Selinux

Blueprints First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Blueprints First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Note Before using this information and the product it supports, read the information in â€Å"Notices† on page 17. First Edition (August 2009)  © Copyright IBM Corporation 2009. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Introduction . . . . . . . . . . . . . v First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server . . . . . . . . . . . . 1 Scope, requirements, and support Security-Enhanced Linux overview Access control: MAC and DAC SELinux basics. . . . . . SELinux and Apache . . . . Installing and running HTTPD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1 1 2 5 5 HTTPD and context types . . . . . . . . . 5 HTTPD and SE Linux Booleans . . . . . . . 8 Configuring HTTPD security using SELinux . . . . 9 Securing Apache (static content only) . . . . . 9 Hardening CGI scripts with SELinux . . . . . 12 Appendix. Related information and downloads . . . . . . . . . . . . . 15 Notices . . . . . . . . . . . . . . 17 Trademarks . . . . . . . . . . . . . 18  © Copyright IBM Corp. 2009 iii iv Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Introduction This blueprint provides a brief introduction to basic Security-Enhanced Linux (SELinux) commands and concepts, including Boolean variables. In addition, the paper shows you how to increase the security of the Apache Web server with SELinux by using these concepts. Key tools and technologies discussed in this demonstration include security-enhanced Linux (SELinux), mandatory access control (MAC), getenforce, sestatus, getsebool, and setsebool. Intended audienceThis blueprint is intended for Linux system or network administrators who want to learn more about securing their systems with SELinux. You should be familiar with installing and configuring Linux distributions, networks, and the Apache Web server. Scope and purpose This paper provides a basic overview of SELinux, SELinux Boolean variables, and hardening Apache on Red Hat Enterprise Linux (RHEL) 5. 3. For more information about configuring RHEL 5. 3, see the documentation supplied with your installation media or the distribution Web site. For more information about SELinux, see â€Å"Related information and downloads,† on page 15.Software requirements This blueprint is written and tested using Red Hat Enterprise Linux (RHEL) 5. 3. Hardware requirements The information contained in this blueprint is tested on different models of IBM System x and System p hardware. For a list of hardware supported by RHEL 5. 3, see the documentation supplied with your Linux distribution. Author names Robert Sisk Other contributors Monza Lui Kersten Richter Robb Romans IBM Services Linux offers flexibility, options, and competitive total cost of ownership with a world class enterprise operating system.Community innovation integrates leading-edge technologies and best practices into Linux. IBM ® is a leader in the Linux community with over 600 developers in the IBM Linux Technology Center working on over 100 open source projects in the community. IBM supports Linux on all IBM servers, storage, and middleware, offering the broadest flexibility to match your business needs.  © Copyright IBM Corp. 2009 v For more information about IBM and Linux, go to ibm. com/linux (https://www. ibm. com/linux) IBM Support Questions and comments regarding this documentation can be posted on the developerWorks Security Blueprint Community Forum: http://www. bm. com/developerworks/forums/forum. jspa? forumID=1271 The IBM developerWorks ® discussion forums let you ask questions, share knowledge, ideas, and opinions about technologies and progr amming techniques with other developerWorks users. Use the forum content at your own risk. While IBM will attempt to provide a timely response to all postings, the use of this developerWorks forum does not guarantee a response to every question that is posted, nor do we validate the answers or the code that are offered. Typographic conventionsThe following typographic conventions are used in this Blueprint: Bold Identifies commands, subroutines, keywords, files, structures, directories, and other items whose names are predefined by the system. Also identifies graphical objects such as buttons, labels, and icons that the user selects. Identifies parameters whose actual names or values are to be supplied by the user. Identifies examples of specific data values, examples of text like what you might see displayed, examples of portions of program code like what you might write as a programmer, messages from the system, or information you should actually type.Italics Monospace Related ref erence: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x ® running Linux and PowerLinux. You can learn more about the systems to which this information applies. vi Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Scope, requirements, and support This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies.Systems to which this information applies System x running Linux and PowerLinux Security-Enhanced Linux overview Security-Enhanced Linux (SELinux) is a component of the Linux operating system developed primarily by the United States National Security Agency. SELinux provides a method for creation and enforcement of mandatory access control (MAC) policies. These policies confine users and processes to the minimal amount of privilege req uired to perform assigned tasks. For more information about the history of SELinux, see http://en. wikipedia. org/wiki/Selinux.Since its release to the open source community in December 2000, the SELinux project has gained improvements such as predefined Boolean variables that make it easier to use. This paper helps you understand how to use these variables to configure SELinux policies on your system and to secure the Apache httpd daemon. Related reference: â€Å"Scope, requirements, and support† This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies. Access control: MAC and DAC Access level is important to computer system security.To compromise a system, attackers try to gain any possible level of access and then try to escalate that level until they are able to obtain restricted data or make unapproved system modifications. Because each user has some level of system access, every user account on your system increases the potential for abuse. System security has historically relied on trusting users not to abuse their access, but this trust has proven to be problematic. Today, server consolidation leads to more users per system. Outsourcing of Systems Management gives legitimate access, often at the system administrator level, to unknown users.Because server consolidation and outsourcing can be financially advantageous, what can you do to prevent abuse on Linux systems? To begin to answer that question, let's take a look at discretionary access control (DAC) and mandatory access control (MAC) and their differences. Discretionary access control (DAC), commonly known as file permissions, is the predominant access control mechanism in traditional UNIX and Linux systems. You may recognize the drwxr-xr-x or the ugo abbreviations for owner, group, and other permissions seen in a directory listing. In DAC, generally the resource owner (a user) controls who has access to a resour ce.For convenience, some users commonly set dangerous DAC file permissions that allow every user on the system to read, write, and execute many files that they own. In addition, a process started by a user can modify or delete any file to which the user has access. Processes that elevate their privileges high enough could therefore modify or delete system files. These instances are some of the disadvantages of DAC.  © Copyright IBM Corp. 2009 1 In contrast to DAC, mandatory access control (MAC) regulates user and process access to resources based upon an organizational (higher-level) security policy.This policy is a collection of rules that specify what types of access are allowed on a system. System policy is related to MAC in the same way that firewall rules are related to firewalls. SELinux is a Linux kernel implementation of a flexible MAC mechanism called type enforcement. In type enforcement, a type identifier is assigned to every user and object. An object can be a file or a process. To access an object, a user must be authorized for that object type. These authorizations are defined in a SELinux policy. Let's work through some examples and you will develop a better understanding of MAC and how it relates to SELinux.Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies. SELinux basics It is a good practice not to use the root user unless necessary. However for demonstrating how to use SELinux, the root user is used in the examples in this blueprint. Some of the commands shown require root privileges to run them; for example, running getenforce and editing the /etc/selinux/config file. Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux.You can learn more about the systems to which this information applies. Run modes You can enable or disable SELinux policy enforcement on a Red Hat Enterprise Linux system during or after operating system installation. When disabled, SELinux has no effect on the system. When enabled, SELinux runs in one of two modes: v Enforcing: SELinux is enabled and SELinux policy is enforced v Permissive: SELinux is enabled but it only logs warnings instead of enforcing the policy When prompted during operating system installation, if you choose to enable SELinux, it is installed with a default security policy and set to run in the enforcing mode.Confirm the status of SELinux on your system. Like in many UNIX or Linux operating systems, there is more than one way to perform a task. To check the current mode, run one of the following commands: getenforce, sestatus, or cat /etc/selinux/config. v The getenorce command returns the current SELinux run mode, or Disabled if SELinux is not enabled. In the following example, getenforce shows that SELinux is enabled and enforcin g the current SELinux policy: [[email  protected] ~]$ getenforce EnforcingIf your system is displaying Permissive or Disabled and you want to follow along with the instructions, change the /etc/selinux/config file to run in Enforcing mode before continuing with the demonstration. Remember that if you are in Disabled mode, you should change first to Permissive and then to Enforcing. v The setstatus command returns the current run mode, along with information about the SELinux policy if SELinux is enabled. In the following example, setstatus shows that SELinux is enabled and enforcing the current SELinux policy: [[email  protected] ~]$ sestatus SELinux status: SELinuxfs mount: enabled /selinux Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Current mode: Mode from config file: Policy version: Policy from config file: enforcing enforcing 21 targeted v The /etc/selinux/config file configures SELinux and controls the mode as well as the active policy. Changes to the /etc/selinux/config file become effective only after you reboot the system. In the following example, the file shows that the mode is set to enforcing and the current policy type is targeted. [[email  protected] ~]$ cat /etc/selinux/config # This file controls the state of SELinux on the system. SELINUX= can take one of these three values: # enforcing – SELinux security policy is enforced. # permissive – SELinux prints warnings instead of enforcing. # disabled – SELinux is fully disabled. SELINUX=enforcing # SELINUXTYPE= type of policy in use. Possible values are: # targeted – Only targeted network daemons are protected. # strict – Full SELinux protection. SELINUXTYPE=targeted To enable SELinux, you need to set the value of the SELINUX parameter in the /etc/selinux/config file to either enforcing or permissive. If you enable SELinux in the config file, you must reboot your system to start SELinux.We recommend that y ou set SELINUX=permissive if the file system has never been labeled, has not been labeled recently, or you are not sure when it was last labeled. Note that file system labeling is the process of assigning a label containing security-relevant information to each file. In SELinux a file label is composed of the user, role, and type such as system_u:object_r:httpd_sys_content_t. Permissive mode ensures that SELinux does not interfere with the boot sequence if a command in the sequence occurs before the file system relabel is completed. Once the system is up and running, you can change the SELinux mode to enforcing.If you want to change the mode of SELinux on a running system, use the setenforce command. Entering setenforce enforcing changes the mode to enforcing and setenforce permissive changes the mode to permissive. To disable SELinux, edit the /etc/selinux/config file as described previously and reboot. You cannot disable or enable SELinux on a running system from the command line; you can only switch between enforcing and permissive when SELinux is enabled. Change the mode of SELinux to permissive by entering the following command: [[email  protected] ~]$ setenforce permissiveRecheck the output from getenforce, sestatus, and cat /etc/selinux/config. v The getenforce command returns Permissive, confirming the mode change: [[email  protected] ~]$ getenforce Permissive v The sestatus command also returns a Permissive mode value: [[email  protected] ~]$sestatus SELinux status: SELinuxfs mount: Current mode: Mode from config file: Policy version: Policy from config file: enabled /selinux permissive enforcing 21 targeted v After changing the mode to permissive, both the getenforce and sestatus commands return the correct permissive mode.However, look carefully at the output from the sestatus command: [[email  protected] ~]$ cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enfo rcing – SELinux security policy is enforced. # permissive – SELinux prints warnings instead of enforcing. First Steps with Security-Enhanced Linux (SELinux) 3 # disabled – SELinux is fully disabled. SELINUX=enforcing # SELINUXTYPE= type of policy in use. Possible values are: # targeted – Only targeted network daemons are protected. # strict – Full SELinux protection.SELINUXTYPE=targeted [[email  protected] ~]$ The Mode from config file parameter is enforcing. This setting is consistent with the cat /etc/selinux/config output because the config file was not changed. This status implies that the changes made by the setenforce command does not carry over to the next boot. If you reboot, SELinux returns to run state as configured in /etc/selinux/conf in enforcing mode. Change the running mode back to enforcing by entering the following command: [[email  protected] ~]$ setenforce enforcing The following output confirms the mode change: [[email  pr otected] ~]$ getenforce EnforcingRelated reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies. Security contexts The concept of type enforcement and the SELinux type identifier were discussed in the Overview. Let's explore these concepts in more detail. The SELinux implementation of MAC employs a type enforcement mechanism that requires every subject and object to be assigned a type identifier. The terms subject and object are defined in the Bell-La Padula multilevel security model (see http://en. wikipedia. rg/wiki/Bell-La_Padula_model for more information). Think of the subject as a user or a process and the object as a file or a process. Typically, a subject accesses an object; for example, a user modifies a file. When SELinux runs in enforcing mode, a subject cannot access an object unless the type identifier assigned to the subje ct is authorized to access the object. The default policy is to deny all access not specifically allowed. Authorization is determined by rules defined in the SELinux policy. An example of a rule granting access may be as simple as: allow httpd_t httpd_sys_content_t : file {ioctol read getattr lock};In this rule, the subject http daemon, assigned the type identifier of httpd_t, is given the permissions ioctol, read, getattr, and lock for any file object assigned the type identifier httpd_sys_content_t. In simple terms, the http daemon is allowed to read a file that is assigned the type identifier httpd_sys_content_t. This is a basic example of an allow rule type. There are many types of allow rules and some are very complex. There are also many type identifiers for use with subjects and objects. For more information about rule definitions, see: SELinux by Example in the â€Å"Related information and downloads,† on page 15 section.SELinux adds type enforcement to standard Linux distributions. To access an object, the user must have both the appropriate file permissions (DAC) and the correct SELinux access. An SELinux security context contains three parts: the user, the role, and the type identifier. Running the ls command with the –Z switch displays the typical file information as well as the security context for each item in the subdirectory. In the following example, the security context for the index. html file is composed of user_u as the user, object_r as the role, and httpd_sys_content_t as the type identifier [[email  protected] html]$ ls -Z index. tml -rw-r–r– web_admin web_admin user_u:object_r:httpd_sys_content_t index. html 4 Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information a pplies. SELinux and Apache Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies.Installing and running HTTPD Now that you have a general understanding of the SELinux security context, you can secure an Apache Web server using SELinux. To follow along, you must have Apache installed on your system. You can install Apache on Red Hat Linux by entering the following command: [[email  protected] html]$ yum install httpd Next, start the Apache http daemon by entering service httpd start, as follows: [[email  protected] html]$ service httpd start Starting httpd: Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux.You can learn more about the systems to which this information applies. HTTPD and context types Red Hat Enterprise Linux 5. 3, at th e time of this writing, uses selinux-policy-2. 4. 6-203. el5. This policy defines the security context for the http daemon object as httpd_t. Because SELinux is running in enforcing mode, entering /bin/ps axZ | grep httpd produces the following output: [[email  protected] html]$ ps axZ | grep http rootroot:system_r:httpd_t 2555 ? Ss 0:00 /usr/sbin/httpd rootroot:system_r:httpd_t 2593 ? S 0:00 /usr/sbin/httpd rootroot:system_r:httpd_t 2594 ? S 0:00 /usr/sbin/httpd root:system_r:httpd_t 2595 ?S 0:00 /usr/sbin/httpd root:system_r:httpd_t 2596 ? S 0:00 /usr/sbin/httpd root:system_r:httpd_t 2597 ? S 0:00 /usr/sbin/httpd root:system_r:httpd_t 2598 ? S 0:00 /usr/sbin/httpd root:system_r:httpd_t 2599 ? S 0:00 /usr/sbin/httpd root:system_r:httpd_t 2600 ? S 0:00 /usr/sbin/httpd The Z option to ps shows the security context for the httpd processes as root:system_r:httpd_t, confirming that httpd is running as the security type httpd_t. The selinux-policy-2. 4. 6-203. el5 also defines several file security context types to be used with the http daemon. For a listing, see the man page for httpd_selinux.The httpd_sys_content_t context type is used for files and subdirectories containing content to be accessible by the http daemon and all httpd scripts. Entering ls –Z displays the security context for items in the default http directory (/var/www/), as follows: [[email  protected] ~]$ ls -Z /var/www/ | grep html drwxr-xr-x root root system_u:object_r:httpd_sys_content_t html First Steps with Security-Enhanced Linux (SELinux) 5 The /var/www/html directory is the default location for all Web server content (defined by the variable setting of DocumentRoot /var/www/html in the /etc/httpd/conf/httpd. conf http configuration file).This directory is assigned the type httpd_sys_content_t as part of its security context which allows the http daemon to access its contents. Any file or subdirectory inherits the security context of the directory in which it is created; therefo re a file created in the html subdirectory inherits the httpd_sys_content_t type. In the following example, the root user creates the index. html file in the /root directory. The index. html inherits the security root:object_r:user_home_t context which is the expected security context for root in RHEL 5. 3. [[email  protected] ~]$ touch /root/index. html [[email  protected] ~]$ ls -Z /root/index. tml -rw-r–r– root root root:object_r:user_home_t /root/index. html If the root user copies the newly created index. html file to the /var/www/html/ directory, the file inherits the security context (httpd_sys_content_t) of the html subdirectory because a new copy of the file is created in the html subdirectory: [[email  protected] ~]$ cp /root/index. html /var/www/html [[email  protected] ~]$ ls -Z /var/www/html/index. html -rw-r–r– root root user_u:object_r:httpd_sys_content_t /var/www/html/index. html If you move the index. html file instead of copying it, a new file is not created in the html subdirectory and index. tml retains the user_home_t type: [[email  protected] ~]$ mv -f /root/index. html /var/www/html [[email  protected] ~]$ ls -Z /var/www/html/index. html -rw-r–r– root root user_u:object_r:user_home_t /var/www/html/index. html When a Web browser or network download agent like wget makes a request to the http daemon for the moved index. html file, with user_home_t context, the browser is denied access because SELinux is running in enforcing mode. [[email  protected] ~]# wget localhost/index. html –21:10:00– http://localhost/index. html Resolving localhost†¦ 127. 0. 0. 1 Connecting to localhost|127. 0. 0. 1|:80†¦ onnected. HTTP request sent, awaiting response†¦ 403 Forbidden 21:10:00 ERROR 403: Forbidden. SELinux generates error messages in both /var/log/messages and /var/log/httpd/error_log. The following message in /var/log/httpd/error_log is not very helpful because it t ells you only that access is being denied: [Wed May 20 12:47:57 2009] [error] [client 172. 16. 1. 