and progr amming techniques with other developerWorks users. Use the forum content at your own risk. While IBM will attempt to provide a timely response to all postings, the use of this developerWorks forum does not guarantee a response to every question that is posted, nor do we validate the answers or the code that are offered. Typographic conventionsThe following typographic conventions are used in this Blueprint: Bold Identifies commands, subroutines, keywords, files, structures, directories, and other items whose names are predefined by the system. Also identifies graphical objects such as buttons, labels, and icons that the user selects. Identifies parameters whose actual names or values are to be supplied by the user. Identifies examples of specific data values, examples of text like what you might see displayed, examples of portions of program code like what you might write as a programmer, messages from the system, or information you should actually type.Italics Monospace Related ref erence: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x ® running Linux and PowerLinux. You can learn more about the systems to which this information applies. vi Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Scope, requirements, and support This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies.Systems to which this information applies System x running Linux and PowerLinux Security-Enhanced Linux overview Security-Enhanced Linux (SELinux) is a component of the Linux operating system developed primarily by the United States National Security Agency. SELinux provides a method for creation and enforcement of mandatory access control (MAC) policies. These policies confine users and processes to the minimal amount of privilege req uired to perform assigned tasks. For more information about the history of SELinux, see http://en. wikipedia. org/wiki/Selinux.Since its release to the open source community in December 2000, the SELinux project has gained improvements such as predefined Boolean variables that make it easier to use. This paper helps you understand how to use these variables to configure SELinux policies on your system and to secure the Apache httpd daemon. Related reference: â€Å"Scope, requirements, and support† This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies. Access control: MAC and DAC Access level is important to computer system security.To compromise a system, attackers try to gain any possible level of access and then try to escalate that level until they are able to obtain restricted data or make unapproved system modifications. Because each user has some level of system access, every user account on your system increases the potential for abuse. System security has historically relied on trusting users not to abuse their access, but this trust has proven to be problematic. Today, server consolidation leads to more users per system. Outsourcing of Systems Management gives legitimate access, often at the system administrator level, to unknown users.Because server consolidation and outsourcing can be financially advantageous, what can you do to prevent abuse on Linux systems? To begin to answer that question, let's take a look at discretionary access control (DAC) and mandatory access control (MAC) and their differences. Discretionary access control (DAC), commonly known as file permissions, is the predominant access control mechanism in traditional UNIX and Linux systems. You may recognize the drwxr-xr-x or the ugo abbreviations for owner, group, and other permissions seen in a directory listing. In DAC, generally the resource owner (a user) controls who has access to a resour ce.For convenience, some users commonly set dangerous DAC file permissions that allow every user on the system to read, write, and execute many files that they own. In addition, a process started by a user can modify or delete any file to which the user has access. Processes that elevate their privileges high enough could therefore modify or delete system files. These instances are some of the disadvantages of DAC.  © Copyright IBM Corp. 2009 1 In contrast to DAC, mandatory access control (MAC) regulates user and process access to resources based upon an organizational (higher-level) security policy.This policy is a collection of rules that specify what types of access are allowed on a system. System policy is related to MAC in the same way that firewall rules are related to firewalls. SELinux is a Linux kernel implementation of a flexible MAC mechanism called type enforcement. In type enforcement, a type identifier is assigned to every user and object. An object can be a file or a process. To access an object, a user must be authorized for that object type. These authorizations are defined in a SELinux policy. Let's work through some examples and you will develop a better understanding of MAC and how it relates to SELinux.Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies. SELinux basics It is a good practice not to use the root user unless necessary. However for demonstrating how to use SELinux, the root user is used in the examples in this blueprint. Some of the commands shown require root privileges to run them; for example, running getenforce and editing the /etc/selinux/config file. Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux.You can learn more about the systems to which this information applies. Run modes You can enable or disable SELinux policy enforcement on a Red Hat Enterprise Linux system during or after operating system installation. When disabled, SELinux has no effect on the system. When enabled, SELinux runs in one of two modes: v Enforcing: SELinux is enabled and SELinux policy is enforced v Permissive: SELinux is enabled but it only logs warnings instead of enforcing the policy When prompted during operating system installation, if you choose to enable SELinux, it is installed with a default security policy and set to run in the enforcing mode.Confirm the status of SELinux on your system. Like in many UNIX or Linux operating systems, there is more than one way to perform a task. To check the current mode, run one of the following commands: getenforce, sestatus, or cat /etc/selinux/config. v The getenorce command returns the current SELinux run mode, or Disabled if SELinux is not enabled. In the following example, getenforce shows that SELinux is enabled and enforcin g the current SELinux policy: [[email  protected] ~]$ getenforce EnforcingIf your system is displaying Permissive or Disabled and you want to follow along with the instructions, change the /etc/selinux/config file to run in Enforcing mode before continuing with the demonstration. Remember that if you are in Disabled mode, you should change first to Permissive and then to Enforcing. v The setstatus command returns the current run mode, along with information about the SELinux policy if SELinux is enabled. In the following example, setstatus shows that SELinux is enabled and enforcing the current SELinux policy: [[email  protected] ~]$ sestatus SELinux status: SELinuxfs mount: enabled /selinux Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Current mode: Mode from config file: Policy version: Policy from config file: enforcing enforcing 21 targeted v The /etc/selinux/config file configures SELinux and controls the mode as well as the active policy. Changes to the /etc/selinux/config file become effective only after you reboot the system. In the following example, the file shows that the mode is set to enforcing and the current policy type is targeted. [[email  protected] ~]$ cat /etc/selinux/config # This file controls the state of SELinux on the system. SELINUX= can take one of these three values: # enforcing – SELinux security policy is enforced. # permissive – SELinux prints warnings instead of enforcing. # disabled – SELinux is fully disabled. SELINUX=enforcing # SELINUXTYPE= type of policy in use. Possible values are: # targeted – Only targeted network daemons are protected. # strict – Full SELinux protection. SELINUXTYPE=targeted To enable SELinux, you need to set the value of the SELINUX parameter in the /etc/selinux/config file to either enforcing or permissive. If you enable SELinux in the config file, you must reboot your system to start SELinux.We recommend that y ou set SELINUX=permissive if the file system has never been labeled, has not been labeled recently, or you are not sure when it was last labeled. Note that file system labeling is the process of assigning a label containing security-relevant information to each file. In SELinux a file label is composed of the user, role, and type such as system_u:object_r:httpd_sys_content_t. Permissive mode ensures that SELinux does not interfere with the boot sequence if a command in the sequence occurs before the file system relabel is completed. Once the system is up and running, you can change the SELinux mode to enforcing.If you want to change the mode of SELinux on a running system, use the setenforce command. Entering setenforce enforcing changes the mode to enforcing and setenforce permissive changes the mode to permissive. To disable SELinux, edit the /etc/selinux/config file as described previously and reboot. You cannot disable or enable SELinux on a running system from the command line; you can only switch between enforcing and permissive when SELinux is enabled. Change the mode of SELinux to permissive by entering the following command: [[email  protected] ~]$ setenforce permissiveRecheck the output from getenforce, sestatus, and cat /etc/selinux/config. v The getenforce command returns Permissive, confirming the mode change: [[email  protected] ~]$ getenforce Permissive v The sestatus command also returns a Permissive mode value: [[email  protected] ~]$sestatus SELinux status: SELinuxfs mount: Current mode: Mode from config file: Policy version: Policy from config file: enabled /selinux permissive enforcing 21 targeted v After changing the mode to permissive, both the getenforce and sestatus commands return the correct permissive mode.However, look carefully at the output from the sestatus command: [[email  protected] ~]$ cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enfo rcing – SELinux security policy is enforced. # permissive – SELinux prints warnings instead of enforcing. First Steps with Security-Enhanced Linux (SELinux) 3 # disabled – SELinux