I am not expert in linux box.... Actually I have found a problem in my machine, our clients are not able to access their sites from server, when I checked the system log it was related to Permission Denied. Someone told me to disable SELinux enforcing, Now after that my problem resolved.
But I am curious that what exactly Selinux is and what kind of issue it may create for my box if I disable it?
For mail server admins, do you enforce PTR (reverse dns checks) on incoming mail? All hosts know to have rDNS set on their mail IPs to ensure free-flowing outbound mail but do you also enforce the check on inbound.
And does anyone know of somewhere that shows stats on the state of net and what perecentage use PTR checks etc?
Is anyone here using SElinux on a web server?
If so, how hard was that to setup?
My server ping keeps disconnecting
However my ssh & website is smooth running!
When i type "service iptables stop", the ping runs just smoothly.
I have CSF installed in the server, like any other server using default configurations. I believe it has something to do with selinux? (or not?)
I am having quite a challenge getting openvz to work on centos 5 with a adaptec RAID card.
The driver likes the plain jane kernel..but then...
Configuration [OpenVZ (2.6.18-8.1.14.el5.028stab045.1)]
***NOTICE: /boot/vmlinuz-2.6.18-8.1.14.el5.028stab045.1 is not a kernel. Skipping.
There is also another issue not being able to disable Selinux.
I have tried the normal routes and even attempted disabling it in rc.sysinit..still...this "security framework" is able to load it..and cause problems.
Openvz and SeLinux don't get along..even a little bit.
So..those are the two probably seperate issues...that prevent the poor server from booting.
I can't get SELinux to let httpd load the IonCube module for PHP. I've given the CentOS 5 forum a try (here: http://www.centos.org/modules/newbb/...15403&forum=42), talked with WHMCS's support (the app I'm using that needs it), and even opened a ticket with IonCube. Unfortunately nobody seems to know how to tell SELinux to let httpd "exec" modules.
I'm running CentOS 5, and the error I'm getting in /var/log/messages is:
Jul 23 10:15:30 host kernel: audit(1216833330.905:1249): avc: denied { execheap } for pid=22055 comm="httpd" scontext=root:system_r:httpd_t:s0 tcontext=root:system_r:httpd_t:s0 tclass=process
I can disable SELinux and it works fine (setenforce 0), but that's not the solution I'm looking for. Can someone please tell me how to do this the *right* way?
Has anyone wrote custom SELinux policies for their cpanel server?
View 1 Replies View RelatedIs it possible to make these two work together? I can't seem to find any way to let Apache read /home/<username>/public_html without disabling selinux entirely.
I know you can do "chcon -t httpd_sys_content_t -R $HOME/public_html", but it seems like it would be a pain when adding users, especially if someone decides to delete their public_html and make a new directory.
Is it possible to create an exception to let httpd do whatever it wants?
I have changed the maildir in Plesk according to [URL] ..... Everything works like a charm, however selinux doesn't allow access to the new directory. That means we get a permission denied and no mail is received at the server anymore.
Old location: /var/qmail/mailnames/
New location: /mnt/bigstorage/mailnames/
tail -f /var/log/maillog:
Mar 2 13:38:42 srv2 postfix-local[5983]: postfix-local: from=example@example.com, to=example@example.com, dirname=/mnt/bigstorage/mailnames/
Mar 2 13:38:42 srv2 postfix-local[5983]: cannot chdir to mailnames dir /mnt/bigstorage/mailnames: Permission denied
If we disable selinux, everything works, however this is not the best practice.
How can I fix this error without disabling selinux?
Specs: centOS 6.6 (Final) with Plesk 11.5.30 #48
In the last updates I get this warning:
Updating: selinux-policy-targeted-3.7.19-260.el6.noarch 128/373
libsemanage.semanage_direct_commit: WARNING: genhomedircon is disabled.
See /etc/selinux/semanage.conf if you need to enable it.
/etc/selinux/targeted/contexts/files/file_contexts: Invalid argument
libsemanage.semanage_install_active: setfiles returned error code 1.
semodule: Failed!Click to expand...
I want to disable the use of other dns being used instead of my name servers is this possible if so how can i do this.
View 4 Replies View RelatedI am trying to install Automation, and I keep getting an error after the "Getting SELinux" step, here is a log of the process so far:
Code:
[INFO]: Checking current user privileges...
[INFO]: Checking critical environment requirements...
[INFO]: Determining OS parameters...
[INFO]: Detected OS: CentOS-5-x86_64
[INFO]: Getting SELinux state...
[ERROR]: Unexpected error: ''
[Code] ....
I have tried running the installation on a different server and the same issue came up...
How do i take one IP on the server down ?
I need to disable eth1:4 as it get ddos attack.
ifdown eth0:4 is not working
Quote:
[root@server22 ~]# ifdown eth0:4
usage: ifdown <device name>
[root@server22 ~]#
I think the command used to work before.
Anyone know how to take down only that IP with out editing ifcfg-eth0-range0 ?
Disabling POP and IMAP on cPanel
We're using Google Apps to handle all e-mail for the domain, so we have no need for POP and IMAP services running on our server (and I'm always getting e-mails from LFD that show bots are trying to connect with random passwords and such) so I want to disable them, but keep SMTP active since some scripts running on our server use it and I don't feel like rewriting them right now.