100] (13) Permission denied: access to /index. html denied The following error message in /var/log/messages is more helpful because it tells you why SELinux is preventing access to the /var/www/html/index. html file – a potentially mislabeled file.Furthermore, it provides a command that you can use to produce a detailed summary of the issue. May 20 12:22:48 localhost setroubleshoot: SELinux is preventing the httpd from using potentially mislabeled files (/var/www/html/index. html). For complete SELinux messages. run sealert -l 9e568d42-4b20-471c-9214-b98020c4d97a Entering sealert –l 9e568d42-4b20-471c-9214-b98020c4d97 as suggested in the previous error message returns the following detailed error message: [[email  protected] ~]$ sealert –l 9e568d42-4b20-471c-9214-b98020c4d97 Summary: SELinux is preventing the httpd from using potentially mislabeled files (/var/www /html/index. html).Detailed Description: SELinux has denied httpd access to potentially mislabeled file(s) (/var/www/html/index. html). This means that SELinux will not allow httpd to use these files. It is common for users to edit files in their home directory or tmp directories and then 6 Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server move (mv) them to system directories. The problem is that the files end up with the wrong file context which confined applications are not allowed to access. Allowing Access: If you want httpd to access this files, you need to relabel them using restorecon -v ’/var/www/html/index. tml’. You might want to relabel the entire directory using restorecon -R -v ’/var/www/html’. Additional Information: Source Context root:system_r:httpd_t Target Context root:object_r:user_home_t Target Objects /var/www/html/index. html [ file ] Source httpd Source Path /usr/sbin/httpd Port Host loc alhost. localdomain Source RPM Packages httpd-2. 2. 3-22. el5 Target RPM Packages Policy RPM selinux-policy-2. 4. 6-203. el5 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name home_tmp_bad_labels Host Name localhost. localdomain Platform Linux localhost. ocaldomain 2. 6. 18-128. 1. 10. el5 #1 SMP Wed Apr 29 13:55:17 EDT 2009 i686 i686 Alert Count 24 First Seen Fri May 15 13:36:32 2009 Last Seen Wed May 20 12:47:56 2009 Local ID 9e568d42-4b20-471c-9214-b98020c4d97a Line Numbers Raw Audit Messages host=localhost. localdomain type=AVC msg=audit(1242838076. 937:1141): avc: denied { getattr } for pid=3197 comm=†httpd† path=†/var/www/html/index. html† dev=dm-0 ino=3827354 scontext=root:system_r:httpd_t:s0 context=root:object_r:user_home_t:s0 tclass=file host=localhost. localdomain type=SYSCALL msg=audit(1242838076. 37:1141): arch=40000003 syscall=196 success=no exit=-13 a0=8eaa788 a1=bfc8d49c a2=419ff4 a3=2008171 items=0 ppid=3273 pid=3197 auid=500 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4 comm=†httpd† exe=†/usr/sbin/httpd† subj=root:system_r:httpd_t:s0 key=(null) Although called a summary, this output is a very detailed report that provides the necessary commands to resolve the issue. As shown below, entering /sbin/restorecon -v ’/var/www/html/index. html as suggested not only resolves the problem, but also explains how you should change the security context for the /var/www/html/index. tml file. [[email  protected] ~]$ restorecon -v ’/var/www/html/index. html’ /sbin/restorecon reset /var/www/html/index. html context root:object_r:user_home_t:s0-; root:object_r:httpd_sys_content_t:s0 The previous restorecon -v command changed the security context of /var/www/html/index. html from root:object_r:user_home_t to root:object_r:httpd_sys_content_t. With a root:object_r:httpd_sys_content_t security context, the http dae mon can now access /var/www/html/index. html. Use a Web browser or wget to make another request to the httpd daemon for the index. html file with a restored security context.This time, the request is permitted: [[email  protected] ~]# wget localhost/index. html –21:09:21– http://localhost/index. html Resolving localhost†¦ 127. 0. 0. 1 Connecting to localhost|127. 0. 0. 1|:80†¦ connected. HTTP request sent, awaiting response†¦ 200 OK Length: 0 [text/html] Saving to: ’index. html’ First Steps with Security-Enhanced Linux (SELinux) 7 [ ] 0 –. -K/s in 0s 21:09:21 (0. 00 B/s) – ’index. html’ saved [0/0] Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies.HTTPD and SELinux Booleans SELinux has a set of built-in switches named Booleans or conditional policies t hat you can use to turn specific SELinux features on or off. Entering the getsebool -a | grep http command lists the 23 Booleans related to the http daemon, which are a subset of the 234 Booleans currently defined in the selinux-policy-2. 4. 6-203. el5 policy. These 23 Booleans allow you to customize SELinux policy for the http daemon during runtime without modifying, compiling, or loading a new policy. You can customize the level of http security by setting the relevant Boolean values or toggling between on and off values. [email  protected] ~]$ getsebool -a | grep http allow_httpd_anon_write –> off allow_httpd_bugzilla_script_anon_write –> off allow_httpd_mod_auth_pam –> off allow_httpd_nagios_script_anon_write –> off allow_httpd_prewikka_script_anon_write –> off allow_httpd_squid_script_anon_write –> off allow_httpd_sys_script_anon_write –> off httpd_builtin_scripting –> on httpd_can_network_connect –> off httpd_can _network_connect_db –> off httpd_can_network_relay –> off httpd_can_sendmail –> on httpd_disable_trans –> off httpd_enable_cgi –> on httpd_enable_ftp_server –> off httpd_enable_homedirs –> on httpd_rotatelogs_disable_trans –> off httpd_ssi_exec –> off httpd_suexec_disable_trans –> off httpd_tty_comm –> on httpd_unified –> on httpd_use_cifs –> off httpd_use_nfs –> off SELinux provides three command-line tools for working with Booleans: getsebool, setsebool, and togglesebool. The getsebool –a command returns the current state of all the SELinux Booleans defined by the policy.You can also use the command without the –a option to return settings for one or more specific Booleans entered on the command line, as follows: [[email  protected] ~]$ getsebool httpd_enable_cgi httpd_enable_cgi –> on Use setsebool to set the current state of one or more Booleans by specifying the Boolean and its value. Acceptable values to enable a Boolean are 1, true, and on. Acceptable values to disable a Boolean are 0, false, and off. See the following cases for examples. You can use the -P option with the setsebool command to write the specified changes to the SELinux policy file. These changes are persistent across reboots; unwritten changes remain in effect until you change them or the system is rebooted. Use setsebool to change status of the httpd_enable_cgi Boolean to off: [[email  protected] ~]$ setsebool httpd_enable_cgi 0 8Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Confirm status change of the httpd_enable_cgi Boolean: [[email  protected] ~]$ getsebool httpd_enable_cgi httpd_enable_cgi –> off The togglesebool tool flips the current value of one or more Booleans. This tool does not have an option that writes the changes to the policy file. Changes remain in effect until changed or the system is reb ooted. Use the togglesebool tool to switch the status of the httpd_enable_cgi Boolean, as follows: [[email  protected] ~]$ togglesebool httpd_enable_cgi httpd_enable_cgi: active Confirm the status change of the httpd_enable_cgi Boolean: [[email  protected] ~]$ getsebool httpd_enable_cgi httpd_enable_cgi –> onRelated reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies. Configuring HTTPD security using SELinux Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies. Securing Apache (static content only) The default Red Hat Enterprise Linux 5. 3 installation with SELinux running in enforcing mode provides a basic level of Web server security. You can increase that security level with a little effort.Because security is related to the function of the system, let's start with a Web server that only serves static content from the /var/www/html directory. 1. Ensure that SELinux is enabled and running in enforcing mode: [[email  protected] ~]$ sestatus SELinux status: SELinuxfs mount: Current mode: Mode from config file: Policy version: Policy from config file: enabled /selinux enforcing enforcing 21 2. Confirm that httpd is running as type httpd_t: [[email  protected] html]$ /bin/ps axZ root:system_r:httpd_t 2555 ? root:system_r:httpd_t 2593 ? root:system_r:httpd_t 2594 ? root:system_r:httpd_t 2595 ? root:system_r:httpd_t 2596 ? root:system_r:httpd_t 2597 ? root:system_r:httpd_t 2598 ? root:system_r:httpd_t 2599 ? root:system_r:httpd_t 2600 ? grep http Ss 0:00 httpd S 0:00 httpd S 0:00 httpd S 0:00 httpd S 0:00 httpd S 0:00 httpd S 0:00 httpd S 0:00 httpd S 0:00 httpd 3. Confirm that the /var/www/html directory is assigned the httpd_sys_content_t con text type: [[email  protected] ~]$ ls -Z /var/www/ drwxr-xr-x root root root:object_r:httpd_sys_script_exec_t cgi-bin drwxr-xr-x root root root:object_r:httpd_sys_content_t error drwxr-xr-x root root root:object_r:httpd_sys_content_t html First Steps with Security-Enhanced Linux (SELinux) 9 drwxr-xr-x drwxr-xr-x drwxr-xr-x root root root:object_r:httpd_sys_content_t icons root root root:object_r:httpd_sys_content_t manual webalizer root root:object_r:httpd_sys_content_t usage 4.Confirm that the content to be served is assigned the httpd_sys_content_t context type. For example: [[email  protected] ~]$ ls -Z /var/www/html/index. html -rw-r–r– root root root:object_r:httpd_sys_content_t /var/www/html/index. html Use a Web browser or wget to make a request to the httpd daemon for the index. html file and you should see that permission is granted. To increase the level of protection provided by SELinux, disable any httpd-related features that you do not want by turning off their corresponding Boolean. By default, the following six Boolean are set to on. If you do not need these features, turn them off by setting their Boolean variables to off. [email  protected] ~]# getsebool -a|grep http|grep â€Å"–> on† httpd_builtin_scripting –> on httpd_can_sendmail –> on httpd_enable_cgi –> on httpd_enable_homedirs –> on httpd_tty_comm –> on httpd_unified –> on httpd_can_sendmail If the Web server does not use Sendmail, turn this Boolean to off. This action prevents unauthorized users from sending e-mail spam from this system. httpd_enable_homedirs When this Boolean is set to on, it allows httpd to read content from subdirectories located under user home directories. If the Web server is not configured to serve content from user home directories, set this Boolean to off. httpd_tty_comm By default, httpd is allowed to access the controlling terminal.This action is necessary in certain situations where httpd must prompt the user for a password. If the Web server does not require this feature, set the Boolean to off. httpd_unified This Boolean affects the transition of the http daemon to security domains defined in SELinux policy. Enabling this Boolean creates a single security domain for all http-labeled content. For more information, see SELinux by Example listed under the â€Å"Related information and downloads,† on page 15 section. httpd_enable_cgi If your content does not use the Common Gateway Interface (CGI) protocol, set this Boolean to off. If you are unsure about using CGI in the Web server, try setting it to off and examine the log entries in the /var/log/messages file.The following example shows an error message from /var/log/messages resulting from SELinux blocking httpd execution of a CGI script: May 28 15:48:37 localhost setroubleshoot: SELinux is preventing the http daemon from executing cgi scripts. For complete SELinux messages. run sealert -l 0fdf4649-60df -47b5-bfd5-a72772207adc Entering sealert -l 0fdf4649-60df-47b5-bfd5-a72772207adc produces the following output: Summary: SELinux is preventing the http daemon from executing cgi scripts. Detailed Description: SELinux has denied the http daemon from executing a cgi script. httpd can be setup in a locked down mode where cgi scripts are not allowed to be executed. If the httpd server has been setup to not execute cgi scripts, this could signal a intrusion attempt.Allowing Access: If you want httpd to be able to run cgi scripts, you need to turn on the httpd_enable_cgi Boolean: â€Å"setsebool -P httpd_enable_cgi=1†³ 10 Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server The following command will allow this access: setsebool -P httpd_enable_cgi=1 Additional Information: Source Context root:system_r:httpd_t Target Context root:object_r:httpd_sys_script_exec_t Target Objects /var/www/cgi-bin [ dir ] Source httpd Source Path httpd Port Hos t localhost. localdomain Source RPM Packages httpd-2. 