is fully disabled. SELINUX=enforcing # SELINUXTYPE= type of policy in use. Possible values are: # targeted – Only targeted network daemons are protected. # strict – Full SELinux protection.SELINUXTYPE=targeted [[email  protected] ~]$ The Mode from config file parameter is enforcing. This setting is consistent with the cat /etc/selinux/config output because the config file was not changed. This status implies that the changes made by the setenforce command does not carry over to the next boot. If you reboot, SELinux returns to run state as configured in /etc/selinux/conf in enforcing mode. Change the running mode back to enforcing by entering the following command: [[email  protected] ~]$ setenforce enforcing The following output confirms the mode change: [[email  pr otected] ~]$ getenforce EnforcingRelated reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies. Security contexts The concept of type enforcement and the SELinux type identifier were discussed in the Overview. Let's explore these concepts in more detail. The SELinux implementation of MAC employs a type enforcement mechanism that requires every subject and object to be assigned a type identifier. The terms subject and object are defined in the Bell-La Padula multilevel security model (see http://en. wikipedia. rg/wiki/Bell-La_Padula_model for more information). Think of the subject as a user or a process and the object as a file or a process. Typically, a subject accesses an object; for example, a user modifies a file. When SELinux runs in enforcing mode, a subject cannot access an object unless the type identifier assigned to the subje ct is authorized to access the object. The default policy is to deny all access not specifically allowed. Authorization is determined by rules defined in the SELinux policy. An example of a rule granting access may be as simple as: allow httpd_t httpd_sys_content_t : file {ioctol read getattr lock};In this rule, the subject http daemon, assigned the type identifier of httpd_t, is given the permissions ioctol, read, getattr, and lock for any file object assigned the type identifier httpd_sys_content_t. In simple terms, the http daemon is allowed to read a file that is assigned the type identifier httpd_sys_content_t. This is a basic example of an allow rule type. There are many types of allow rules and some are very complex. There are also many type identifiers for use with subjects and objects. For more information about rule definitions, see: SELinux by Example in the â€Å"Related information and downloads,† on page 15 section.SELinux adds type enforcement to standard Linux distributions. To access an object, the user must have both the appropriate file permissions (DAC) and the correct SELinux access. An SELinux security context contains three parts: the user, the role, and the type identifier. Running the ls command with the –Z switch displays the typical file information as well as the security context for each item in the subdirectory. In the following example, the security context for the index. html file is composed of user_u as the user, object_r as the role, and httpd_sys_content_t as the type identifier [[email  protected] html]$ ls -Z index. tml -rw-r–r– web_admin web_admin user_u:object_r:httpd_sys_content_t index. html 4 Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information a pplies. SELinux and Apache Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies.Installing and running HTTPD Now that you have a general understanding of the SELinux security context, you can secure an Apache Web server using SELinux. To follow along, you must have Apache installed on your system. You can install Apache on Red Hat Linux by entering the following command: [[email  protected] html]$ yum install httpd Next, start the Apache http daemon by entering service httpd start, as follows: [[email  protected] html]$ service httpd start Starting httpd: Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux.You can learn more about the systems to which this information applies. HTTPD and context types Red Hat Enterprise Linux 5. 3, at th e time of this writing, uses selinux-policy-2. 4. 6-203. el5. This policy defines the security context for the http daemon object as httpd_t. Because SELinux is running in enforcing mode, entering /bin/ps axZ | grep httpd produces the following output: [[email  protected] html]$ ps axZ | grep http rootroot:system_r:httpd_t 2555 ? Ss 0:00 /usr/sbin/httpd rootroot:system_r:httpd_t 2593 ? S 0:00 /usr/sbin/httpd rootroot:system_r:httpd_t 2594 ? S 0:00 /usr/sbin/httpd root:system_r:httpd_t 2595 ?S 0:00 /usr/sbin/httpd root:system_r:httpd_t 2596 ? S 0:00 /usr/sbin/httpd root:system_r:httpd_t 2597 ? S 0:00 /usr/sbin/httpd root:system_r:httpd_t 2598 ? S 0:00 /usr/sbin/httpd root:system_r:httpd_t 2599 ? S 0:00 /usr/sbin/httpd root:system_r:httpd_t 2600 ? S 0:00 /usr/sbin/httpd The Z option to ps shows the security context for the httpd processes as root:system_r:httpd_t, confirming that httpd is running as the security type httpd_t. The selinux-policy-2. 4. 