Is Anyone Here Using SElinux On A Web Server
Nov 6, 2009Is anyone here using SElinux on a web server?
If so, how hard was that to setup?
Is anyone here using SElinux on a web server?
If so, how hard was that to setup?
Has anyone wrote custom SELinux policies for their cpanel server?
View 1 Replies View RelatedMy server ping keeps disconnecting
However my ssh & website is smooth running!
When i type "service iptables stop", the ping runs just smoothly.
I have CSF installed in the server, like any other server using default configurations. I believe it has something to do with selinux? (or not?)
I am not expert in linux box.... Actually I have found a problem in my machine, our clients are not able to access their sites from server, when I checked the system log it was related to Permission Denied. Someone told me to disable SELinux enforcing, Now after that my problem resolved.
But I am curious that what exactly Selinux is and what kind of issue it may create for my box if I disable it?
I am having quite a challenge getting openvz to work on centos 5 with a adaptec RAID card.
The driver likes the plain jane kernel..but then...
Configuration [OpenVZ (2.6.18-8.1.14.el5.028stab045.1)]
***NOTICE: /boot/vmlinuz-2.6.18-8.1.14.el5.028stab045.1 is not a kernel. Skipping.
There is also another issue not being able to disable Selinux.
I have tried the normal routes and even attempted disabling it in rc.sysinit..still...this "security framework" is able to load it..and cause problems.
Openvz and SeLinux don't get along..even a little bit.
So..those are the two probably seperate issues...that prevent the poor server from booting.
I can't get SELinux to let httpd load the IonCube module for PHP. I've given the CentOS 5 forum a try (here: http://www.centos.org/modules/newbb/...15403&forum=42), talked with WHMCS's support (the app I'm using that needs it), and even opened a ticket with IonCube. Unfortunately nobody seems to know how to tell SELinux to let httpd "exec" modules.
I'm running CentOS 5, and the error I'm getting in /var/log/messages is:
Jul 23 10:15:30 host kernel: audit(1216833330.905:1249): avc: denied { execheap } for pid=22055 comm="httpd" scontext=root:system_r:httpd_t:s0 tcontext=root:system_r:httpd_t:s0 tclass=process
I can disable SELinux and it works fine (setenforce 0), but that's not the solution I'm looking for. Can someone please tell me how to do this the *right* way?
Is it possible to make these two work together? I can't seem to find any way to let Apache read /home/<username>/public_html without disabling selinux entirely.
I know you can do "chcon -t httpd_sys_content_t -R $HOME/public_html", but it seems like it would be a pain when adding users, especially if someone decides to delete their public_html and make a new directory.
Is it possible to create an exception to let httpd do whatever it wants?
I have changed the maildir in Plesk according to [URL] ..... Everything works like a charm, however selinux doesn't allow access to the new directory. That means we get a permission denied and no mail is received at the server anymore.
Old location: /var/qmail/mailnames/
New location: /mnt/bigstorage/mailnames/
tail -f /var/log/maillog:
Mar 2 13:38:42 srv2 postfix-local[5983]: postfix-local: from=example@example.com, to=example@example.com, dirname=/mnt/bigstorage/mailnames/
Mar 2 13:38:42 srv2 postfix-local[5983]: cannot chdir to mailnames dir /mnt/bigstorage/mailnames: Permission denied
If we disable selinux, everything works, however this is not the best practice.
How can I fix this error without disabling selinux?
Specs: centOS 6.6 (Final) with Plesk 11.5.30 #48
In the last updates I get this warning:
Updating: selinux-policy-targeted-3.7.19-260.el6.noarch 128/373
libsemanage.semanage_direct_commit: WARNING: genhomedircon is disabled.
See /etc/selinux/semanage.conf if you need to enable it.
/etc/selinux/targeted/contexts/files/file_contexts: Invalid argument
libsemanage.semanage_install_active: setfiles returned error code 1.
semodule: Failed!Click to expand...
I am trying to install Automation, and I keep getting an error after the "Getting SELinux" step, here is a log of the process so far:
Code:
[INFO]: Checking current user privileges...
[INFO]: Checking critical environment requirements...
[INFO]: Determining OS parameters...
[INFO]: Detected OS: CentOS-5-x86_64
[INFO]: Getting SELinux state...