2. 3-22. el5 Target RPM Packages httpd-2. 2. 3-22. el5 Policy RPM selinux-policy-2. 4. 6-203. l5 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name httpd_enable_cgi Host Name localhost. localdomain Platform Linux localhost. localdomain 2. 6. 18-128. 1. 10. el5 #1 SMP Wed Apr 29 13:55:17 EDT 2009 i686 i686 Alert Count 1 First Seen Thu May 28 15:48:36 2009 Last Seen Thu May 28 15:48:36 2009 Local ID 0fdf4649-60df-47b5-bfd5-a72772207adc Line Numbers Raw Audit Messages host=localhost. localdomain type=AVC msg=audit(1243540116. 963:248): avc: denied { getattr } for pid=2595 comm=†httpd† path=†/var/www/cgi-bin† dev=dm-0 ino=5527166 scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:httpd_sys_script_exec_t:s0 tclass=dir host=localhost. localdomain type=SYSCALL msg=audit(1243540116. 63:248): arch=40000003 syscall=196 success=no exit=-13 a0=8bd0a88 a1=bfc790bc a2=4 d0ff4 a3=2008171 items=0 ppid=2555 pid=2595 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm=†httpd† exe=†httpd† subj=root:system_r:httpd_t:s0 key=(null) At the end of the previous output, listed under the Raw Audit Messages are these lines: â€Å"scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:httpd_sys_script_exec_t:s0 tclass=dir† This output shows you that httpd attempted to access a subdirectory with the httpd_sys_script_exec_t context type. This type is the context type of /var/www/cgi-bin, the directory where httpd looks for CGI scripts. The httpd daemon, with a httpd_t context type, was unable to access this subdirectory because the httpd_enable_cgi variable is set to off.With this configuration, SELinux does not allow a user or process of type httpd_t to access a directory, file, or process of type httpd_sys_script_exec_t. Therefore, the http daemon was denied access to the CGI script located in /var/www/cgi-bin. If you find similar messages in your log file, set the httpd_enable_cgi Boolean to on. httpd_builtin_scripting If you did not configure Apache to load scripting modules by changing the /etc/httpd/conf/ httpd. conf configuration file, set this Boolean to off. If you are unsure, turn httpd_builtin_scripting to off and check the /var/log/messages file for any httpd-related SELinux warnings. See the description of httpd_enable_cgi for an example. PHP and other scripting modules run with the same level of access as the http daemon.Therefore, turning httpd_builtin_scripting to off reduces the amount of access available if the Web server is compromised. To turn off all six of these Booleans and write the values to the policy file by using the setsebool -P command follow these steps: 1. Enter the setsebool -P command: First Steps with Security-Enhanced Linux (SELinux) 11 [[email  protected] ~]# setsebool -P httpd_can_sendmail=0 httpd_enable_homedirs =0 httpd_tty_comm=0 httpd_unified=0 httpd_enable_cgi=0 httpd_builtin_scripting=0 2. Check all the Boolean settings related to httpd by entering getsebool –a | grep httpd. The following output shows that all Boolean are set to off, including the six previously described variables which default to on. [email  protected] ~]$ getsebool -a | grep httpd allow_httpd_anon_write –> off allow_httpd_bugzilla_script_anon_write –> off allow_httpd_mod_auth_pam –> off allow_httpd_nagios_script_anon_write –> off allow_httpd_prewikka_script_anon_write –> off allow_httpd_squid_script_anon_write –> off allow_httpd_sys_script_anon_write –> off httpd_builtin_scripting –> off httpd_can_network_connect –> off httpd_can_network_connect_db –> off httpd_can_network_relay –> off httpd_can_sendmail –> off httpd_disable_trans –> off httpd_enable_cgi –> off httpd_enable_ftp_server –> off httpd_enable _homedirs –> off httpd_rotatelogs_disable_trans –> off httpd_ssi_exec –> off httpd_suexec_disable_trans –> off httpd_tty_comm –> off httpd_unified –> off httpd_use_cifs –> off httpd_use_nfs –> off 3. Use a Web browser or wget to make another request to the httpd daemon for the index. html file and you should succeed. Rebooting your machine does not change this configuration. This completes the necessary basic SELinux settings for hardening a Web server with static content. Next, look at hardening scripts accessed by the http daemon. Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies.Hardening CGI scripts with SELinux In the previous section, you used SELinux Booleans to disable scripting because the Web server used only static content. Beginning with that configuration, you can enable CGI scripting and use SELinux to secure the scripts. 1. Confirm that your Web server is configured as described in section â€Å"Securing Apache (static content only)† on page 9. 2. Red Hat Enterprise Linux provides a CGI script that you can use for testing. You can find the script at /usr/lib/perl5/5. 8. 8/CGI/eg/tryit. cgi. Copy this script to the /var/www/cgi-bin/ directory, as follows: [[email  protected] ~]$ cp /usr/lib/perl5/5. 8. 8/CGI/eg/tryit. gi /var/www/cgi-bin/ 3. Make sure that the first line of the tryit. cgi script contains the correct path to the perl binary. From the which perl output shown below, the path should be changed to ! #/usr/bin/perl. [[email  protected] ~]# which perl /usr/bin/perl [[email  protected] ~]# head -1 /var/www/cgi-bin/tryit. cgi #! /usr/local/bin/perl 4. Confirm that /var/www/cgi-bin is assigned the httpd_sys_script_exec_t context type as follows: [[email  protected] ~]$ ls -Z /var/www/ | grep cgi-bin drwxr-xr-x root root root:object_r:httpd_sys_script_exec_t cgi-bin 12 Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server 5.Allow and confirm read and execute permission for the tryit. cgi script to all users: [[email  protected] cgi-bin]# chmod 555 /var/www/cgi-bin/tryit. cgi [[email  protected] cgi-bin]# ls -Z -r-xr-xr-x root root root:object_r:httpd_sys_script_exec_t tryit. cgi 6. Confirm that /var/www/cgi-bin/tryit. cgi is assigned the httpd_sys_script_exec_t context type: [[email  protected] ~]$ ls -Z /var/www/cgi-bin/tryit. cgi -r-xr-xr-x root root root:object_r:httpd_sys_script_exec_t /var/www/cgi-bin/tryit. cgi 7. Enable CGI scripting in SELinux and confirm that it is enabled: [[email  protected] cgi-bin]$ setsebool httpd_enable_cgi=1 [[email  protected] cgi-bin]$ getsebool httpd_enable_cgi httpd_enable_cgi –> on 8.Open a Web browser and type the Web server address into the location bar. Include the /cgi-bin/tryit. cgi in the URL. For example, type http://192. 168. 1. 100/cgi-bin/tryit. cgi. The tryit. cgi script should return output similar to Figure 1: Figure 1. Figure 1: A Simple Example 9. Provide test answers to the form fields and click Submit Query. The tryit. cgi script should return output similar to Figure 2: First Steps with Security-Enhanced Linux (SELinux) 13 Figure 2. Figure 2: A Simple Example with results Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies. 14Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Appendix. Related information and downloads Related information v Wikipedia: Security-Enhanced Linux http://en. wikipedia. org/wiki/Selinux v Bell-La Padula model http://en. wikipedia. org/wiki/Bell-La_Padula_model v NSA Security-Enhanced Linux http://www. nsa. gov/research/selinux /index. shtml v Managing Red Hat Enterprise Linux 5 presentation http://people. redhat. com/dwalsh/SELinux/Presentations/ManageRHEL5. pdf v developerWorks Security Blueprint Community Forum http://www. ibm. com/developerworks/forums/forum. jspa? forumID=1271 v Red Hat Enterprise Linux 4: Red Hat SELinux Guide http://www. linuxtopia. rg/online_books/redhat_selinux_guide/rhlcommon-section-0055. html v F. Mayer, K. MacMillan, D. Caplan, â€Å"SELinux By Example – Using Security Enhanced Linux† Prentice Hall, 2007 Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies.  © Copyright IBM Corp. 2009 15 16 Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Notices This information was developed for products and services offered in the U. S. A. IBM may not offer the products, s ervices, or features discussed in this document in other countries.Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-IBM product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not grant you any license to these patents.You can send license inquiries, in writing, to: IBM Director of Licensing IBM Corporation North Castle Drive Armonk, NY 10504-1785 U. S. A. The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION â€Å"AS IS† WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors.Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other progr ams (including this one) and (ii) the mutual use of the information which has been exchanged, should contact: IBM Corporation Dept. LRAS/Bldg. 903 11501 Burnet Road Austin, TX 78758-3400 U. S. A. Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee.The licensed program described in this document and all licensed material available for it are provided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement or any equivalent agreement between us.  © Copyright IBM Corp. 2009 17 For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to: IBM World Trade Asia Corporation Licensing 2-31 Roppongi 3-chome, Minato-ku Tokyo 106-0032, Japan IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you. Informatio n concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources.IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. Any references in this information to non-IBM Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products.All of these names are fictitious and any similarity to the names and addresses used by an ac tual business enterprise is entirely coincidental. Trademarks IBM, the IBM logo, and ibm. com ® are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol ( ® and â„ ¢), these symbols indicate U. S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at Copyright and trademark information at www. ibm. com/legal/copytrade. html Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries. Java and all Java-based trademarks and logos are registered trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Linux is a trademark of Linus Torvalds in the United States, other countries, or both. UNIX is a registered trademark of The Open Group in the United States and other countries. Other company, product, or service names may be trademarks or service marks of others. 18 Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Printed in USA