6-203. el5 also defines several file security context types to be used with the http daemon. For a listing, see the man page for httpd_selinux.The httpd_sys_content_t context type is used for files and subdirectories containing content to be accessible by the http daemon and all httpd scripts. Entering ls –Z displays the security context for items in the default http directory (/var/www/), as follows: [[email  protected] ~]$ ls -Z /var/www/ | grep html drwxr-xr-x root root system_u:object_r:httpd_sys_content_t html First Steps with Security-Enhanced Linux (SELinux) 5 The /var/www/html directory is the default location for all Web server content (defined by the variable setting of DocumentRoot /var/www/html in the /etc/httpd/conf/httpd. conf http configuration file).This directory is assigned the type httpd_sys_content_t as part of its security context which allows the http daemon to access its contents. Any file or subdirectory inherits the security context of the directory in which it is created; therefo re a file created in the html subdirectory inherits the httpd_sys_content_t type. In the following example, the root user creates the index. html file in the /root directory. The index. html inherits the security root:object_r:user_home_t context which is the expected security context for root in RHEL 5. 3. [[email  protected] ~]$ touch /root/index. html [[email  protected] ~]$ ls -Z /root/index. tml -rw-r–r– root root root:object_r:user_home_t /root/index. html If the root user copies the newly created index. html file to the /var/www/html/ directory, the file inherits the security context (httpd_sys_content_t) of the html subdirectory because a new copy of the file is created in the html subdirectory: [[email  protected] ~]$ cp /root/index. html /var/www/html [[email  protected] ~]$ ls -Z /var/www/html/index. html -rw-r–r– root root user_u:object_r:httpd_sys_content_t /var/www/html/index. html If you move the index. html file instead of copying it, a new file is not created in the html subdirectory and index. tml retains the user_home_t type: [[email  protected] ~]$ mv -f /root/index. html /var/www/html [[email  protected] ~]$ ls -Z /var/www/html/index. html -rw-r–r– root root user_u:object_r:user_home_t /var/www/html/index. html When a Web browser or network download agent like wget makes a request to the http daemon for the moved index. html file, with user_home_t context, the browser is denied access because SELinux is running in enforcing mode. [[email  protected] ~]# wget localhost/index. html –21:10:00– http://localhost/index. html Resolving localhost†¦ 127. 0. 0. 1 Connecting to localhost|127. 0. 0. 1|:80†¦ onnected. HTTP request sent, awaiting response†¦ 403 Forbidden 21:10:00 ERROR 403: Forbidden. SELinux generates error messages in both /var/log/messages and /var/log/httpd/error_log. The following message in /var/log/httpd/error_log is not very helpful because it t ells you only that access is being denied: [Wed May 20 12:47:57 2009] [error] [client 172. 16. 1. 100] (13) Permission denied: access to /index. html denied The following error message in /var/log/messages is more helpful because it tells you why SELinux is preventing access to the /var/www/html/index. html file – a potentially mislabeled file.Furthermore, it provides a command that you can use to produce a detailed summary of the issue. May 20 12:22:48 localhost setroubleshoot: SELinux is preventing the httpd from using potentially mislabeled files (/var/www/html/index. html). For complete SELinux messages. run sealert -l 9e568d42-4b20-471c-9214-b98020c4d97a Entering sealert –l 9e568d42-4b20-471c-9214-b98020c4d97 as suggested in the previous error message returns the following detailed error message: [[email  protected] ~]$ sealert –l 9e568d42-4b20-471c-9214-b98020c4d97 Summary: SELinux is preventing the httpd from using potentially mislabeled files (/var/www /html/index. html).Detailed Description: SELinux has denied httpd access to potentially mislabeled file(s) (/var/www/html/index. html). This means that SELinux will not allow httpd to use these files. It is common for users to edit files in their home directory or tmp directories and then 6 Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server move (mv) them to system directories. The problem is that the files end up with the wrong file context which confined applications are not allowed to access. Allowing Access: If you want httpd to access this files, you need to relabel them using restorecon -v ’/var/www/html/index. tml’. You might want to relabel the entire directory using restorecon -R -v ’/var/www/html’. Additional Information: Source Context root:system_r:httpd_t Target Context root:object_r:user_home_t Target Objects /var/www/html/index. html [ file ] Source httpd Source Path /usr/sbin/httpd Port Host loc alhost. localdomain Source RPM Packages httpd-2. 2. 3-22. el5 Target RPM Packages Policy RPM selinux-policy-2. 4. 6-203. el5 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name home_tmp_bad_labels Host Name localhost. localdomain Platform Linux localhost. ocaldomain 2. 6. 18-128. 1. 10. el5 #1 SMP Wed Apr 29 13:55:17 EDT 2009 i686 i686 Alert Count 24 First Seen Fri May 15 13:36:32 2009 Last Seen Wed May 20 12:47:56 2009 Local ID 9e568d42-4b20-471c-9214-b98020c4d97a Line Numbers Raw Audit Messages host=localhost. localdomain type=AVC msg=audit(1242838076. 