{"id":29391518,"url":"https://github.com/nginx/nap-selinux","last_synced_at":"2026-05-20T10:02:06.435Z","repository":{"id":302628108,"uuid":"1007192086","full_name":"nginx/nap-selinux","owner":"nginx","description":"SElinux integration for NAP4/5","archived":false,"fork":false,"pushed_at":"2025-07-03T11:44:45.000Z","size":0,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-07-03T11:51:31.157Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nginx.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-06-23T15:48:56.000Z","updated_at":"2025-07-03T11:44:49.000Z","dependencies_parsed_at":"2025-07-03T18:05:44.732Z","dependency_job_id":null,"html_url":"https://github.com/nginx/nap-selinux","commit_stats":null,"previous_names":["nginx/nap-selinux"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/nginx/nap-selinux","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nginx%2Fnap-selinux","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nginx%2Fnap-selinux/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nginx%2Fnap-selinux/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nginx%2Fnap-selinux/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nginx","download_url":"https://codeload.github.com/nginx/nap-selinux/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nginx%2Fnap-selinux/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264555346,"owners_count":23627321,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-07-10T09:08:47.174Z","updated_at":"2026-05-20T10:02:01.390Z","avatar_url":"https://github.com/nginx.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SELinux Integration for NGINX App Protect WAF (NAP 4 \u0026 5)\n\nThis project provides tools, sample policies, and documentation for integrating **NGINX App Protect WAF (NAP) versions 4 and 5** with **SELinux** on RHEL-based systems.\n\n## Overview\n\nSELinux (Security-Enhanced Linux) provides a mandatory access control (MAC) framework for Linux systems. When deploying NGINX App Protect WAF in secure environments, customizing and enforcing SELinux policies ensures that only explicitly allowed operations are permitted, reducing the attack surface.\n\nThis repository contains:\n- Custom SELinux Type Enforcement (TE) policies and supporting files(.fc) for NAP 4 and NAP 5\n- Scripts for:\n  - Building and loading policies\n  - Extracting and interpreting SELinux denials from audit logs\n  - Automating test cycles with policy generation\n- Example AVC denial resolutions\n\n##  Structure\n\u003cpre\u003e\n.\n├── nap4-selinux/\n│   ├── selinux_policy/\n│   ├── test_scripts/\n│   ├── README.md\n│   └── troubleshooting.md\n├── nap5-selinux/\n│   ├── selinux_policy/\n│   ├── test_scripts/\n│   ├── README.md\n│   └── troubleshooting.md\n└── README.md\n\u003c/pre\u003e\n\n## Requirements\n\n-   RHEL 8/9 (or compatible)\n-   SELinux installed and enabled\n-   NGINX App Protect WAF v4 or v5\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnginx%2Fnap-selinux","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnginx%2Fnap-selinux","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnginx%2Fnap-selinux/lists"}