How can I see which SELinux rule kicks in at a given point. Is there something like debug-mode for SELinux? The problem is that SELinux Troubleshooter does not show any errors at all when denial happens.
View 4 RepliesI configured my apache2. On my Intrepid I had apache2.0 while on my Karmic I have a apache2.2. Aftere configuring I tested it and got a an error page when I tested it in my web browser. I looked into the log file that showed the following error "[client 127.0.0.1] (13)Permission denied: access to /my_dir/ denied".
It appears apache2.2 can't access directories in my home folder. File system rights for the files and folders are correct. There is no AppArmor profile for Apache. User settings in "/etc/apache2/apache2.conf" file are correct. The inaccessible folder in "/etc/apache2/sites-available/default" looks as follows:
[Code]...
A trick using symbolic links didn't work either. On my previous Intrepid with Apache 2.0 my pages worked like a charm. Now on my current Karmic (before apache2.conf was pre configured, now it's not) with Apache 2.2 my pages are wrecked. how I can make Apache2.2 access folders in my home folder and which settings are needed in default file for that?
here is the most importent part of the file setup.shhere link to pastebin:http://pastebin.com/mwQ1UArHand here the part:
cd
chmod 777 ../bin/panel
cd ../bin/panel
[code]....
I have 2 LANs in my network. They are:
LAN 1: 192.168.0.0
LAN 2: 192.168.1.0
Both LANs, communicate with each other. And both have an application server. In LAN1, I can access the web server, internal and external. At LAN2, only works on the internal network.The rule that I'm using is as follows: iptables -t nat -A PREROUTING -p tcp -d my_ip --dport 80 -j DNAT --to 192.168.1.254:80
This rule works for LAN1, but not for LAN2. Anyone know what that is can be lockin access?
Question (and Google results aren't making this clear): Ubuntu has both iptables & ip6tables installed. 1. If I set a rule in iptables, does that rule also apply to ipv6, or just ipv4?
2. If "no" to above, then it would be prudent to *also* set ip6tables rules as well if I want to maintain an active firewall, correct?
3. Does ip6tables rules have the same syntax and behavior (more or less) to iptables rules - i.e. can I just copy my iptables rules & change "iptables" to "ip6tables"?
4. Any gotchas or issues that I should be aware of?
i have the following system in my lan.
firewall(iptables)
etho(private) - 192.168.2.1
eth1(public) -189.117.57.2
squid server at 192.168.2.10
my request is that i have to make all out bound internet connection should go from proxy server , not directly to firewall. Please specify a iptable rule for blocking direct internet access. my clients ip ranges from 192.168.2.20 to 192.168.2.47
My network diagram is internet<---->dansguardian proxy(centos5)<--->my network i have blocked facebook for my network but now i want to give only 2 ips to get its access & i do not want to enter these ip in exceptioniplist as if i doo so then they will be able to access all the sites that i have blocked. and if i am giving this entry [URL] in bannedsite list it is also not working.....
View 1 Replies View RelatedAnyone noticing intermittent problems with the screensaver not kicking in or the display not sleeping? This is in gnome under F11.I have the Power Management Preferences set to put the display to sleep after 30 minutes of inactivity and gnome screensaver is configured for 5 minutes idle time.On a regular basis, I'll leave my computer come back anda) the screensaver hasn't kicked inorb) the screensaver kicked in, but the power management features didn't kick in to put the display to sleep.It seems to be an intermittent problem and usually it goes away after I restart X, but then at some point it comes back. In the past, I've gotten in the habit of being logged in for weeks/months at a time but I find that I can't go more than a few hours without logging out and back in or else the screen won't go to sleep.
View 14 Replies View RelatedI did an "aptitude update && aptitude upgrade" in the terminal, and I get the following packages which want to update:
The following NEW packages will be installed:
liblzma2{a} xz-utils{a}
The following packages will be upgraded:
dpkg libsgutils2-2 libvlc2 libvlccore2 libvte-common libvte9
mozilla-plugin-vlc vlc vlc-data vlc-nox vlc-plugin-pulse
[code]...
I usually just break out of this with Ctrl+c, and now every time I try to update my system, I run into this. What should I do?
For centOs i am trying to configure a ssh key but it denies the approval.I tried this from the following link
[URL]
For more details i had raised the same question on server fault [URL]
I've been trying to set up an FTP server for a client, which is something I haven't done before. Things seemed pretty straight forward at first, had everything working, but now I have just one last minor problem.