937:1141): avc: denied { getattr } for pid=3197 comm=†httpd† path=†/var/www/html/index. html† dev=dm-0 ino=3827354 scontext=root:system_r:httpd_t:s0 context=root:object_r:user_home_t:s0 tclass=file host=localhost. localdomain type=SYSCALL msg=audit(1242838076. 37:1141): arch=40000003 syscall=196 success=no exit=-13 a0=8eaa788 a1=bfc8d49c a2=419ff4 a3=2008171 items=0 ppid=3273 pid=3197 auid=500 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4 comm=†httpd† exe=†/usr/sbin/httpd† subj=root:system_r:httpd_t:s0 key=(null) Although called a summary, this output is a very detailed report that provides the necessary commands to resolve the issue. As shown below, entering /sbin/restorecon -v ’/var/www/html/index. html as suggested not only resolves the problem, but also explains how you should change the security context for the /var/www/html/index. tml file. [[email  protected] ~]$ restorecon -v ’/var/www/html/index. html’ /sbin/restorecon reset /var/www/html/index. html context root:object_r:user_home_t:s0-; root:object_r:httpd_sys_content_t:s0 The previous restorecon -v command changed the security context of /var/www/html/index. html from root:object_r:user_home_t to root:object_r:httpd_sys_content_t. With a root:object_r:httpd_sys_content_t security context, the http dae mon can now access /var/www/html/index. html. Use a Web browser or wget to make another request to the httpd daemon for the index. html file with a restored security context.This time, the request is permitted: [[email  protected] ~]# wget localhost/index. html –21:09:21– http://localhost/index. html Resolving localhost†¦ 127. 0. 0. 1 Connecting to localhost|127. 0. 0. 1|:80†¦ connected. HTTP request sent, awaiting response†¦ 200 OK Length: 0 [text/html] Saving to: ’index. html’ First Steps with Security-Enhanced Linux (SELinux) 7 [ ] 0 –. -K/s in 0s 21:09:21 (0. 00 B/s) – ’index. html’ saved [0/0] Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies.HTTPD and SELinux Booleans SELinux has a set of built-in switches named Booleans or conditional policies t hat you can use to turn specific SELinux features on or off. Entering the getsebool -a | grep http command lists the 23 Booleans related to the http daemon, which are a subset of the 234 Booleans currently defined in the selinux-policy-2. 4. 6-203. el5 policy. These 23 Booleans allow you to customize SELinux policy for the http daemon during runtime without modifying, compiling, or loading a new policy. You can customize the level of http security by setting the relevant Boolean values or toggling between on and off values. [email  protected] ~]$ getsebool -a | grep http allow_httpd_anon_write –> off allow_httpd_bugzilla_script_anon_write –> off allow_httpd_mod_auth_pam –> off allow_httpd_nagios_script_anon_write –> off allow_httpd_prewikka_script_anon_write –> off allow_httpd_squid_script_anon_write –> off allow_httpd_sys_script_anon_write –> off httpd_builtin_scripting –> on httpd_can_network_connect –> off httpd_can _network_connect_db –> off httpd_can_network_relay –> off httpd_can_sendmail –> on httpd_disable_trans –> off httpd_enable_cgi –> on httpd_enable_ftp_server –> off httpd_enable_homedirs –> on httpd_rotatelogs_disable_trans –> off httpd_ssi_exec –> off httpd_suexec_disable_trans –> off httpd_tty_comm –> on httpd_unified –> on httpd_use_cifs –> off httpd_use_nfs –> off SELinux provides three command-line tools for working with Booleans: getsebool, setsebool, and togglesebool. The getsebool –a command returns the current state of all the SELinux Booleans defined by the policy.You can also use the command without the –a option to return settings for one or more specific Booleans entered on the command line, as follows: [[email  protected] ~]$ getsebool httpd_enable_cgi httpd_enable_cgi –> on Use setsebool to set the current state of one or more Booleans by specifying the Boolean and its value. Acceptable values to enable a Boolean are 1, true, and on. Acceptable values to disable a Boolean are 0, false, and off. See the following cases for examples. You can use the -P option with the setsebool command to write the specified changes to the SELinux policy file. These changes are persistent across reboots; unwritten changes remain in effect until you change them or the system is rebooted. Use setsebool to change status of the httpd_enable_cgi Boolean to off: [[email  protected] ~]$ setsebool httpd_enable_cgi 0 8Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Confirm status change of the httpd_enable_cgi Boolean: [[email  protected] ~]$ getsebool httpd_enable_cgi httpd_enable_cgi –> off The togglesebool tool flips the current value of one or more Booleans. This tool does not have an option that writes the changes to the policy file. Changes remain in effect until changed or the system is reb ooted. Use the togglesebool tool to switch the status of the httpd_enable_cgi Boolean, as follows: [[email  protected] ~]$ togglesebool httpd_enable_cgi httpd_enable_cgi: active Confirm the status change of the httpd_enable_cgi Boolean: [[email  protected] ~]$ getsebool httpd_enable_cgi httpd_enable_cgi –> onRelated reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies. Configuring HTTPD security using SELinux Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies. Securing Apache (static content only) The default Red Hat Enterprise Linux 5. 