similar to: vsftpd not able to log in

I'm setting up a dedicated database server, and since this will be a central service to my various web servers I wanted it to be as secure as possible...so I am leaving SELinux enabled. However I'm having trouble getting Apache to use mod_auth_pam. I also now can't get setroubleshootd working to send me notifications of the denials and provide tips to solve the problem. The Apache

Hi, This update is for the HowTo at http://wiki.centos.org/HowTos/Chroot_Vsftpd_with_non-system_users Regarding two of the scripts provided: vsftpd_virtual_config.sh and vsftpd_virtual_config_withTLS.sh: The configuration additions it makes to PAM do not work on 64-bit systems. In vsftpd_virtual_config.sh (Lines 55 & 56) and vsftpd_virtual_config_withTLS.sh (Lines 123 & 124) should be

> If I understand well, I could add a type to another type?!?!?! No. The default targeted policy is mostly about Type Enforcement. Quote from the manual: "All files and processes are labeled with a type: types define a SELinux domain for processes and a SELinux type for files. SELinux policy rules define how types access each other, whether it be a domain accessing a type, or a

I can access /depot/tftp from a tftp client but unable to do it from a Windows client as long as SELinux is enforced. If SELinux is permissive I can access it then I know Samba is properly configured. # getenforce Enforcing # ls -dZ /depot/tftp/ drwxrwxrwx. root root system_u:object_r:tftpdir_rw_t:s0 /depot/tftp/ And if I do it the other way around, give the directory a type samba_share_t then

????????? ???????? ????? 2016-07-05 19:58: >> I need to have the tftpdir_rw_t and samba_share_t SELinux context >> on >> the same directory. >> >> How can we do this? Is it feasible to have more than one SELinux >> context? > > I don't think it's possible/feasible. > You'd probably need to add a new type and necessary rules to your

On Mar 3, 2015, at 2:30 PM, Brian Mathis <brian.mathis+centos at betteradmin.com> wrote: > > people are bound by corporate restrictions That seems like an awfully convenient rug to sweep problems under. Can?t fix a security problem? Corporate restrictions! Can?t require sensible security defaults restrictions by default? Corporate restrictions! Can?t move off IE6? Corporate

Has anyone attempted to make SFTP on ProFTPD with SELinux work? I'd like to keep SELinux enabled on this particular system, but I prefer ProFTPD's SFTP solution over OpenSSH. The aureport tool reports the following: 28. 11/05/2014 12:58:58 proftpd unconfined_u:system_r:ftpd_t:s0-s0:c0.c1023 4 file getattr system_u:object_r:sshd_key_t:s0 denied 86877 I have the SFTP config setup to just

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I've been working in the bash scripts used in the page http://wiki.centos.org/HowTos/Chroot_Vsftpd_with_non-system_users Some of the changes are: - - Add vsftpd TLS support in the configuration. So USER and PASS don't be clearly readable. - - If SELinux is available, set the boolean allow_ftpd_anon_write to on in the configuration

Guys, I hear all your arguments against using FTP. I completely get all that. But I am making things a little bit safer by using virtual users that have no access to the file system. The ftp user account has a shell of /bin/false. And I was able to get proftpd working with SELinux using setsebool -P ftp_home_dir on. The client is recalcitrant to using any technology he doesn't know. I have

Hello, I'm using the latest CentOS with phpBB 3.0.x + postgreSQL + sendmail (relayed through gmail.com) - all those programs working fine, with no big modifications of the CentOS defaults (i.e. SELinux is on). Now I'm struggling with the seemingly simple problem, that when I put an .html file into /var/www/html/ then Apache won't serve it. In the browser I see: "Forbidden You

Hello, I have an old SNAP! Server 4100 appliance that has a built-in samba, I think it's a 2.2.x samba The only commands I can issue for smb are (taken from debug console): Usage: ? ? ? smb add [w{hex#ofbytes} {AtHexOffset} | e{AtHexOffset}] ? ? ? smb domain [{name} [{user} [{pwd}]]] ? ? ? smb encrypted-password [enable|disable] ? ? ? smb info [connections] ? ? ? smb pdc disconnect

Dear R-listers, I would like to carry out a very basic descriptive analysis of homicides rates in Italy, taking into account both the spatial dimension (103 provinces) and the temporal dimension (10 years), but no covariates. In practice, what I would like to do is to describe spatio-temporal variation of homicide rates, identifying those combinations of province-year where the homicide rate

"Rails 1.1 is coming" - Feb 26, 2006 post in rails-core * http://www.ruby-forum.com/topic/55991 Final Drive Candidates (highlighted for review by core members) * http://dev.rubyonrails.org/report/19 Potential Rails 1.1 Blockers * http://dev.rubyonrails.org/report/10 Did you know you can run many different versions of Rails on the same physical server? This means you can test

2.2.13/0.4.2, both from source-tarball, no fancy options. tcp-replication between two nodes and following plugin parameters (same on both sides, except the ip-addr) plugin { sieve_before = /home/ssfn/etc/dovecot/sieve.default sieve_global_dir = /home/ssfn/etc/dovecot sieve = ~/.dovecot.sieve sieve_dir = ~/.sieve sieve_extensions = +vnd.dovecot.duplicate sieve_duplicate_period = 6h

After over a month (well, ok, no more than an hour a day :) of planning, getting hardware, tinkering and testing, I'm about to my Ultimate Home Phone System (tm) online. Connectivity to the outside world is provided by: A. 1 POTS phone line connected through an X100P ($11/month, needed to carry DSL) B. 1 Vonage ATA186 connected through an X100P (needed for the rate center :( ) C. 3 Broadvoice