I unchecked IMAP and POP in the WHM service manager to disable them, but it's still enabled and I'm able to connect and everything. How can I completely disable these 2 services?
I have a website which has a FLV player serving .flv files which are hosted in the server. I notice that some users are directly downloading the files using the direct URL and they seem to be using download managers for that which is opening several Apache connections and open slows down Apache. I want to prevent this. I thought of preventing it using a .htaccess file but did not help. This is what I used:
<Files *>
order allow,deny
allow from 127.0.0.1
allow from localhost
deny from all
</Files>
I thought this would work but it doesn't as it is blocking the FLV player from playing the file. Can anyone tell me the right way to do it?
We all know that some php funcions are dangerous, such as:
system, system_exec, passthru, shell, shell_exec, exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, pfsockopen, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg
Those functions can be disabled at php.ini using disable_functions option.
Now.. what about disable_classes option? I haven't seen anyone talking about this on the common security tutorials. What are your suggestions for this? What classes should be disabled?
Is there someway to disable shell files from working? Because even if you disable shell, shell files still seem to work...
View 2 Replies View Relatedi have a dedicated server wich has safe_mode ON.
i run a joomla portal and i am having issues regarding uploading new modules and stuff like that.. i know that the solution is disabling the safe_mode
i have tried using a customized php.ini but it didnt work... what else can i try?
I have RH ES4 running as a vhost on Plesk.
Does anyone know how I can turn off IonCube? I don't see the .so for IonCube in php.ini
I just got a new vps running virtuozzo with cpanel/whm. I have no plans on ever using email on this server. What's the best way to turn all of it off from whm/cpanel and is it worth doing to speed up the server?
View 4 Replies View RelatedI am trying to troubleshoot messages piling up in my /var/log/messages on CentOS 5 that look like this:
Apr 18 10:04:01 sc16 kernel: printk: 3 messages suppressed.
Apr 18 10:04:06 sc16 kernel: printk: 2 messages suppressed.
Apr 18 10:04:14 sc16 kernel: printk: 3 messages suppressed.
Apr 18 10:04:17 sc16 kernel: printk: 1 messages suppressed.
Apr 18 10:04:25 sc16 kernel: printk: 3 messages suppressed.
Apr 18 10:04:31 sc16 kernel: printk: 1 messages suppressed.
Apr 18 10:04:39 sc16 kernel: printk: 2 messages suppressed.
The messages are supressed so I can't see what they are or what is causing them.
How can I disable printk supression?
I have already tried:
echo 0 > /proc/sys/kernel/printk_ratelimit_burst
echo 0 > /proc/sys/kernel/printk_ratelimit
They don't seem to disable it... Any ideas?
I like to disable the CGI Module in httpd.conf. Can you please help me to disable the CGI Module.
View 5 Replies View Relatedi have a problem with a hacker that uses .htaccess to disable mod_security
using this code
PHP Code:
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
so is there a way to stop this?
also they have come up with a smart way to run shell files named as images using this code in .htaccess
PHP Code:
AddType application/x-httpd-php .gif
is there a way to disable the "AddType application"?
login as: hen
hen@xx.xx.xx.xx's password:
Last login:
hen@root [~]# su -
Password:
su: incorrect password
I verified that root password is correct, but no matter how many times I tried, I can't su in
Where's my su permission
-rwxr-xr-x 1 root wheel 24060 Mar 22 2007 /bin/su*
here's inside /etc/group
wheel:x:10:root,hen
someone develop a game which is server-centric. Everything is done server-side. In any case, he can compile it without a problem in Ubuntu, but on my CentOS 4.4 servers, he's having trouble.
The one last bug that he's hit, is that he needs to disable the stack protector on CentOS 4.4 in order to compile the game without any more problems.
in order to secure my server against instrusion, i disabled ssh root login and created a user for myself. however in order to access the user i need to enable SSH Password authentication
I dont enable password authentication all the time and i keep it disabled unless i need to do something via ssh.
Now my question will be, is there a way to keep the user i created and keep the root login disabled and password authentication disabled but use ssh keys for the user i created?
I was informed that if i opt to login to ssh via the user i created, the only way to do that is to enable password authentication as it cannot work with ssh keys. is this true?
I really hope someone can help me how to use the user i created together with ssh keys so i dont have to enable password authentication when loggin to ssh
A customer asked me if it could be possible to disallow certain email accounts to send emails out of the accounts domain. Is there a way to do so with the Exim installation in Cpanel?
View 0 Replies View RelatedEverytime a new account is created in WHM/cPanel, the "Allow Annonymous Access for FTP" option is enabled by default. Since this is something I want turned off for all new accounts... does anyone know a way of switching this off globally in cPanel/WHM so that every new account will have this turned off by default?
View 3 Replies View RelatedAt times as I'm developing, due to some coding error in PHP on my part, particularly calling a COM object, the apache server crashes. I'm delighted that it recovers, but in so doing it always tries to rerun the query that crashed it, which just causes another crash, and so on. Is there some way of getting round this, so that it recovers but the problematic code is not rerun?
XP SP3 (still!)
Apache/2.4.3 (Win32) mod_fcgid/2.3.7 PHP/5.4.9
Firefox (Aurora)