Night Vision Technology

NIGHT VISION TECHNOLOGY 1) Introduction 2) Definition 3) Types of Night Vision Technology 4) Night Vision Devices 5) Generation 6) Application INTRODUCTION Night vision technology is basically allows us to saw in night. It is originally developed for military use. All humans have very poor night vision as compare to other animals. With the poor night vision we cannot see a person standing over so far away (many miles) on a deep dark cloudy night. It is first time invented for military purpose to see the enemy in deep dark and target them easily. The german army gave the idea of night vision and from that time it is fastly develops so strong. They gave the idea in 1935 and start working on it so fastly to cover all battle condition in night time. Then they develop night vision items in their rifles and in other necessary materials of battle field. From there this technology is grown up and all other countries also make sure to use this technology and also to modify this according to their need. These all equipment are use in camera (either simple or in gun front) for the purpose of hunting at night time and in battle affected areas. But they are so advance technology made up of. Then with the help of this equipment they are visible clearly in front of human eyes as in full light to saw it clearly. Today also in houses security and high alert situation these technology is used in vast for the purpose of safety. DEFINITION The definition of night vision technology is basically the detail of its work that how this technology work and what is this in real word. Every one defines it in their own word of experiences, but in my opinion its definition is not its word of expression but its definition is expressed as:†Night vision technology is basically the ability to see things in dark night condition. (Whether by biological or technological mean).Night vision is the combination of two approaches. TYPES OF NIGHT VISION TECHNOLOGY There are two types of night vision technology: 1) Biological Night VisionSome animal like cat and deep sea animal can see in night because they are tissue present in their eye which is called tiputem lucidum. Which is present on the back side of retina? But this layer is not present in human eyes, thus they cannot able to see in night. They need to use some material to saw in night. RODOPOSIN is use for night see. This is a chemical. With help of this chemical human can see for few hours in dark and deep night. Biological is even God gifted senses in humans and animals, by which they saw things in night. These senses are used for night vision. Commonly green eyes of human have the ability to see in night and even in dark night. These all are the naturally created senses in humans and animal eyes. 2) Technical Night VisionTechnical night vision is working in two different ways.In this type of vision many lens are used to achieve pictures in night time. All the material use for this is released specific type of electron which is felt on the picture and they capture the same picture and show on the front of human eyes. Then they saw easily all the things in dark night. As same in the war situation the advance developed material for night vision is used to see the enemy easily in night and mountain dark then with the help of this advance technology they hit the enemy on exact target. Simply technical vision technology is those devices include in which advance technique is used to able one to see in night time in deep dark. Night Vision DevicesNight vision devices are called observation equipment. They observe and detect the pictures and other things in dark night. It is also some time known as night vision goggles. It does works as: the light from night vision excrete and felt on the targeted area this particle is made up of photons which includes all the colors. Then they reflect back and entered in the lens and the whole area is seen to be visible in dark, but it is so sensitive case. Its the same as we see in the games which is made in night scenes. There the whole environment is dark but we clearly saw the targeted area of enemies.All devices which are uses in night vision is shown below: these all devices is used in night time. GENERATIONS 1) 0 GENERATION: The early generation was establishing in (1950-1955) which is not in complete vast Form. 2) 1st GENERATION: In the first generation tubes are used in the equipment in series. They work so will. They also work so perfect than 2nd and 3rd generation. But one defect is present in this generation that the image is show clear at the center but it can distort at all its adages. This heaviest and largest one of first three generation, later is modified and the name has change in other generation. 3) 2ndGENERATION: This generation was made in (1970-1972).A high micro channel plate is used in it. And it is also called high electron multiplier. They also magnify the image in clear form. Its magnifier and resolution is under well developed technology. These channels are built from millions of microscopic hollow glass, and each glass is of 0.0125 in diameter. Sensitive lenses are used in it; they detected the images by its sensitive wavelength. 4) 3rd GENERATION: the previous generations are made advanced and name as 3rd generation. The advancement take place in (1971-1978).the photocathode rays is used in it as an ion barrier. Then they detect images from far distances clear in dark night. It is much better than firstly built generations but not perfect because further development take place fastly in very day life in advance technology world. 5) 4th GENERATION: The American army made advance the 3rd generation with highly developed photocathode lenses and rays and made sure the work of these devices to detect all images in deep dark night clear at center and all of its edges. The ion barrier is also removed which is used in 3rd generation for the purpose to finish the background noise. The switch on and off system made sure rapidly. This generation is used all over the world because it is well developed equipment at all. Higher magnifying lenses are used in it. They are full of all needed and advanced technology materials. APPLICATION The main purpose of night vision technology is to detect enemy target in dark night. Security officers, police officers and also investigating officers use night vision technology broadly according to their need. They trace their position and places in dark night and then perform action on it. Application of night vision is as under below: I. For hunting purposes II. For military purposes III. For security purposes IV. For law enforcement V. For entertainment VI. For navigation purposes VII. For hidden object detection VIII. For surveillance IX. For wildlife observation X. And for automatic brightness control purposes.

Ampalaya Coffee Essay Example for Free

Ampalaya Coffee Essay This investigatory project aims to prepare and also to make a coffee from the â€Å" Ampalaya Seeds†. We know that Ampalaya or also known as Bitter melon is known for as its bitterness and astringent taste , the bitter melon can see everywhere. This investigatory project encourage us students to make a coffee, as an alternative product . This study was conducted to determine the feasibility of the ampalaya seeds as coffee. The researchers used powdered Ampalaya seeds in this study. After researching and collecting the raw materials, the researchers were able to begin the experimentation. The coffee was obtained by drying, grinding, and roasting the seeds of ampalaya, and boiled. After boiling, the coffee was manually extracted with the use of a clean cloth. The study focuses on producing coffee out of ampalaya seeds. It does not aimed to determine which coffee (ampalaya seeds vs. commercial coffee) has more nutritional value or which is more nutritious. II. Acknowledgement. We would like to thank to the following person that are help us to start and to continuing this our Investigatory Project ,including the following to our ALMIGHTY GOD that help us and give us strength and knowledge to explain the main idea of this investigatory project . To our parents and also our friend who give us supports to finish our Investigatory Project. For our parents that supplies our needs , including the financial needs . THANK YOU !!!!!! Chapter 1: Introduction In our modern generation , many people in our country used coffee especially our grandparents and also our parents. Coffee is known as beverage to the majority of the people. It is known for its stimulating effect on the functions of the brain , thus making the drinker active . Variants of coffee flavors were already produced all throughout the world aiming for the discovery of alternative sources of coffee production . The coffee from ampalaya seeds help us to earn and save money . A. Background of the study Coffee alternatives have been famous since the last two decades due to economic crisis and experimentations for health and medical benefits. Any seeds that are edible when powdered can be used as an alternative source for coffee. The difference of the generic coffee from the seeds of the coffee plant from those of the alternatives is that it has a good amount of caffeine content. The similarity you can find in the alternatives and those of the original is that seeds contain carbohydrates which cause the aroma in roasted coffee. Ampalaya, on the other hand, is a crawling vine that grows mostly on tropical countries like the Philippines. It is said to be rich in iron, potassium, beta-carotene and other nutrients. It is also famous in treating diabetes because of its properties like polypeptide-P; a plant insulin that can lower blood sugar levels. Many researches on agricultural food chemistry convey that it provides nutritionally significant amounts of nutrients, minerals and amino acids that are needed for life. B. Objectives of the study B1. General Objectives 1. To determine if the ampalaya seeds have considerable characteristics of the products in terms of color, aroma, taste, and acidity. B2. Specific Objectives 1. To produce coffee using ampalaya seeds as the main ingredient. 2. To determine and compare the levels of acceptability of the coffee samples. C. Hypotheses NULL 1. There is no significant difference among the different ampalaya coffee samples developed in terms of their color, aroma, and taste. ALTERNATIVE 1. There is no significant difference among the different ampalaya coffee samples developed in terms of their acceptability. D. Significance of the study Momordica Charantia or ampalaya seeds contain iron and folic acid which are essential for the production of the red blood cells and the formulation of hemoglobin and myoglobin. Coffee is usually drunk hot, black or with cream and sugar and also drunk cold as iced coffee, specially summer. People are used of drinking coffee every morning to warmth their body and at night to avoid being sleepy. But coffee contains a stimulant called caffeine. The result of this will determine if the coffee made from ampalaya seeds can be use as a substitute for the commercial coffee. This study aimed to produce coffee using ampalaya seeds as substitute. The study was important because ampalaya is abundant in the Philippines. The product may be an anti-diabetes coffee but it is not the main concern of the study. Everybody can benefit of the result of the study unless a coffee drinker. It would recycle the ampalaya seeds instead of being thrown away which a lot of people consider it as waste. E. Scope and limitation The proposed study was limited to producing coffee out of ampalaya (Momordica charantia Linn. ) seeds. Three samples were prepared with different ampalaya seed concentration and same amount of water for comparison purposes in which one of the samples was pure commercial coffee. The samples were processed by the basic methods of making coffee: roasting, grinding, and brewing. Ampalaya Coffee. (2017, Mar 08).