I'm using vsftpd as my FTP daemon. I managed to configure it to allow only user to log in, I have write enabled, etc. Now, this server is in the 172.16.10.* range. I have servers in two other ranges that need to connect to it and down-/upload files. These ranges are 192.168.15.* and 192.168.16.*. The ones in 192.168.15.* are physically in the same location as my FTP server. The ones on 192.168.16.* connect through a VPN, using a Netscreen 5GT firewall.
Up to this, no problem yet. The problem is this:
I tried the following from the 192.168.15.* range:
- connect: no problem
- login: no problem
- list directory: no problem
- download file: no problem
- upload file: no problem
Now I tried all of this from the 192.168.16.* range as well. Everything checked out except for one tiny crucial thing. I'm not allowed to upload files, I get "550 Requested action not permitted". I login under the same user I've verified I get the correct directory listing, so absolutely everything checks out to be the exact same.
In my new Centos i am not able to add iptable rule. iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128bash: iptables: command not foundI am getting this error. I use this rule to forward ports to squid.
View 5 Replies View RelatedI just upgraded to jessie and now Samba won't let me log in anymore. I merged smb.conf manually. It now looks like this (removed comments):
Code: Select all[global]
workgroup = WORKGROUP
dns proxy = no
bind interfaces only = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
[Code] .....
With smbclient logs as follows:
Code: Select allsmbclient -L 192...
Enter user's password:
session setup failed: NT_STATUS_UNSUCCESSFUL
If I provide a wrong password, it raises NT_STATUS_LOGON_FAILURE, also if retry with the correct password.
Not sure about what resolved the issue. But after I purged samba, reconfigured it, added the users AND set www-data's shell to bash again (which was changed during the update), it now seems to work
I just upgraded samba on my lenny-server:
apt-cache policy samba
samba:
Installed: 2:3.4.7~dfsg-1~bpo50+1
...and since then my windows xp clients cannot follow a symbolic link to a common area from their home folders.
I have googled and tried to add follow symlinks and wide links to my homes share
[homes]
= Home Directories
browseable = no
follow symlinks = yes
wide links = yes
...but after restarting samba on the server and rebooting the windows machine the user still cannot follow the link.
Whoever has trouble with hplip GUI mode, install not only qt4 but also python-qt4.
View 1 Replies View RelatedAfter reading all the forum entries and tutorials I could find, which all make it sound very easy to do, however I type the command 'make' in the folder where I have the "rtl8192su_linux_2.4_2.6.0003.1019.2009.tar.gz " unzipped and get the following output:
make[1]: Entering directory `/lib/modules/2.6.35.6-45.fc14.i686/build'
make[1]: *** No rule to make target `modules'. Stop.
make[1]: Leaving directory `/lib/modules/2.6.35.6-45.fc14.i686/build'
[code]....
I am customizing CentOS and doing the entire procedure through ks.cfg file. Everything is been configured properly except the boot label. I would want Boot label to be customized rather than the default one. Is it possible to achieve this using kickstart?
View 2 Replies View RelatedI have problem while configuring kickstart installation in rhel 5.2 .
I have followed bellow listed steps.
i, Copied iso.img into my server
ii, # mount �o loop iso.img /tmp/iso # cp -a /tmp/iso/* /tmp/iso_new/ # system-config-kickstart - - generate ks.cfg ( creating kickstart configuration file) # cp /root/ks.cf /tmp/iso_new/isolinux/ ( As suggested by red hat I have copied ks.cgf file into /isolinux/ folder.
iii) mkisofs -R -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table -o /tmp/new_1.iso /tmp/ iso_new # to create bootable disk
iv) Then started the system using this newly created iso image through HP ILO console and the system got booted successfully with boot prompt.
v) After executing the linux ks=cdrom:/ks.cfg from the boot prompt, we got a error by saying there is no CDROM deducted in your Machine and the installation got terminated .
vi) As per my understanding the ISO image is mounted as Virtual CD-ROM (/dev/scd0) in HP ILO.
Why the we are getting CD-ROM related Error ? How we can avoid this error? Is there any other set of configuration to achieve this ?
I'm a very -slightly- advanced Samba user. I believe I know the basics of editing the smb.conf and I know to use smbpasswd to update the Samba users database.I have a group of identical shares.They are readOnly for the group @movies-play and they are (supposed to be) writeable by specific users. The readOnly group works great, no prob there, but I cannot get write access for the specified users. They are in the Samba user database using smbpasswd -a mark and neelix.Here is the share section in my smb.conf...