[ERROR]: Unexpected error: ''
[Code] ....
I have tried running the installation on a different server and the same issue came up...
I've got a VPS which is serving as the main server for a number of sites. Web Server, SSH Server, and Mail Server.
What I've got running:
Apache2, PHP5, MySQL5, Dovecot, Postfix
One of the sites is a growing forum with a MASSIVE photo album. This is the site where I notice the most slowness.
Changing the server software is not an option - Only optimization.
Quote:
Originally Posted by httpd.conf
ServerTokens OS
ServerRoot "/etc/httpd"
PidFile run/httpd.pid
Timeout 300
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 5
<IfModule prefork.c>
StartServers 8
MinSpareServers 8
MaxSpareServers 13
ServerLimit 256
MaxClients 256
MaxRequestsPerChild 50
</IfModule>
<IfModule worker.c>
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>
Listen 80
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule info_module modules/mod_info.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule cache_module modules/mod_cache.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule cgi_module modules/mod_cgi.so
Include conf.d/*.conf
User apache
Group apache
Quote:
Originally Posted by my.cnf
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Default to using old password format for compatibility with mysql 3.x
# clients (those using the mysqlclient10 compatibility package).
old_passwords=1
[mysql.server]
user=mysql
basedir=/var/lib
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
I looked a lot - can not find solution ....
I want to transfer a file from [url]to [url]or [url]Without it will pass my localcomputer (slow upload)
It can be also a script i will install like this one - this is only for images
[url](remote)
I have Plesk 11.5 (service provider mode) on a Windows 2008 server IIS7.Most of my sites are developed in .asp and therefore i use a custom 500-100.asp error page that check s the IP of the visitor then displays either a friendly error, or if its my IP a full error of what has happened (it also emails me the error). This allows me to debug pages easily whilst developing and to keep an eye on anyone trying SQL Injection hacks on my sites (as the error and email also have session variables and IP address).I dont have root access to the server as it is a Webfusion dedicated server.I have following the Plesk documentation -
1) Switch on custom errors for the subscription
2) Look in virtual directories and navigate to error documents
3) Find the error in question (500:100) and change it to point at either a file or URL
FILE - I had the data centre add in the 500-100.asp error page in to the virtual template so that my page is available in the list of virtual files - this didn't work but that maybe because its not a static page??
URL - when i add the path it says its incorrect, if i add a fully qualified address, it accepts it but it doesn't work.give me a specific example of the URL that can be entered relative to the root as the format in the documentation isn't accepted. The last step is to restart IIS which is also an issue as i cant seem to do this from the Plesk panel..It is as if it isn't catching the 500:100 error, and only catching the general 500 error??
I am currently running Google Analytics/Urchin 5 (v5.7.02), on a server, the server has started to act up, (on its last legs etc) and now I am trying to transfer the Urchin Software to a new server, where it would work effectively.
However upon installing the urchin software on the new server and running it (localhost:9999), I am presented with An Action Items Page, and these following choices
Obtain Demo License
Buy License
Activate Pre-Purchased License
I choose ‘Activate Pre-Purchased License’ pop in the Serial number and complete the registration then…
---------------------------------------------------------
Urchin Licensing Center -- Error!
An error has occured during your transaction, please use the back button and correct the problem. The specific error message is:
• Unable to generate a license. Some possible reasons:
Your serial code is currently active <<< How do I disable it and use it on another server?
---------------------------------------------------------
So all I want to do is deactivate the serial and reactivate it on another server.
Does anyone have experience with this or a similar problem or have a solution to this problem. Any help be most appriciated.
Or even a Contact Number so that i can get some one over the phone!
This is the scenario, domain.com are setup on server1, however server2 also has the same profile of domain.com as we use ns3 and ns4 using domain.com. This works fine with the nameserver setup on server2.
However I encounter problems as the emails from server2 won't reach server1 as there are duplicate profile on server2.
My question is how do I setup the DNS in cpanel/whm from server2 so the emails from server2 will reach server1?
Server1 (www.domain.com)
ns1.domain.com
ns2.domain.com
Server2
ns3.domain.com
ns4.domain.com
I just want to use a server for file sharing, it will have nginx and that's it. I'm looking at centos, or freebsd, but I been using centos forever now and I'm not sure how to use freebsd, should I just stay with centos?