Death penalty Essay Example | Topics and Well Written Essays - 1250 words - 5

Death penalty - Essay Example The turmoil experienced in prison makes the place a hellhole and is good enough to serve as punishment for the law breakers. The only life giver-and-taker is believed to be God in terms of religion. Anyone who takes away life therefore, including the owner, serves as a sinner as per the Decalogue. Involving death as a form of punishment therefore is not even close to the right way of correcting. Across all states, there ought to be revisions in case any has adopted capital punishment for criminals. They need to revisit how valuable life is, how irreplaceable it is, and how holy it is believed to be. Never can one be rectified by killing them. It is of no good to them when they are already dead (Should Death Penalty allowed, n.d). My view is in contradiction with the death penalty as it offers governments rights to kill. One of the human rights is the right to enjoy the gift of life. Under no circumstances therefore should an individual be denied the privilege to live. If it is correction for moral uprightness, it cannot be done by subjecting the individual to death. A dead person does not suffer any consequences. It does not make sense when the state tries to do away with a problem by acting more of the same problem. It would be more logical if these murderers and other law breakers are allowed to live as changed souls that will influence change in other citizens with the same intentions. Let the state induce a better way of rectifying the character then allow them to influence change to society. Cases have been witnessed of the worst law breakers turning a new leaf only to become the best preachers. Their testimonies end up to be the best weapons in reaching out to the unnoticed criminals and drawing them t owards becoming best vessels of honor. Even the government itself cannot make the impact towards change of character that one redeemed criminal could make if given the chance.

Week Seven Discussion Topic Essay Example | Topics and Well Written Essays - 500 words

Week Seven Discussion Topic - Essay Example Lastly, people should understand the diseases that affect the human anatomy like Fibromyalgia so that they can be able to take necessary precautions to prevent them. Wrinkles affect how people look and how others perceive of them hence, scientists have researched on how Botox toxin can be utilized for treating wrinkles (â€Å"A Guide to Skin Care†). Exercise and diet as a very common topic in today’s society, and nutritionists have advised on their use so as to benefit the body (Sukovaty). Tropical treatments have been used over the years and some doctors have suggested their advantages, and why they should be used for treatment of skin disorders (Shailesh). Finally, Fibromyalgia is a very confusing condition and various attempts have been made to demystify its causes hence, it is said to be brought about by various factors (Harvey). Botox treatment for facial wrinkles involves the use of injections to paralyze and block some muscles and nerves on the face. Botox is extracted from food poisoning bacteria that affect the human body. Zelickson highlights that this bacteria can be purified and used in the treatment of wrinkles and other similar ailments through injection of muscles. In my opinion, I think Botox treatment is appropriate for treating wrinkles. This is because the results of treatment are experienced starting from the third day of treatment. Secondly, this method seems to be harmless to other body parts because it only affects the skin muscles, which are injected, or are wrinkled, and not the whole body. The treatment is also a lifestyle treatment because it is optional and the procedure can be repeated after some months. Lastly, this method has no known permanent side effects to doctors and hence, this makes it a safe method with no fear, unlike other suggested methods. Healthy living can be determined by how an

Word of God (The attributes and the perfections of God) Essay

Word of God (The attributes and the perfections of God) - Essay Example However certain Scriptures do make reference to physical features, this is called anthropomorphisms, and should not be taken literally (Swindoll p.180). In addition to God being spirit, he is described as "living and true God" (1 Thessalonians 1:19). God is life itself. Therefore, knowing God is life. He is also eternal. Isaiah referred to God as the "everlasting God" (Isaiah 40:28). God is not bound by space or time, He is endless; God has always existed and always will.Knowing God is eternal, it brings us peace to know the power of God, God manifests His power through one of His perfections known as omniscience, and this means 'God knows all'. God sees everything in present tense without effort. He knows the past and future as present (Swindoll p181). God is all powerful or omnipotent as has been rightly stated, "The voice of the LORD is powerful" (Psalms 29:4). The whole universe was created upon the spoken Word of God. One of the greatest displays of omnipotence is salvation (Rom ans 1:16). "I am not ashamed of the Gospel, because it is the power of God."Understanding God's power in creation is important, but we must recognize that 'God is active in His creation, but is not to be identified with it' (Swindoll p.183). Failing to understand this distinction could lead to Pantheism. God is omnipresent, He is everywhere at once but not diffused throughout the universe as pantheism teaches. Another attribute that gives believers security is the fact that God never changes. Believers can always stand on the promises of God. God is completely self-existing, He is free and independent; there is nothing he needs that we might offer. God's attributes are impossible to list, therefore we know God is inscrutable; there will always remain aspects of God that are a mystery beyond our comprehension (Swindoll p.185). God is always faithful. This gives us peace to know. Man will disappoint us but God's faithfulness will never fail. In addition to God's faithfulness, He is truth; God can never break a promise or lie, this goes against who he is, 'truth'. God is a Holy God, because Holiness is who He is. Therefore, he is completely separate from all that is unholy. God has shown love for man by sending His son as the ultimate perfect sacrifice so we may be seen righteous before a Holy God. John declared, "Jesus Christ, the Righteous one" (1 John 2:1) without the blood of the Righteous one, man would be hopeless. God's faithfulness means that He is completely dependable and will never let us down. There is a promise in the Word of God that speaks of God's faithfulness (1 Corinthians 10:13). "And God is faithful; He will not let us be tempted beyond what we can bear. But when you are tempted, He will also provide a way out so that you can stand up under it." Many times when God wants to build our faith he has to break us down. This breaking down of oneself is how we continually understand that we must depend on Christ for all things. Mercy is another wonderful moral attribute of God. God's mercy is not achieved by human efforts,

Benito Mussolini Research Paper Example | Topics and Well Written Essays - 1250 words

Benito Mussolini - Research Paper Example While going to school, Benito rebelled against various issues. Rosa, his mother had insisted he go to this school which was operated by Catholic Monks. However, Benito’s behavior ridiculed the school’s rules and as such he was expelled. Benito’s father believed that the Roman Catholic Church was Italy’s biggest enemy, and he embedded this belief into his son which he solely agreed with. Benito showed improvements at his other school and continued on this pathway and became a teacher. Despite this, Benito’s passion was in politics. At the tender age of 19, Benito fled Italy for Switzerland to avoid military service. There in Switzerland, he met other Italian socialists and gained employment as a bricklayer and became a member of the Trade Union. Just one year later, at the age of 20, in 1903, Benito was expelled from Switzerland for suggesting a general strike. Benito then travelled to France but eventually went back to Italy to complete his military service. To be more precise, he went to Trentino north of Italy which was ruled by the Austrians. However, sooner than later, Benito’s beliefs caused him to be kicked out of Trentino in 1909. Austrian authorities described him as a trouble maker because he encouraged trade unions and launched attacks on the Catholic Church. Afterwards, Mussolini travelled south to Po Valley, where he advocated for farmers to get better salaries. He was appointed Secretary of the local Socialist Party in Forli and Editor of the socialist newspaper â€Å"La Lotta di Classe†. Since his return from Switzerland, Mussolini worked extensively as a journalist and a social activist at the same time. Later he became an Editor for the Avanti. Mussolini resigned his post as Secretary for the Socialist Party in Forli because they advocated support for the allies in World War I. Benito served in the Italian Military when Italy entered the First World War and Benito held the rank of Corporal in the Army. Mussolini was injured during the war and immediately upon his return to Milan; he decided to edit the right-wing â€Å"Popolo d’Italia†. It is probably safe to assume that the effects of the war transformed him from a socialist to a ruthless fascist. He was hungry for power and he was going to get by freewill or by force. Following the war, Mussolini carried out a myriad of activities influenced by Fascism and his many other beliefs. â€Å"The defining features of fascism are nationalism (including economic nationalism), corporatism (including economic planning), totalitarianism (including dictatorship and social interventionism), and militarism†. 1 He attacked Vittorio Orlando (Italy’s Prime Minister at the end of World War I) for his futile efforts in pursuing Italy’s objectives at Versailles Peace Treaty and aided in the compilation of the right-winged groups into the Fascist Party. Right-winged political individuals are a form of governme nt who believe that the individuals are more important than the country. â€Å"Right wingers believe in formal equality. They believe that everyone should be treated equally under the law and should be treated equally by government. Examples of right wing formal equality include equal pay for equal work and civil and political rights.† 2 Out of fear for more bloodshed, he was appointed Prime Minister by King Victor Emmanuel III in 1922 after the â€Å"March on Rome†. Mussolini’s fascist party â€Å"Black Shirts† made his rise to power rapid. By the time of Hitler’

WORKPLACE TRAINING Research Paper Example | Topics and Well Written Essays - 1000 words

