[Cialug] CentOS httpd
Kyle Hamilton
khamil8686 at gmail.com
Tue Nov 8 12:12:31 CST 2016
Yes, there is an selinux type for ports... For example, if the ssh
port is changed you also need to change the port type to ssh_port_t. An
example command is in the sshd config file, just grep for semanage in
the /etc/ssh/sshd_config file. You can see the selinux info for ports
using netstat -Z (I use a standard command of netstat -naplZ)
I wasn't a salesman in an earlier life, I just work somewhere where
we keep selinux on. When I go searching for info and people first
recommend turning selinux off I feel like smacking my forehead, lol.
Selinux is great for security, its why the NSA created it. Now, selinux
adoption is picking up steam and most every app that I want to run will
have selinux instructions in documentation.
Good luck in your studies of selinux!
Kyle
On 11/08/2016 12:01 PM, L. V. Lammert wrote:
> On Tue, 8 Nov 2016, Kyle Hamilton wrote:
>
>> Check if selinux is enabled with 'getenforce'. You can search for 'fail'
>> by using 'less /var/log/audit/auth.log' fressing 'G' to go the the end
>> of the file, pressing '?' to do a reverse search, typing fail, hitting
>> enter to finally search. Use n to go to next result, and N to go to
>> previous search result. Selinux is most likely your problem.
>>
> Bingo - thanks!!
>
> # ls -Z /etc/httpd/conf/httpd.conf
> -rw-r--r--. root root unconfined_u:object_r:admin_home_t:s0 /etc/httpd/conf/httpd.conf
>
> Set to permissive for testing, .. but httpd cannot bind to the port:
>
> ... could not bind to address 10.128.0.5:443
>
> (Set to specific IP to troubleshoot, no change.)
>
> Is there a different selinux permission for ports?
>
>> Do not set selinux to permissive, just go over the small learning hump
>>
> You must have been a good salesman in an earlier life <g>??
>
> Thanks!!
>
> Lee
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
More information about the Cialug
mailing list