similar to: running CGI scripts with SELinux=ENFORCING with priviledged commands ...

> On Aug 20, 2016, at 15:00, Walter H. <Walter.H at mathemainzel.info> wrote: > > Hello, > > how could it be achieved to run > e.g. > shutdown -h now > from a CGI script on a system where SELinux is set to ENFORCING? Short answer: don't. You could probably create a custom selinux policy that allowed it but you'd be opening your system up to more security

Hello, in /etc/sysconfig/network-scripts/ifcfg-eth0 I have this <ifcfg-eth0> ... IPV6INIT=yes IPV6ADDR=prefix::5 IPV6ADDR_SECONDARIES="prefix::2 prefix::3 prefix::4" IPV6_AUTOCONF=no IPV6_DEFAULTGW=prefix::1 IPV6_DEFAULTDEV=eth0 </ifcfg-eth0> when I enter ifconfig the IPv6 addresses are in a different order <ifconfig> eth0 Link encap:Ethernet HWaddr ... inet addr:...

Hello, I found different ways to define the hostname ... this HOSTNAME="host.domain.tld" or this: HOSTNAME="host" DOMAIN="domain.tld" what is the correct way? Thanks, Walter

On Sep 4, 2016, at 1:27 PM, Walter H. <walter.h at mathemainzel.info> wrote: > 'ifconfig' doesn't show these additional addresses ... This is one of the many reasons why people don?t use ?ifconfig? anymore. -- Jonathan Billings <billings at negate.org>

On 09/04/2016 05:00 PM, Ulf Volmer wrote: >> IPADDR2=192.168.1.10 >> BROADCAST2=192.168.1.255 <-- >> NETMASK2=255.255.255.0 >> NETWORK2=192.168.1.0 <-- >> GATEWAY2=192.168.1.1 <-- >> >> in case they don't match the first IP address? > > I'm not sure at this point. If you have to add a second ip in another > different network

Hello Walter, On Mon, 15 May 2017 09:22:54 +0200 "Walter H." <walter.h at mathemainzel.info> wrote: > On Sun, May 14, 2017 11:00, wwp wrote: > > On Sat, 13 May 2017 13:08:17 +0200 "Walter H." > > <Walter.H at mathemainzel.info> wrote: > > > >> On 13.05.2017 00:29, Robert Moskowitz wrote: > >> > I have been working,

Thanks for your help. I did pick up an additional entry in the audit file : type=AVC msg=audit(1504561395.709:10196): avc: denied { execute } for pid=19163 comm="/usr/sbin/httpd" name="s.check.cgi" dev="dm-0" ino=537182029 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=file Unfortunately, I am not sure how the

Hello Walter, On Sat, 13 May 2017 13:08:17 +0200 "Walter H." <Walter.H at mathemainzel.info> wrote: > On 13.05.2017 00:29, Robert Moskowitz wrote: > > I have been working, for the past few years, with armv7 SOCs and have > a number of servers working. > > > > Intel, etal are catching up with ARM and I have seen ones like: > > > >

Hello, will there be updates for these CVEs for CentOS 6? Thanks, Walter

On Fri, Feb 15, 2019 at 4:10 PM Walter H. <Walter.H at mathemainzel.info> wrote: > > On 15.02.2019 06:29, Turritopsis Dohrnii Teo En Ming wrote: > > Hi, > > > > Could you recommend affordable and reliable cloud storage for 50 TB of data? > whats your budget? > > and 50 TB = 50 000 GB is a big amount which isn't this cheap ... Hi Walter H, My budget is

On 16.06.2016 20:51, Warren Young wrote: > On Jun 16, 2016, at 12:41 PM, Walter H.<walter.h at mathemainzel.info> wrote: >> On 16.06.2016 19:40, Frank Cox wrote: >>> On Thu, 16 Jun 2016 19:34:09 +0200 >>> Walter H. wrote: >>> >>>> Yes, but doesn't help ... >>>> the same before ... >>>> >>>> by the way, I

Hello, in /etc/cron.d/test I've this: 50 15 * * * root ( date ; echo "---" ; env ; echo "---" ; set ) >>/tmp/test.txt and I thought I would be shown environment variables which are defined in e.g. /etc/profiles.d/proxy.sh or /etc/profiles.d/proxy.csh but this isn't like this ... where do I have to define e.g. export

On 16.06.2016 19:40, Frank Cox wrote: > On Thu, 16 Jun 2016 19:34:09 +0200 > Walter H. wrote: > >> Yes, but doesn't help ... >> the same before ... >> >> by the way, I can't image that there is no mirror in Europa, >> and that the "timeout"-mirrors from US are the fastest; > yum -disableplugin=fastestmirror nowseewhathappens. > >

Is this really supposed to get easier over time? :) Now my audit.log file shows that SELinux is blocking my cgi script, index.cgi (which is what's actually served when the user visits the front page of one of our proxy sites like sugarsurfer.com) from having '"read write" to socket (httpd_t)'. I have no idea what that means, except that I thought that cgi scripts were

Hello, is Apache 2.2 which is part of the CentOS distribution capable of SNI? I have troubles that are coming from server side (CentOS 6.8, Apache 2.2.15) just did 'yum update' in /etc/httpd/conf/httpd.conf I've the following NameVirtualHost ipaddr:443 Include /etc/httpd/conf/vhosts/vhost-ssldom1-box.conf Include /etc/httpd/conf/vhosts/vhost-ssldom2-box.conf both

Thank you for your hint. I really mean I am planning to store millions of files on the file system. Then may I ask that what is the maximum number of files which could be stored in one directory without affecting the performance of web server? At 2018-11-03 16:03:56, "Walter H." <Walter.H at mathemainzel.info> wrote: >On 03.11.2018 08:44, yf chu wrote: >> I have

I'm sure there is a rationale for binding the ssh client to a priviledged port. (Which?) However there are several drawbacks to this: o It breaks firewall rules that assume that user connections start at port > 1024 or > 32768. o It breaks monitoring software using the same assumptions. o Every suid program is a separate evil (caused by the flawed security model in most unices). I

On Fri, Feb 15, 2019 at 5:18 PM Phoenix, Merka <merka.phoenix at hpe.com> wrote: > > > On Fri, Feb 15, 2019 at 4:10 PM Walter H. <Walter.H at mathemainzel.info> wrote: > > > > On 15.02.2019 06:29, Turritopsis Dohrnii Teo En Ming wrote: > > > Hi, > > > > > > Could you recommend affordable and reliable cloud storage for 50 TB of data? >

I get regularily such a mail <mail> Anacron job 'cron.daily' on .... /etc/cron.daily/logrotate: error: error running non-shared postrotate script for /var/log/clamd.clamsmtp/clamsmtpd.log of '/var/log/clamd.clamsmtp/clamsmtpd.log ' </mail> content of /etc/logrotate.d/clamsmtp /var/log/clamd.clamsmtp/clamsmtpd.log { monthly notifempty missingok

On 06/17/2015 04:03 PM, Jonathan Billings wrote: > On Wed, Jun 17, 2015 at 03:30:51PM -0400, Tim Dunphy wrote: >> No prob! Thanks for all the help! But in searching my system I don't find >> anything of the sort. >> >> [root at monitor2:~] #updatedb >> [root at monitor2:~] #locate myzabbix.te >> [root at monitor2:~] #find / -name "myzabbix.*"