WORKPLACE TRAINING - Research Paper Example The term is used in a widespread manner in various organizations these days and is one of the vital phenomena for the success of the workplace. Training pertains to the obtaining of skills, knowledge, and competencies as an outcome of the practical or vocational skills and the knowledge that refers to the particular functional competencies. Training at workplace relates to some special goals such as enhancing an individual’s performance, capability and capacity. It builds the basis of apprenticeships and links with the provision of the fundamentals of employee improvement at the organizations. There are various types of training methods and the primary determinants of these types are associated more to the organization’s distinctiveness than to the characteristics of the individual worker. For instance, there are more formal training types provided in the larger organizations than the training modes available to employees in the smaller companies. The small-scale organizations normally encourage employees to engage themselves in self-training. Moreover, it has been observed that the organizations that stress upon the development of employees’ skills offer more diverse opportunities of training than the companies which do not. Moreover, the organizations which possess a greater degree of unpredictability in the software environment are more likely to provide on-line training. The workplace training is an important element in the employee grooming, retention as well as satisfaction. It increases the employee’s commitment to the organization and develops their physical, cognitive and spiritual dimensions. Besides this, training is a significant aspect because it is aimed upon enhancing the employee performance, and contributes towards the organizational flexibility by adapting to the altering external and internal corporate environments. The training process at organization not

The Dynamic Interaction of Language, Communication and Culture Essay

The Dynamic Interaction of Language, Communication and Culture - Essay Example This research will begin with the statement that the modern world is marked by pluralism. And one prominent sign of this is the existence and presence of diverse languages which are utilized in the process of communicating with one another. However, language and the process of communication are not neutral. Rather, it is highly shaped and influenced by culture. Being such, differences are observable across cultures in its language and communication, thus creating boundaries or separations among and between cultures. In order to bridge this gap, our period has entered into intercultural communication wherein language, communication, and cultural barriers are consistently addressed and re-assessed with the hope of reducing miscommunication and misunderstanding to the bare minimum if not totally or fully eliminated. Thus, the notion of intercultural communication serves both as a challenge and as an ethos that guides our interaction with others in a pluralistic, globalized world. In lig ht of this ideal, this paper intends to look into the dynamic interaction of language, communication, and culture by looking into a case study. Likewise, we are going to use some of the principles of intercultural communication in the analysis of a case particular case, and hopefully, in the end, present some approaches or suggestions that may help in addressing the problems raised and perceived in the by the case analysis. The intertwined relation of language, communication, and culture has long intrigued humanity. However, what has been undeniable is that these three factors play a very significant and important role in the understanding of the nature of a human person and their interactions. The ability to formulate language is said to be distinctively a human activity.

Bad Grades Essay Example for Free

Bad Grades Essay I am writing to offer an explanation for a change in academic performance that is noticeable on my high school transcript. From the start of my freshman year until the end of my junior year, it is evident through analysis of my transcript that I have been an above average student consistently throughout my high school career. However, starting at around August 2010, problems arose in my family of which I believe made it impossible for me to continue my 100% focus on school. Halfway into my senior year, my father was laid off from his job. Since he was the only source of income at that time, our family of five was forced to move from our comfortable lives at our four bedroom house into our grandmother’s two bedroom house. This was a drastic change for all of us, as we have never shared a house with anyone, especially one of this size. I no longer had a room in which I was able to do my schoolwork in silence. This drastic change, I believe, interrupted my focus on school because of the attention it required from me. During my first semester I was often required to miss school by my parents, reason being that I had to help out in the movement process and had to visit an ill uncle out of town. I take full responsibility of my underperformance during the first semester of my senior year and am not look to make excuses. My main goal in making this letter is just to offer insight on what it is I believe influenced my underperformance. I sincerely ask you to consider me as an applicant and to not let this recent semester define me as a student. I greatly appreciate your time in reading this letter.

Tourism Sectors: Effects On The Dominican Republic

Tourism Sectors: Effects On The Dominican Republic I am trying to answer the following question of the extent to which tourism has had a positive effect on the development of Dominican Republics economy, environment, and cultural change. I decided to research tourism in the Dominican Republic because I traveled there last year in March with my graduating class. I stayed in Punta Cana at a beautiful all-inclusive resort. I had a wonderful time there and experienced the magnificent beaches as well as amazing hospitality. In this paper I will argue that tourism does not benefit the majority of people and in fact third world tourism can be measured up to colonialism. The tourism industry in the Dominican Republic has had a positive effect on economic development however in effect the environment and cultural changes are suffering. I will argue this by first looking at tourism as a developmental strategy and the increase of foreign tourism, which presents clear economic benefits. Secondly, I will demonstrate the environmental issues and threats to the ecosystem that have started to arise because of the great number of tourists. Thirdly, I will look at the cultural changes that have evolved such as the increase of prostitution and sex tourism. Background Information The Dominican Republic (DR), due to its spectacular beaches and landscape has developed along different parts of its territory that are mainly devoted to tourism. The Ministry of Tourism is responsible for ensuring the endorsement of tourism in the Dominican Republic and the agreement with the provisions of the Organic Law of Tourism.  [1]   According to the Central Bank of the Dominican Republic, there have been dramatic increases in foreign tourism. In 2010 alone there have been 4,135,480 tourists that arrived by air. 3,189,306 of which have been foreigners, most of which were from North America. Tourism revenue increased rapidly in the 1990s, more than doubling from 1992 to 1997, when it reached $2.1 billion. The Dominican Republic was one of six Caribbean countries that in 1992 earned more from tourism as a share of their exports than from any other sector.  [2]  Tourism in the Dominican Republic, as in other developing countries has an interplay of inequality with visitors from rich countries dropping in on the poor. The Caribbean is more tourism centered than any other part of the world. In some smaller islands, tourism threatens to become a new monocrop economy leaving countries dependent on tourists. Definition of Terms Tourism has been described as the new colonialism. As said by author Srisang,Tourism, especially Third World tourism, as it is practiced today, does not benefit the majority of people. Instead it exploits them, pollutes the environment, destroys the ecosystem, bastardizes the culture, and robs people of their traditional valuesIn other words, tourism epitomizes the present unjust world economic order where the few who control wealth and power dictate the terms. As such, tourism is little different from colonialism  [3]  The DR is seen as a prototype for enclave tourism, which means that they maximize economic benefits and limit social and environment impacts by concentrating investments and visitors to a small geographical area.  [4]  These all-inclusive resorts provide everything so there is no need to leave the resort complex. Connections to the Course This topic connects to the course in many ways. Firstly, the Dominican Republic has been getting help from the IMF and World Bank for years now. The World Bank created a commitment to tourism as a development strategy for developing economies. Secondly, we can look at Wallersteins world system theory, which is arranged according to influence: core (most dominant), to semi-periphery, to periphery (least dominant). The DR is a semi-periphery because it is industrialized third world nation but it lacks the power and economic dominance of the core nations. Thirdly, Andre Gunder Frank argued that rich colonial (metropolitan) powers acquired wealth through exploiting weaker (satellite) countries such as the DR. Finally, enclave tourism at the national level is frequently seen by the native population as a form of neo-colonialism.  [5]  Enclave guests are basically segregated from the local culture and from the local informal sector, which includes vendors, drug dealers and prostitutes. This inevitability creates a wall between the guests and the locals and the bigger issue is that it prevents economic benefits from these resorts to actually going back into the community.  [6]  A case study was done in Luperon, Dominican Republic, a small community with no prior experience with the tourism industry. The study found that the natural flaw of enclave tourism as a form of development in this area was that the management of the enclave resort wanted to reduce economic exchanges between tourists and local businesses in order to increase resort revenues.  [7]  There is an issue with the distribution of profits from these resorts because the local communities are not seeing any improvements. Tourism as a Developmental Strategy Although there are numerous tribulations with tourism in the DR, there have also been a lot of positive effects. In 2010, the Dominican economy showed a strong recovery by growing 7.5% during the first half of the year.  [8]  This is partly because of their trade exports such as cocoa, coffee, and tobacco but mostly because of tourism profits, which reached nearly US$3.2 billion in 2004.  [9]  Over the last four decades, the World Bank has had a strong commitment to tourism as a development strategy for many developing economies. In return, the Dominican economy has had a very dynamic growth largely dependent on tourism. Hotels drive most tourism and the all-inclusive appeal of everything being free along with attractions and activities as well as nightly entertainment. This increases the targeted audience to couples, families, teenagers and elders because there is something for everyone to do. The DR also has natural assets such as the climate, that is always warm and it rar ely rains which entices tourists. Also, the Dominicans tourism tax policy is important because it has one of the lowest taxes in the Caribbean, which allows them to get extra revenue from tourists.  [10]  We can see that the economy has increased and grown in many ways, however one cannot just focus on the economy. We must look at the environment and social impacts and analyze how they have been affected by tourism. Environmental Impacts The environment and sustainability can often be under looked when judging the success of tourism because the economic benefits are usually the first to be looked at. Despite the economic success the DR has had, it faces a series of problems related to its rapid growth. For example, insufficient supplies of clean water and electricity, combined with slow construction caused by shortages of materials that has forced some vacationers to leave early because of unsuitable living conditions. The Dominican Republic has environmental issues in the areas of deforestation, water supply, and soil erosion and as the eroding soil goes into the sea, it in effect damages the nations coral reefs. Negative impacts from tourism occur when the level of visitors is greater than the environments ability to cope with this use, also known as carrying capacity. The UN sources report that as of 1993, the nation was losing 20,000 hectares per year of its forestlands largely because of business interests.  [11]  The destruction of trees was forbidden in 1967 to try and fix the harsh effects of the forest destruction. However, many farmers continue to cut trees secretly to make more land available for development. Water pollution is also an issue and it results from the effects of mining along with industrial and agricultural sources.  [12]   In addition there are endangered species in DR, some include the tundra falcon and three species of sea turtles. As a result of the rapid urbanization, the environment started to be greatly affected. Water resource management issues associated with tourism include, dumping of untreated wastewater and solid waste along the coast, overexploitation of groundwater, destruction of forest cover, and over fishing of coral reef and marine species. Sustainable development is what the country needs, which is development that meets the needs of the present without compromising the ability of future generations to meet their own needs. Social and Cultural Impacts There have also been impacts of tourism on the rural livelihoods of the Dominican locals. The impact has generally been good, with an increase of household income along with increased job satisfaction. The rapid and rigorous development of tourism also results in different and usually less favorable consequences than small-scale development. Cultural clashes may arise through economic inequality or job level frictions. The clear relative wealth of the tourists often leads to unfair exploitation on the hosts side. One might add to these concerns the danger that tourism may lead to the commercialization of human relations.  [13]  Tourism often fails in promoting mutual understanding among different nations and stereotypes prevail. The tourist-host relationship is often restricted by space and time constraints. Tourists often fail to respect local customs and moral values, either out of ignorance or carelessness. Also, the profitable sexual exploitation of children and young women h as matched up to the growth of tourism in many parts of the world. While tourism is not the cause of sexual exploitation, it provides easy access. Tourism also brings consumerism to many parts of the world, which before had no access to luxury services. The allure of this easy money has caused many young people, to trade their bodies in exchange for numerous different bits and pieces. Responsible Tourism We hear this term of being a responsible tourists quite a bit. What is meant by it is that we as tourists should respect the people who are working at the resort, be culturally aware and having a low-impact. The street vendors in the market are normally the last to see the financial rewards of the all-inclusive, mass in the DR so paying the tourists price is not so much a bad thing. We as tourists have the privileged attitude of being able to give something back directly to the people because we are in constant contact with them. In addition, it hardly needs saying that tourists should pick up litter, refrain from uprooting plants and coral, and use energy resources such as water and electricity efficiently, which are scarce in the DR. Conclusion After looking a great deal of articles and websites, I would have to say that tourism in the Dominican Republic has done more harm than good. In my opinion, the detrimental environmental and social impacts of third world tourism are more of a concern than economic benefits. There will always be a demand for tourism in the Dominican however if the supply of beautiful and clean beaches, water and local hospitality is not available then tourists will change their vacation plans. The implications of my findings are that, tourism and tourists impinge on the local environment and traditional customs of Dominican workers. This is important to realize because from knowing and understanding this we can move forward by changing our ways. Acting as a tourists should by not putting a strain on the environment and being more culturally tolerant. Just because we are on vacation does not mean our values should fly out the window. There are always implications to our behavior and it is time that we become responsible tourists. Britton, S.G. (1982) The political economy of tourism in the Third World Annals of Tourism Research 9: 331-38. Debbage, K.G. (1990) Oligopoly and the resort cycle in the Bahamas Annals of Tourism Research 17: 513-27. Dominican Republic Environment, Encyclopedia of the Nations [Online] [Accessed Febuary 15th 2011] Available: Freitag, T.G. 1994. Enclave tourism development: for whom the benefits roll? Annals of Tourism Research 21: 538-54 Kiskeye Alternativa. 1999. Tourism Development in the Dominican Republic: Growth, Costs, Benefits and Choices New Jersey, USA: Rutgers University. (http://kiskeya-alternative.org/publica/afuller/rd-tourism.html) [Meritas Lawyers]. 2010. Doing Business in Latin America and the Caribbean. Minneapolis, US: Meritas Meyer-Arendt, KJ., Sambrook, R.A. and Ker-math, B.M. (1992) Seaside resorts in the Dominican Republic: a typology Journal of Geography 91: 219-25 Srisang, K. 1991. Third World Tourism- The New Colonialism In Focus (Tourism Convern) 4:2-6