Do I tell my hosting provider to just install the OS and give me ssh action and that's it? Don't install any control panels or any other stuff? I want one domain and one subdomain on it though and ftp action.
Remote Spamassassin for Multiple Smartermail Server
I want to setup Remote Spamassassin(On Linux) for Multiple Smartermail servers. I want to the setup the spamassassin on a linux box
How i can setup this with multiple smartermail servers.
what is the fast and best way?
View 4 Replies View RelatedI'm wondering whether it is possible to perform a full server migration to a new Plesk server with the same hostname or will Plesk give an error about the hostname being the same?
The new server would not be accessible by hostname (only via IP) until DNS and glue records were changed after the migration.
I've been developing a small 2D MMORPG lately. I bought a VPS to run the server on a few days ago and sadly it doesn't work so well. Sometimes the loads go pretty high (afaik not caused by me) and MySQL freezes, causing the server to just wait for MySQL to unlock, hanging all the players around on the map. Not a good thing.
Anyway, the game is very small scale, and I'm not planning to have more than maybe 30-50 players online. It does not suck up much CPU, I had ~10 guys online and loads stayed down at 0.00 on the VPS box.
Problem with getting a dedicated is our very low budget. As I'm still underage and living at home hammering my pc and don't have any real incomes, we're talking numbers like $ 30 - $ 50 USD per month - it's really hard to find for that price in Europe.
Requirements:
Monthly payment, $ 30 - $ 50 / month, no setup (or very small setup, like $ 20)
10Mbit/s or faster connection, 100GB traffic should do
500MHz CPU is all cool
512MB or more RAM
5GB diskspace is enough
Has to be in Europe due to ping times (< 100ms)
Linux, Debian 4.0 prefered
If anyone knows where I could get something like this for a low price, $ 30 to $ 50 USD, it'd be great.
I have been searching everywhere trying to find a tutorial but It is not going anywhere. Basically I need to create 2 nameservers for Godaddy and pretty much so when i type http://mysite.com it goes to my site. I can access everything from http://myip and everything works. Now is there a step by step on how to actually do it in the DNS Manager? I need help like what IP address do I use is it the router ip? The external IP?
View 7 Replies View Relatedi want to shift my domain to one server to another server and the problem is how can i shift my email accounts data to one server to another server.
View 8 Replies View RelatedSite is currently running on a single code single cpu p4 server. Am thinking of upgrading to a quad core Xeon server.
My site is pretty dynamic with lots of hits to php / mysql, and has trouble keeping up with the requests sometimes. Would a quadcore Xeon significantly help?
Server Software:
Windows 2003 Server
php 5.2.6
apache 2
mysql 4.1
Current Setup:
P4 2.8 single core/cpu.
Proposed setup
Xeon 3210 quadcore
I guess my confusion lies in the following:
1. Can win2003 server make use of the quadcores?
2. Does php / apache / mysql make use of the quadcores?
3. Will i see a significant increase in the amount of pages i can serve?
I need to move an SSL certificate from a cPanel server to a Plesk server.
View 3 Replies View RelatedWhat is the difference between a virtual private server and a dedicated server?
View 8 Replies View RelatedI am going to be buying a dedicated server from kimsufi Most likely the 2XL Package.
My streamers will be using my server aswell, On weekends we will be running 3-4 streams at a time, weekdays 1-2 at a time.
Spreading all the streams out, at anyone time we will have 300 viewers.
I need to know your advice on this before i go spending money.
How do i convert my dedi into a flash media server, i need red5 or something, thats all i know so far. My streamers wil be streaming to server with FME, And i also want it coded so that my streams can only be embedded on my site.
Basically i dont have a clue where to start, how long would it take me to set up etc....
In addition, what kind of server do i need, windows / linux / traffic / burstable / standard etc..
I have a linux server for a video sharring site
The video encoder that I prefer to use will only work in a windows enviorment
The windows server would pass off the converted video to the Linux server.
Will a Samba server for Linux allow a Linux machine to connect and share files with a Windows machine work for this application.
Although it's probably a dumb question but can Linux and Windows exist on the same server?