I am not expert in linux box.... Actually I have found a problem in my machine, our clients are not able to access their sites from server, when I checked the system log it was related to Permission Denied. Someone told me to disable SELinux enforcing, Now after that my problem resolved.
But I am curious that what exactly Selinux is and what kind of issue it may create for my box if I disable it?
For mail server admins, do you enforce PTR (reverse dns checks) on incoming mail? All hosts know to have rDNS set on their mail IPs to ensure free-flowing outbound mail but do you also enforce the check on inbound.
And does anyone know of somewhere that shows stats on the state of net and what perecentage use PTR checks etc?
***NOTICE: /boot/vmlinuz-2.6.18-8.1.14.el5.028stab045.1 is not a kernel. Skipping.
There is also another issue not being able to disable Selinux. I have tried the normal routes and even attempted disabling it in rc.sysinit..still...this "security framework" is able to load it..and cause problems.
Openvz and SeLinux don't get along..even a little bit.
So..those are the two probably seperate issues...that prevent the poor server from booting.
I can't get SELinux to let httpd load the IonCube module for PHP. I've given the CentOS 5 forum a try (here: http://www.centos.org/modules/newbb/...15403&forum=42), talked with WHMCS's support (the app I'm using that needs it), and even opened a ticket with IonCube. Unfortunately nobody seems to know how to tell SELinux to let httpd "exec" modules.
I'm running CentOS 5, and the error I'm getting in /var/log/messages is:
I can disable SELinux and it works fine (setenforce 0), but that's not the solution I'm looking for. Can someone please tell me how to do this the *right* way?
Is it possible to make these two work together? I can't seem to find any way to let Apache read /home/<username>/public_html without disabling selinux entirely.
I know you can do "chcon -t httpd_sys_content_t -R $HOME/public_html", but it seems like it would be a pain when adding users, especially if someone decides to delete their public_html and make a new directory.
Is it possible to create an exception to let httpd do whatever it wants?
I have changed the maildir in Plesk according to [URL] ..... Everything works like a charm, however selinux doesn't allow access to the new directory. That means we get a permission denied and no mail is received at the server anymore.
Old location: /var/qmail/mailnames/ New location: /mnt/bigstorage/mailnames/
tail -f /var/log/maillog: Mar 2 13:38:42 srv2 postfix-local[5983]: postfix-local: from=example@example.com, to=example@example.com, dirname=/mnt/bigstorage/mailnames/ Mar 2 13:38:42 srv2 postfix-local[5983]: cannot chdir to mailnames dir /mnt/bigstorage/mailnames: Permission denied
If we disable selinux, everything works, however this is not the best practice.
How can I fix this error without disabling selinux?
Updating: selinux-policy-targeted-3.7.19-260.el6.noarch 128/373 libsemanage.semanage_direct_commit: WARNING: genhomedircon is disabled. See /etc/selinux/semanage.conf if you need to enable it. /etc/selinux/targeted/contexts/files/file_contexts: Invalid argument libsemanage.semanage_install_active: setfiles returned error code 1. semodule: Failed!Click to expand...
We're using Google Apps to handle all e-mail for the domain, so we have no need for POP and IMAP services running on our server (and I'm always getting e-mails from LFD that show bots are trying to connect with random passwords and such) so I want to disable them, but keep SMTP active since some scripts running on our server use it and I don't feel like rewriting them right now. I unchecked IMAP and POP in the WHM service manager to disable them, but it's still enabled and I'm able to connect and everything. How can I completely disable these 2 services?
I have a website which has a FLV player serving .flv files which are hosted in the server. I notice that some users are directly downloading the files using the direct URL and they seem to be using download managers for that which is opening several Apache connections and open slows down Apache. I want to prevent this. I thought of preventing it using a .htaccess file but did not help. This is what I used:
<Files *> order allow,deny allow from 127.0.0.1 allow from localhost deny from all </Files>
I thought this would work but it doesn't as it is blocking the FLV player from playing the file. Can anyone tell me the right way to do it?
Those functions can be disabled at php.ini using disable_functions option.
Now.. what about disable_classes option? I haven't seen anyone talking about this on the common security tutorials. What are your suggestions for this? What classes should be disabled?
I just got a new vps running virtuozzo with cpanel/whm. I have no plans on ever using email on this server. What's the best way to turn all of it off from whm/cpanel and is it worth doing to speed up the server?
someone develop a game which is server-centric. Everything is done server-side. In any case, he can compile it without a problem in Ubuntu, but on my CentOS 4.4 servers, he's having trouble.
The one last bug that he's hit, is that he needs to disable the stack protector on CentOS 4.4 in order to compile the game without any more problems.
in order to secure my server against instrusion, i disabled ssh root login and created a user for myself. however in order to access the user i need to enable SSH Password authentication
I dont enable password authentication all the time and i keep it disabled unless i need to do something via ssh.
Now my question will be, is there a way to keep the user i created and keep the root login disabled and password authentication disabled but use ssh keys for the user i created?
I was informed that if i opt to login to ssh via the user i created, the only way to do that is to enable password authentication as it cannot work with ssh keys. is this true?
I really hope someone can help me how to use the user i created together with ssh keys so i dont have to enable password authentication when loggin to ssh
A customer asked me if it could be possible to disallow certain email accounts to send emails out of the accounts domain. Is there a way to do so with the Exim installation in Cpanel?
Everytime a new account is created in WHM/cPanel, the "Allow Annonymous Access for FTP" option is enabled by default. Since this is something I want turned off for all new accounts... does anyone know a way of switching this off globally in cPanel/WHM so that every new account will have this turned off by default?
At times as I'm developing, due to some coding error in PHP on my part, particularly calling a COM object, the apache server crashes. I'm delighted that it recovers, but in so doing it always tries to rerun the query that crashed it, which just causes another crash, and so on. Is there some way of getting round this, so that it recovers but the problematic code is not rerun?
XP SP3 (still!) Apache/2.4.3 (Win32) mod_fcgid/2.3.7 PHP/5.4.9 Firefox (Aurora)