Code:
[movies-usb3]
path = /media/usb3/movies
guest ok = no[code]....
I have the workgroup and netbios info set. I have security=user set. The folder 'movies' in the path above is owned by 'mark' so it seems I should be able to write in it but I can't.I'm connecting to the share (it's on a server running Lucid) from my laptop (running Lucid. I added this mount info to fstab...
Code:
//spock/movies-usb3 /media/spockmovies3 cifs credentials=/home/mark/.smbpasswd 0 0
Of course spock in the hosts file so it resolves. I can see the share fine, just can't write.
I am using squid on my fedora box as a proxy server.By default the iptables (Firewall) service is on.To allow web pages to my client machines i stop the iptable service.
#service iptables stop
By doing it client computers start browsing.kindly how can I add a rule so that without stoping firewall client compter work fine.my perver IP address is 10.1.80.10
I am presently using Ktorrent .
Previously, I used Transmission & Vuze
Is there a way to automatically ban/kick peers which have chocked?
May be in some other client ?
I have a client that needs 5 machines updated. They are all running Ubuntu 9.04. Long story short, I can only log in over VPN for the time being (as they're in another city).
That said, is there any good way to remotely update the systems without the need to remain logged in (e.g.via SSH)? I'd like to simply kick off the updates and check back in at a later time.
I am running Kubuntu 11.04 and I use the standard "Blank Screen" screensaver. I want to start a command every time the screensaver starts and to stop it when the screensaver stops.
My idea is to copy the "Blank Screen" screensaver and add a couple of my own lines in the source code ...
but I have some trouble finding the correct files.
I have ks.cfg and file.iso burned to a DVD. Both files are at the root of the DVD. Besides that, I also created a folder and keep some drivers in the folder.
I inserted the CD and reboot the server ( which already has a red hat 5.3 that I installed before, I want to erase it using kick start ).
Howver, I just can't get into the much said "boot prompt".
Do we need to press certain hot key during certain stage of reboot?
I try to kick off dolphin from regular user account after executing "su -" from terminal emulator inside KDE, but got a error:
Code:
Is this something to do with xwindow authorization?
I am trying to compile a kernel in the following directory:/usr/src/kernels/2.6.30.9-102.fc11.x86_64
Note I am not trying to build an rpm but just do a simple make. After configuring with make menuconfig I issue the make command and get the following error:
Code:
[root@compaq 2.6.30.9-102.fc11.x86_64]# make
CHK include/linux/version.h
CHK include/linux/utsrelease.h
SYMLINK include/asm -> include/asm-x86
make[1]: *** No rule to make target `missing-syscalls'. Stop.
make: *** [prepare0] Error 2
how to resolve this error? It seems to be fedora-centric.
I set up a vnc connection to my machine the other day and while doing that checked out any open ports.To my astonishment my ftp port is open, although I double checked the firewall and there's no check in the checkbox for the ftp port. I didn't add a "other ports" rule or anything as well.So, how would I be able to fix that?
View 5 Replies View RelatedI have a RedHat box that I have configured, security, audit rules, latest updates, etc. I want to be able to "image" that configuration so I can kick other boxes with that "image", that way no other configuration/updating needs to be done on the newly kicked boxes. What is the best way to accomplish this? To make things more difficult, it would be near to impossible for me to pull any software off the internet for this.
View 5 Replies View RelatedHave no idea what I am doing operating a server. Our programmer got a new job and I am the one who has to take it over. Everything was fine til yesterday. You see I made a control panel to easier update the site www(dot)discoverysound(dot)com
but yesterday when I went to update the site I got an error called fopen. I thought I fixed it (and boy did I ever) but now I cannot get to my site because it says Forbidden You don't have permission to access / on this server. Apache/2.0.47 (Unix) mod_ssl/2.0.47 OpenSSL/0.9.7a DAV/2 PHP/4.3.3RC4-dev Server at www(dot)discoverysound(dot)comPort 80.
I'm using ArchLinux and I have an IP tables rule that I know works (from my other server), and it's in /etc/iptables/iptables.rules, it's the only rule set in that directory. I run, /etc/rc.d/iptables save, then /etc/rc.d/iptables/restart, but when I do "iptables --list", I get ACCEPTs on INPUT,FORWARD & OUTPUT.
# Generated by iptables-save v1.4.8 on Sat Jan 8 18:42:50 2011
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
[Code]....