similar to: selinux allow FTP

On 3/2/2015 2:34 PM, John R Pierce wrote: > step 1) delete FTPD, and use ssh/scp/rscp instead. errr, I meant, sftp, not rscp -- john r pierce 37N 122W somewhere on the middle of the left coast

2015-03-03 0:43 GMT+02:00 Tim Dunphy <bluethundr at gmail.com>: > > > > errr, I meant, sftp, not rscp > > > Heh.. yeah. But the client isn't gonna go for that. LOL. Any way to allow > regular ol' FTP using SELinux? Or does that just defeat the purpose of > having a secure SELlinux server entirely? > FTP is not safe as it does not encrypt username(s)

> > errr, I meant, sftp, not rscp Heh.. yeah. But the client isn't gonna go for that. LOL. Any way to allow regular ol' FTP using SELinux? Or does that just defeat the purpose of having a secure SELlinux server entirely? Thanks Tim On Mon, Mar 2, 2015 at 5:35 PM, John R Pierce <pierce at hogranch.com> wrote: > On 3/2/2015 2:34 PM, John R Pierce wrote: > >>

On Mon, Mar 2, 2015 at 4:43 PM, Tim Dunphy <bluethundr at gmail.com> wrote: >> >> errr, I meant, sftp, not rscp > > > Heh.. yeah. But the client isn't gonna go for that. LOL. Any way to allow > regular ol' FTP using SELinux? Or does that just defeat the purpose of > having a secure SELlinux server entirely? What is the context here? The big problem

Guys, I hear all your arguments against using FTP. I completely get all that. But I am making things a little bit safer by using virtual users that have no access to the file system. The ftp user account has a shell of /bin/false. And I was able to get proftpd working with SELinux using setsebool -P ftp_home_dir on. The client is recalcitrant to using any technology he doesn't know. I have

On Tue, Mar 3, 2015 at 2:33 PM, Les Mikesell <lesmikesell at gmail.com> wrote: > On Mon, Mar 2, 2015 at 4:43 PM, Tim Dunphy <bluethundr at gmail.com> wrote: > >> > >> errr, I meant, sftp, not rscp > > > > > > Heh.. yeah. But the client isn't gonna go for that. LOL. Any way to allow > > regular ol' FTP using SELinux? Or does that

Hey all, I've been having some trouble creating a mysql user that can connect to the database from localhost. It's always been a straight forward thing to do in the past, so its time for a sanity check, if you guys don't mind. Ok, so here's the actual command with actual simplified password that I'm using. It's on localhost so I don't think it's a security threat

Hey Jeremy, > Have you tried changing the folder where it's writing into with these > lables? httpd_sys_content_rw_t or httpd_user_content_rw_t Adding 'rw' to the command did the trick. I tried httpd_sys_content_rw_t and that works fine! Thanks for the tip! Tim On Thu, Jan 22, 2015 at 1:19 PM, Jeremy Hoel <jthoel at gmail.com> wrote: > Have you tried changing

Hey guys, I need to give the 'nobody' user (which is what our apache runs as) no password access to a file, via sudo. This is what I've tried: nobody ALL=(ALL) NOPASSWD: /var/www/qa/launchpadnew/site/ftp_check.php But if I become the nobody user and try to access the file, it tries to prompt me for a password: -bash-3.2$ php /var/www/qa/launchpadnew/site/ftp_check.php [sudo]

> > How about adding some swap into system? Not a bad idea, Eero! That worked. [root at ops3:~] #cat /proc/swaps Filename Type Size Used Priority /swapfile file 1048572 712 -1 [root at ops3:~] #semodule -i newrelic.pp [root at ops3:~] # Thanks! Tim On Thu, Oct 15, 2015 at 12:19 AM, Eero Volotinen

Hey all, Ok, so I've been having some trouble for a while with an EC2 instance running CentOS 5.11 with a disk volume reporting 100% usage. Root is on an EBS volume. So I've tried the whole 'du -sk | sort -nr | head -10' routine all around this volume getting rid of files. At first I was getting rid of about 50MB of files. Yet the volume remains at 100% capacity. Thinking

> > mysql> FLUSH PRIVILEGES; Yup! That was it. Thanks for the reminder! :) Tim On Mon, Mar 30, 2015 at 12:15 AM, Steven Tardy <sjt5atra at gmail.com> wrote: > > > mysql> grant all privileges on ftp.* to 'proftpd'@'localhost' > identified by > > 'testpattern'; > > Query OK, 0 rows affected (0.35 sec) > > mysql> FLUSH

> > The easiest answer is to edit the Selinux config file. By default it is > set to enforce, which really locks it down. > cd /etc/selinux > edit the config file and change SELUNIX=enforcing to SELUNIX=permissive > Save the file and restart httpd, you should be fine.. Yeah dude, exactly. Except I actually do want to start using it. I've been disabling SELINUX forever

Hi Jeremy, An easy way to start troubleshooting these is to look at the audit logs and > see what SELInux is blocking. You have /McFrazier in the email.. if that's > off the root tree than unless you've set permissions to allow httpd to look > at tat folder, I bet that's one problem. > if you run ls -Z you can see the labels that are present on those folders, > that

Hey all, I have a simple php app working that writes some info to a text file. The app will only work correctly if SELinux is disabled. If it's enabled and try to use the app, it fails. It seems that SELinux is denying the app ability to write to the text file. So I tried running the following command: chcon -R -t httpd_sys_content_t /var/www And tried veriying the command with the

Guys, I've setup an rsync between two directories that I've mounted locally on a jump box. Long story short, the two directories are both NFS shares from two different hosts. Our security dept won't allow us to SSH between the two data centers, directly. But the jump host can contact both. So what I've done is mount the NFS shares from one host in each data center on the jump box

> > What turns up in myzabbix.te? Same deal. :( #semodule -i myzabbix.te semodule: Failed on myzabbix.te! sigh... but thanks any other clues? On Wed, Jun 17, 2015 at 11:42 AM, Harold Toms <h.toms at qmul.ac.uk> wrote: > On 17/06/15 16:29, Tim Dunphy wrote: > >> That's because there's already a zabbix module loaded (the message isn't >>> very

On Mar 3, 2015, at 2:30 PM, Brian Mathis <brian.mathis+centos at betteradmin.com> wrote: > > people are bound by corporate restrictions That seems like an awfully convenient rug to sweep problems under. Can?t fix a security problem? Corporate restrictions! Can?t require sensible security defaults restrictions by default? Corporate restrictions! Can?t move off IE6? Corporate

Hello list, With my latest proftpd server graphical client error on list (ls) directory: Error: Could not read from socket: ECONNRESET - Connection reset by peer Error: Disconnected from server Error: Failed to retrieve directory listing So far I've tried both filezilla and cyberduck. But command line ftp works completely: [dunphy at BAM-025715-TD:~] #ftp jfweb Connected to jfweb.

Also check this out: http://www.bitvise.com/ftp-bridge -- Eero 2015-03-03 0:51 GMT+02:00 Eero Volotinen <eero.volotinen at iki.fi>: > > > 2015-03-03 0:43 GMT+02:00 Tim Dunphy <bluethundr at gmail.com>: > >> > >> > errr, I meant, sftp, not rscp >> >> >> Heh.. yeah. But the client isn't gonna go for that. LOL. Any way to allow