3 installation with SELinux running in enforcing mode provides a basic level of Web server security. You can increase that security level with a little effort.Because security is related to the function of the system, let's start with a Web server that only serves static content from the /var/www/html directory. 1. Ensure that SELinux is enabled and running in enforcing mode: [[email  protected] ~]$ sestatus SELinux status: SELinuxfs mount: Current mode: Mode from config file: Policy version: Policy from config file: enabled /selinux enforcing enforcing 21 2. Confirm that httpd is running as type httpd_t: [[email  protected] html]$ /bin/ps axZ root:system_r:httpd_t 2555 ? root:system_r:httpd_t 2593 ? root:system_r:httpd_t 2594 ? root:system_r:httpd_t 2595 ? root:system_r:httpd_t 2596 ? root:system_r:httpd_t 2597 ? root:system_r:httpd_t 2598 ? root:system_r:httpd_t 2599 ? root:system_r:httpd_t 2600 ? grep http Ss 0:00 httpd S 0:00 httpd S 0:00 httpd S 0:00 httpd S 0:00 httpd S 0:00 httpd S 0:00 httpd S 0:00 httpd S 0:00 httpd 3. Confirm that the /var/www/html directory is assigned the httpd_sys_content_t con text type: [[email  protected] ~]$ ls -Z /var/www/ drwxr-xr-x root root root:object_r:httpd_sys_script_exec_t cgi-bin drwxr-xr-x root root root:object_r:httpd_sys_content_t error drwxr-xr-x root root root:object_r:httpd_sys_content_t html First Steps with Security-Enhanced Linux (SELinux) 9 drwxr-xr-x drwxr-xr-x drwxr-xr-x root root root:object_r:httpd_sys_content_t icons root root root:object_r:httpd_sys_content_t manual webalizer root root:object_r:httpd_sys_content_t usage 4.Confirm that the content to be served is assigned the httpd_sys_content_t context type. For example: [[email  protected] ~]$ ls -Z /var/www/html/index. html -rw-r–r– root root root:object_r:httpd_sys_content_t /var/www/html/index. html Use a Web browser or wget to make a request to the httpd daemon for the index. html file and you should see that permission is granted. To increase the level of protection provided by SELinux, disable any httpd-related features that you do not want by turning off their corresponding Boolean. By default, the following six Boolean are set to on. If you do not need these features, turn them off by setting their Boolean variables to off. [email  protected] ~]# getsebool -a|grep http|grep â€Å"–> on† httpd_builtin_scripting –> on httpd_can_sendmail –> on httpd_enable_cgi –> on httpd_enable_homedirs –> on httpd_tty_comm –> on httpd_unified –> on httpd_can_sendmail If the Web server does not use Sendmail, turn this Boolean to off. This action prevents unauthorized users from sending e-mail spam from this system. httpd_enable_homedirs When this Boolean is set to on, it allows httpd to read content from subdirectories located under user home directories. If the Web server is not configured to serve content from user home directories, set this Boolean to off. httpd_tty_comm By default, httpd is allowed to access the controlling terminal.This action is necessary in certain situations where httpd must prompt the user for a password. If the Web server does not require this feature, set the Boolean to off. httpd_unified This Boolean affects the transition of the http daemon to security domains defined in SELinux policy. Enabling this Boolean creates a single security domain for all http-labeled content. For more information, see SELinux by Example listed under the â€Å"Related information and downloads,† on page 15 section. httpd_enable_cgi If your content does not use the Common Gateway Interface (CGI) protocol, set this Boolean to off. If you are unsure about using CGI in the Web server, try setting it to off and examine the log entries in the /var/log/messages file.The following example shows an error message from /var/log/messages resulting from SELinux blocking httpd execution of a CGI script: May 28 15:48:37 localhost setroubleshoot: SELinux is preventing the http daemon from executing cgi scripts. For complete SELinux messages. run sealert -l 0fdf4649-60df -47b5-bfd5-a72772207adc Entering sealert -l 0fdf4649-60df-47b5-bfd5-a72772207adc produces the following output: Summary: SELinux is preventing the http daemon from executing cgi scripts. Detailed Description: SELinux has denied the http daemon from executing a cgi script. httpd can be setup in a locked down mode where cgi scripts are not allowed to be executed. If the httpd server has been setup to not execute cgi scripts, this could signal a intrusion attempt.Allowing Access: If you want httpd to be able to run cgi scripts, you need to turn on the httpd_enable_cgi Boolean: â€Å"setsebool -P httpd_enable_cgi=1†³ 10 Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server The following command will allow this access: setsebool -P httpd_enable_cgi=1 Additional Information: Source Context root:system_r:httpd_t Target Context root:object_r:httpd_sys_script_exec_t Target Objects /var/www/cgi-bin [ dir ] Source httpd Source Path httpd Port Hos t localhost. localdomain Source RPM Packages httpd-2. 