similar to: running CGI scripts with SELinux=ENFORCING with priviledged commands ...

> On Aug 20, 2016, at 15:00, Walter H. <Walter.H at mathemainzel.info> wrote: > > Hello, > > how could it be achieved to run > e.g. > shutdown -h now > from a CGI script on a system where SELinux is set to ENFORCING? Short answer: don't. You could probably create a custom selinux policy that allowed it but you'd be opening your system up to more security

Hello, in /etc/sysconfig/network-scripts/ifcfg-eth0 I have this <ifcfg-eth0> ... IPV6INIT=yes IPV6ADDR=prefix::5 IPV6ADDR_SECONDARIES="prefix::2 prefix::3 prefix::4" IPV6_AUTOCONF=no IPV6_DEFAULTGW=prefix::1 IPV6_DEFAULTDEV=eth0 </ifcfg-eth0> when I enter ifconfig the IPv6 addresses are in a different order <ifconfig> eth0 Link encap:Ethernet HWaddr ... inet addr:...

Hello, I found different ways to define the hostname ... this HOSTNAME="host.domain.tld" or this: HOSTNAME="host" DOMAIN="domain.tld" what is the correct way? Thanks, Walter

Thanks for your help. I did pick up an additional entry in the audit file : type=AVC msg=audit(1504561395.709:10196): avc: denied { execute } for pid=19163 comm="/usr/sbin/httpd" name="s.check.cgi" dev="dm-0" ino=537182029 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=file Unfortunately, I am not sure how the

Is this really supposed to get easier over time? :) Now my audit.log file shows that SELinux is blocking my cgi script, index.cgi (which is what's actually served when the user visits the front page of one of our proxy sites like sugarsurfer.com) from having '"read write" to socket (httpd_t)'. I have no idea what that means, except that I thought that cgi scripts were

Hello Walter, On Mon, 15 May 2017 09:22:54 +0200 "Walter H." <walter.h at mathemainzel.info> wrote: > On Sun, May 14, 2017 11:00, wwp wrote: > > On Sat, 13 May 2017 13:08:17 +0200 "Walter H." > > <Walter.H at mathemainzel.info> wrote: > > > >> On 13.05.2017 00:29, Robert Moskowitz wrote: > >> > I have been working,

Hello Walter, On Sat, 13 May 2017 13:08:17 +0200 "Walter H." <Walter.H at mathemainzel.info> wrote: > On 13.05.2017 00:29, Robert Moskowitz wrote: > > I have been working, for the past few years, with armv7 SOCs and have > a number of servers working. > > > > Intel, etal are catching up with ARM and I have seen ones like: > > > >

Hello, will there be updates for these CVEs for CentOS 6? Thanks, Walter

On Fri, Feb 15, 2019 at 4:10 PM Walter H. <Walter.H at mathemainzel.info> wrote: > > On 15.02.2019 06:29, Turritopsis Dohrnii Teo En Ming wrote: > > Hi, > > > > Could you recommend affordable and reliable cloud storage for 50 TB of data? > whats your budget? > > and 50 TB = 50 000 GB is a big amount which isn't this cheap ... Hi Walter H, My budget is

On 16.06.2016 20:51, Warren Young wrote: > On Jun 16, 2016, at 12:41 PM, Walter H.<walter.h at mathemainzel.info> wrote: >> On 16.06.2016 19:40, Frank Cox wrote: >>> On Thu, 16 Jun 2016 19:34:09 +0200 >>> Walter H. wrote: >>> >>>> Yes, but doesn't help ... >>>> the same before ... >>>> >>>> by the way, I

On Sep 4, 2016, at 1:27 PM, Walter H. <walter.h at mathemainzel.info> wrote: > 'ifconfig' doesn't show these additional addresses ... This is one of the many reasons why people don?t use ?ifconfig? anymore. -- Jonathan Billings <billings at negate.org>

Hello, in /etc/cron.d/test I've this: 50 15 * * * root ( date ; echo "---" ; env ; echo "---" ; set ) >>/tmp/test.txt and I thought I would be shown environment variables which are defined in e.g. /etc/profiles.d/proxy.sh or /etc/profiles.d/proxy.csh but this isn't like this ... where do I have to define e.g. export

On 16.06.2016 19:40, Frank Cox wrote: > On Thu, 16 Jun 2016 19:34:09 +0200 > Walter H. wrote: > >> Yes, but doesn't help ... >> the same before ... >> >> by the way, I can't image that there is no mirror in Europa, >> and that the "timeout"-mirrors from US are the fastest; > yum -disableplugin=fastestmirror nowseewhathappens. > >

On 09/04/2016 05:00 PM, Ulf Volmer wrote: >> IPADDR2=192.168.1.10 >> BROADCAST2=192.168.1.255 <-- >> NETMASK2=255.255.255.0 >> NETWORK2=192.168.1.0 <-- >> GATEWAY2=192.168.1.1 <-- >> >> in case they don't match the first IP address? > > I'm not sure at this point. If you have to add a second ip in another > different network

Le mardi 25 avril 2017 ? 10:39 +0200, Robert Moskowitz a ?crit : > Thanks Laurent. You obviously know a LOT more about SELinux than I. I > pretty much just use commands and not build policies. So I need some > more information here. > > From what you provided below, how do I determine what is currently in > place and how do I add your stuff (changing postgresql with

Hi Leon, I don't have access to a CentOS 6.10 system handy, but it looks like a policy issue. If I take you're ausearch output and pipe it to audit2allow on my CentOS 7.6 system, I get the following: #============= httpd_t ============== #!!!! This avc is allowed in the current policy allow httpd_t httpd_sys_script_t:process signull; Noting that on my 7.6 system with selinux enforcing

Hello, is Apache 2.2 which is part of the CentOS distribution capable of SNI? I have troubles that are coming from server side (CentOS 6.8, Apache 2.2.15) just did 'yum update' in /etc/httpd/conf/httpd.conf I've the following NameVirtualHost ipaddr:443 Include /etc/httpd/conf/vhosts/vhost-ssldom1-box.conf Include /etc/httpd/conf/vhosts/vhost-ssldom2-box.conf both

On 06/17/2015 04:03 PM, Jonathan Billings wrote: > On Wed, Jun 17, 2015 at 03:30:51PM -0400, Tim Dunphy wrote: >> No prob! Thanks for all the help! But in searching my system I don't find >> anything of the sort. >> >> [root at monitor2:~] #updatedb >> [root at monitor2:~] #locate myzabbix.te >> [root at monitor2:~] #find / -name "myzabbix.*"

I'm sure there is a rationale for binding the ssh client to a priviledged port. (Which?) However there are several drawbacks to this: o It breaks firewall rules that assume that user connections start at port > 1024 or > 32768. o It breaks monitoring software using the same assumptions. o Every suid program is a separate evil (caused by the flawed security model in most unices). I

On Fri, Feb 15, 2019 at 5:18 PM Phoenix, Merka <merka.phoenix at hpe.com> wrote: > > > On Fri, Feb 15, 2019 at 4:10 PM Walter H. <Walter.H at mathemainzel.info> wrote: > > > > On 15.02.2019 06:29, Turritopsis Dohrnii Teo En Ming wrote: > > > Hi, > > > > > > Could you recommend affordable and reliable cloud storage for 50 TB of data? >