Discuss the use of imagery in the three metaphysical poems we have :: English Literature

Discuss the use of imagery in the three metaphysical poems we have studied as a class. In the three metaphysical poems The Flea, To His Coy Mistress and A Valediction Forbidding Mourning; all have used unusual objects in their imagery, these objects are not usually associated with the subject matter so they get the poets point across in a bizarre style. All of the poems have similar themes and are all trying to persuade the women in them to co-operate with their needs in one way or another. All the poems deal with love, which is where the metaphysical aspect of the poem is portrayed. Metaphysics is a branch of philosophy that deals with the first principles, in particular Ontology ('being') and Epistemology ('knowing'), and that is concerned with the ultimate nature of reality. Metaphysical poets were a group of early 17th Century English Poets whose wok is characterised by ingenious, highly intricate wordplay and unlikely or paradoxical imagery. They use rhetorical and literary devices, such as paradox, hyperbole and elaborately developed conceits, in such a way as to engage the reader by their sheer outrageousness. In A Valediction Forbidding Mourning, a compass is used as the imagery. The poet is saying that he is at one point of the compass and she, his lover, is at the other and no matter how far he moves away they are still joined together. But when the lovers are together the points of the compass come together and the compass grows erect, this closed compass is an image of his erect penis. This image that the poet uses is to say to her that she need not worry because she is the only woman for him. At the top point of the image of the compass joining the man and woman together there is also a hidden picture of an eagle, "Like gold to ayery thinnesse beate." The 'ayery' in the quote is shaped to be seen as the word aviary which gives the idea of birds. When the illustration of 'gold' is mentioned before this, the two visual representations are combined to create an image of a golden eagle. The golden eagle is seen as a symbolic figure of strength and importance and within this text the poet is saying that the eagle is watching over them and protecting their love. The poem also brings up the subject of "Moving of th'earth brings harmes and feares," this is when the world was debating as to whether the earth was the centre of the universe. This caused a huge uproar in society because it shook peoples' beliefs. It is a sexual image and Discuss the use of imagery in the three metaphysical poems we have :: English Literature Discuss the use of imagery in the three metaphysical poems we have studied as a class. In the three metaphysical poems The Flea, To His Coy Mistress and A Valediction Forbidding Mourning; all have used unusual objects in their imagery, these objects are not usually associated with the subject matter so they get the poets point across in a bizarre style. All of the poems have similar themes and are all trying to persuade the women in them to co-operate with their needs in one way or another. All the poems deal with love, which is where the metaphysical aspect of the poem is portrayed. Metaphysics is a branch of philosophy that deals with the first principles, in particular Ontology ('being') and Epistemology ('knowing'), and that is concerned with the ultimate nature of reality. Metaphysical poets were a group of early 17th Century English Poets whose wok is characterised by ingenious, highly intricate wordplay and unlikely or paradoxical imagery. They use rhetorical and literary devices, such as paradox, hyperbole and elaborately developed conceits, in such a way as to engage the reader by their sheer outrageousness. In A Valediction Forbidding Mourning, a compass is used as the imagery. The poet is saying that he is at one point of the compass and she, his lover, is at the other and no matter how far he moves away they are still joined together. But when the lovers are together the points of the compass come together and the compass grows erect, this closed compass is an image of his erect penis. This image that the poet uses is to say to her that she need not worry because she is the only woman for him. At the top point of the image of the compass joining the man and woman together there is also a hidden picture of an eagle, "Like gold to ayery thinnesse beate." The 'ayery' in the quote is shaped to be seen as the word aviary which gives the idea of birds. When the illustration of 'gold' is mentioned before this, the two visual representations are combined to create an image of a golden eagle. The golden eagle is seen as a symbolic figure of strength and importance and within this text the poet is saying that the eagle is watching over them and protecting their love. The poem also brings up the subject of "Moving of th'earth brings harmes and feares," this is when the world was debating as to whether the earth was the centre of the universe. This caused a huge uproar in society because it shook peoples' beliefs. It is a sexual image and

Thomas Hardys Jude the Obscure Essay -- Jude the Obscure Essays

The disposition and temperament of a character is revealed to a reader by the author throughout any work of literature, but a vast portion of the characterization occurs in specific instances at certain key points in the plot of a novel or play. This excerpt about Jude and Sue, from Thomas Hardy's Jude the Obscure, exposes significant insights into their true intentions and emotions of themselves, others, and life in general. This author engenders a unique persona for each of the inhabitants of these two houses by utilizing a forlorn tone and gruesome diction, alongside symbolism that emulates the current situations in which the two characters find themselves ensnared. In the beginning, the author introduces the characters simultaneously, each with an equally "lonely and disheartened" mood enveloping them(lines 2, 3). The individual circumstances are overlooked in order to capture both of their forsaken feelings together, which leads the reader to envision a connection between the two; this foreshadows a possible surreptitious relationship, especially when he "question[s] his devotional model"(l.3). When he questions himself, he shows the signs of a low confidence level, which could reveal a low self-esteem and possibly an introverted, quiet personality; the semicolon that precedes this passage reveals even more about Jude, because it connects the "lonely and disheartened" tone around this part of the passage with his opinions about himself, leading to the conclusion that he does not trust his own judgment and has possibly made similar errors in the past(ll.2, 3). Jude watches the house as it "disappear[s] behind the night shade," mirroring his waning chances of encountering Sue, which further establishes his hidde... ...ned by an event that does not interrupt the plot but is just as effective at uncovering the actual meaning and connections in the plot itself. In the story about Jude and Sue, Thomas Hardy was able to interconnect the story of a rabbit and a couple in such a way that the significance of the scene was not detracted from, and he was still able to convey his point. He used diction that denotes confinement and a tone that captures the separation that Jude and Sue feel in order to reflect his actual thoughts on marriage, and he symbolized a very important interaction by way of a seemingly insignificant act in order to show a hidden but powerful connection. Through all this, Hardy fully exposes the nature and predicament of both Sue and Jude so that the reader is able to understand, and anyone can relate to the universal, core feelings expressed in this excerpt.