2. 3-22. el5 Target RPM Packages httpd-2. 2. 3-22. el5 Policy RPM selinux-policy-2. 4. 6-203. l5 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name httpd_enable_cgi Host Name localhost. localdomain Platform Linux localhost. localdomain 2. 6. 18-128. 1. 10. el5 #1 SMP Wed Apr 29 13:55:17 EDT 2009 i686 i686 Alert Count 1 First Seen Thu May 28 15:48:36 2009 Last Seen Thu May 28 15:48:36 2009 Local ID 0fdf4649-60df-47b5-bfd5-a72772207adc Line Numbers Raw Audit Messages host=localhost. localdomain type=AVC msg=audit(1243540116. 963:248): avc: denied { getattr } for pid=2595 comm=†httpd† path=†/var/www/cgi-bin† dev=dm-0 ino=5527166 scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:httpd_sys_script_exec_t:s0 tclass=dir host=localhost. localdomain type=SYSCALL msg=audit(1243540116. 63:248): arch=40000003 syscall=196 success=no exit=-13 a0=8bd0a88 a1=bfc790bc a2=4 d0ff4 a3=2008171 items=0 ppid=2555 pid=2595 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm=†httpd† exe=†httpd† subj=root:system_r:httpd_t:s0 key=(null) At the end of the previous output, listed under the Raw Audit Messages are these lines: â€Å"scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:httpd_sys_script_exec_t:s0 tclass=dir† This output shows you that httpd attempted to access a subdirectory with the httpd_sys_script_exec_t context type. This type is the context type of /var/www/cgi-bin, the directory where httpd looks for CGI scripts. The httpd daemon, with a httpd_t context type, was unable to access this subdirectory because the httpd_enable_cgi variable is set to off.With this configuration, SELinux does not allow a user or process of type httpd_t to access a directory, file, or process of type httpd_sys_script_exec_t. Therefore, the http daemon was denied access to the CGI script located in /var/www/cgi-bin. If you find similar messages in your log file, set the httpd_enable_cgi Boolean to on. httpd_builtin_scripting If you did not configure Apache to load scripting modules by changing the /etc/httpd/conf/ httpd. conf configuration file, set this Boolean to off. If you are unsure, turn httpd_builtin_scripting to off and check the /var/log/messages file for any httpd-related SELinux warnings. See the description of httpd_enable_cgi for an example. PHP and other scripting modules run with the same level of access as the http daemon.Therefore, turning httpd_builtin_scripting to off reduces the amount of access available if the Web server is compromised. To turn off all six of these Booleans and write the values to the policy file by using the setsebool -P command follow these steps: 1. Enter the setsebool -P command: First Steps with Security-Enhanced Linux (SELinux) 11 [[email  protected] ~]# setsebool -P httpd_can_sendmail=0 httpd_enable_homedirs =0 httpd_tty_comm=0 httpd_unified=0 httpd_enable_cgi=0 httpd_builtin_scripting=0 2. Check all the Boolean settings related to httpd by entering getsebool –a | grep httpd. The following output shows that all Boolean are set to off, including the six previously described variables which default to on. [email  protected] ~]$ getsebool -a | grep httpd allow_httpd_anon_write –> off allow_httpd_bugzilla_script_anon_write –> off allow_httpd_mod_auth_pam –> off allow_httpd_nagios_script_anon_write –> off allow_httpd_prewikka_script_anon_write –> off allow_httpd_squid_script_anon_write –> off allow_httpd_sys_script_anon_write –> off httpd_builtin_scripting –> off httpd_can_network_connect –> off httpd_can_network_connect_db –> off httpd_can_network_relay –> off httpd_can_sendmail –> off httpd_disable_trans –> off httpd_enable_cgi –> off httpd_enable_ftp_server –> off httpd_enable _homedirs –> off httpd_rotatelogs_disable_trans –> off httpd_ssi_exec –> off httpd_suexec_disable_trans –> off httpd_tty_comm –> off httpd_unified –> off httpd_use_cifs –> off httpd_use_nfs –> off 3. Use a Web browser or wget to make another request to the httpd daemon for the index. html file and you should succeed. Rebooting your machine does not change this configuration. This completes the necessary basic SELinux settings for hardening a Web server with static content. Next, look at hardening scripts accessed by the http daemon. Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies.Hardening CGI scripts with SELinux In the previous section, you used SELinux Booleans to disable scripting because the Web server used only static content. Beginning with that configuration, you can enable CGI scripting and use SELinux to secure the scripts. 1. Confirm that your Web server is configured as described in section â€Å"Securing Apache (static content only)† on page 9. 2. Red Hat Enterprise Linux provides a CGI script that you can use for testing. You can find the script at /usr/lib/perl5/5. 8. 8/CGI/eg/tryit. cgi. Copy this script to the /var/www/cgi-bin/ directory, as follows: [[email  protected] ~]$ cp /usr/lib/perl5/5. 8. 8/CGI/eg/tryit. gi /var/www/cgi-bin/ 3. Make sure that the first line of the tryit. cgi script contains the correct path to the perl binary. From the which perl output shown below, the path should be changed to ! #/usr/bin/perl. [[email  protected] ~]# which perl /usr/bin/perl [[email  protected] ~]# head -1 /var/www/cgi-bin/tryit. cgi #! /usr/local/bin/perl 4. Confirm that /var/www/cgi-bin is assigned the httpd_sys_script_exec_t context type as follows: [[email  protected] ~]$ ls -Z /var/www/ | grep cgi-bin drwxr-xr-x root root root:object_r:httpd_sys_script_exec_t cgi-bin 12 Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server 5.Allow and confirm read and execute permission for the tryit. cgi script to all users: [[email  protected] cgi-bin]# chmod 555 /var/www/cgi-bin/tryit. cgi [[email  protected] cgi-bin]# ls -Z -r-xr-xr-x root root root:object_r:httpd_sys_script_exec_t tryit. cgi 6. Confirm that /var/www/cgi-bin/tryit. cgi is assigned the httpd_sys_script_exec_t context type: [[email  protected] ~]$ ls -Z /var/www/cgi-bin/tryit. cgi -r-xr-xr-x root root root:object_r:httpd_sys_script_exec_t /var/www/cgi-bin/tryit. cgi 7. Enable CGI scripting in SELinux and confirm that it is enabled: [[email  protected] cgi-bin]$ setsebool httpd_enable_cgi=1 [[email  protected] cgi-bin]$ getsebool httpd_enable_cgi httpd_enable_cgi –> on 8.Open a Web browser and type the Web server address into the location bar. Include the /cgi-bin/tryit. cgi in the URL. For example, type http://192. 168. 1. 100/cgi-bin/tryit. cgi. The tryit. cgi script should return output similar to Figure 1: Figure 1. Figure 1: A Simple Example 9. Provide test answers to the form fields and click Submit Query. The tryit. cgi script should return output similar to Figure 2: First Steps with Security-Enhanced Linux (SELinux) 13 Figure 2. Figure 2: A Simple Example with results Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies. 14Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Appendix. Related information and downloads Related information v Wikipedia: Security-Enhanced Linux http://en. wikipedia. org/wiki/Selinux v Bell-La Padula model http://en. wikipedia. org/wiki/Bell-La_Padula_model v NSA Security-Enhanced Linux http://www. nsa. gov/research/selinux /index. shtml v Managing Red Hat Enterprise Linux 5 presentation http://people. redhat. com/dwalsh/SELinux/Presentations/ManageRHEL5. pdf v developerWorks Security Blueprint Community Forum http://www. ibm. com/developerworks/forums/forum. jspa? forumID=1271 v Red Hat Enterprise Linux 4: Red Hat SELinux Guide http://www. linuxtopia. rg/online_books/redhat_selinux_guide/rhlcommon-section-0055. html v F. Mayer, K. MacMillan, D. Caplan, â€Å"SELinux By Example – Using Security Enhanced Linux† Prentice Hall, 2007 Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies.  © Copyright IBM Corp. 2009 15 16 Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Notices This information was developed for products and services offered in the U. S. A. IBM may not offer the products, s ervices, or features discussed in this document in other countries.Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-IBM product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not grant you any license to these patents.You can send license inquiries, in writing, to: IBM Director of Licensing IBM Corporation North Castle Drive Armonk, NY 10504-1785 U. S. A. The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION â€Å"AS IS† WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors.Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other progr ams (including this one) and (ii) the mutual use of the information which has been exchanged, should contact: IBM Corporation Dept. LRAS/Bldg. 903 11501 Burnet Road Austin, TX 78758-3400 U. S. A. Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee.The licensed program described in this document and all licensed material available for it are provided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement or any equivalent agreement between us.  © Copyright IBM Corp. 2009 17 For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to: IBM World Trade Asia Corporation Licensing 2-31 Roppongi 3-chome, Minato-ku Tokyo 106-0032, Japan IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you. Informatio n concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources.IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. Any references in this information to non-IBM Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products.All of these names are fictitious and any similarity to the names and addresses used by an ac tual business enterprise is entirely coincidental. Trademarks IBM, the IBM logo, and ibm. com ® are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol ( ® and â„ ¢), these symbols indicate U. S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at Copyright and trademark information at www. ibm. com/legal/copytrade. html Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries. Java and all Java-based trademarks and logos are registered trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Linux is a trademark of Linus Torvalds in the United States, other countries, or both. UNIX is a registered trademark of The Open Group in the United States and other countries. Other company, product, or service names may be trademarks or service marks of others. 18 Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Printed in USA