Webserver and SELinux

Finally got a chance to setup a webserver with selinux enabled. The most important thing is to set security context where the files located to be in httpd security context using ‘chcon’ command.

Here’s some example:

# chcon -v --type=httpd_sys_content_t /html
context of /html changed to user_u:object_r:httpd_sys_content_t
# chcon -v --type=httpd_sys_content_t /html/index.html
context of /html/index.html changed to user_u:object_r:httpd_sys_content_t
# ls -Z /html/index.html
-rw-r--r-- root root user_u:object_r:httpd_sys_content_t /html/index.html
# ls -Z | grep html
drwxr-xr-x root root user_u:object_r:httpd_sys_content_t html

SELinux also by default denied httpd process to send an email. You can override this by using ‘setsebool’ command. Here’s some example using getsebool and setsebool.

# getsebool -a | grep httpd_can_sendmail
httpd_can_sendmail --> off
# setsebool -P httpd_can_sendmail on
# getsebool -a | grep httpd_can_sendmail
httpd_can_sendmail --> on

That’s it.

Thank you
Budiwijaya

 

https://budiwijaya net/webserver-selinux html, https://budiwijaya net/category/linux, https://budiwijaya net/category/quick-tips, https://budiwijaya net/webserver-selinux html?share=email, chcon -t for web server, Linux Budi, webserver with selinux

Varnish – tips trick #1

Here’s varnish tips trick number 1

How to check varnish rule? Create a file (ie: check-varnish.sh) with this content:

#!/bin/bash
varnishd -C -f /etc/varnish/default.vcl

How to check top domain on multi domain varnish configuration? Create a file (ie: check-top-domain.sh) with this content:

#!/bin/bash
varnishtop -i RxHeader -C -I ^Host

https://budiwijaya net/varnish-tips-trick-1 html, reverse proxy trick, https://budiwijaya net/category/linux/linux-debian, https://budiwijaya net/category/linux/linux-ubuntu, https://budiwijaya net/varnish-tips-trick-1 html?share=email, varnishing tips and tricks, varnish vcl trick, varnish reverse proxy multiple domain, varnish reverse proxy configuration multi domain, varnish as proxy ubuntu

Howto monitor ntp server with mrtg

I’m currently maintain several ntp servers that listed in ntppool.org.
Average of all ntp servers listed there, there must be monitoring using mrtg.
After a little searching and asking questions on the mailing list. Here’s my configuration:
———————getntp.pl———————

################################## 
#getntp.pl 
#source : http://www.satsignal.eu/ntp/NTPandMRTG.html 
#budiw 20120728
$ntp_str = `ntpq -c rv $ARGV[0]`;
$val = (split(/\\,/,$ntp_str))[20];
$val =~ s/offset=//i;
$val = int ($val + 100);
if ($val < 0) {
$val = 0;
}
print "0\\n";
print "$val\\n";
print "0\\n";
print "0\\n";

 
—————–ntppackets.pl—————————

#!/usr/bin/perl
use strict;
##################################
#ntppackets.pl
#source from ntp mailing lists
#http://lists.ntp.org/pipermail/pool/2012-July/006049.html
#### Options ####
my $uptimeprog = '/usr/bin/uptime'; # Set to program to give system uptime
my $hostnameprog = '/bin/hostname'; # Set to program to give system hostname
##### Nothing below here should have to be changed #####
# Clear path and get uptime
delete $ENV{PATH};
delete $ENV{BASH_ENV};
my $uptime = `$uptimeprog`;
chomp($uptime);
$uptime=substr($uptime,12);
my $hostname = `$hostnameprog`;
chomp($hostname);
my $received = 0;
my $sent = 0;
my $status = `/usr/bin/ntpdc -c iostats`;
if($status =~ m!received packets:\\s*(-?\\d+)!) {
$received=$1 + 2147483648;
}
if($status =~ m!packets sent:\\s*(-?\\d+)!) {
$sent=$1 + 2147483648;
}
print "$received\\n$sent\n$uptime\\n$hostname\\n";
-----------mrtg.conf---------------------------
#
# NTP Packets
#
Title[ntppackets]: XXX NTP packets
Target[ntppackets]: `/home/budiw/paket/ntp-mrtg/ntppackets.pl`
PageTop[ntppackets]: Received and sent NTP packets for yyy
MaxBytes[ntppackets]: 60000
Options[ntppackets]: growright, nopercent
YLegend[ntppackets]: #/s
ShortLegend[ntppackets]:
Legend1[ntppackets]: Received packets/s
Legend2[ntppackets]: Sent packets/s
Legend3[ntppackets]: Maximal 5 minute received packets/s
Legend4[ntppackets]: Maximal 5 minute sent packets/s
LegendI[ntppackets]:  received packets/s
LegendO[ntppackets]:  sent packets/s
WithPeak[ntppackets]: wmy
#
# NTP offsets
#
Target[xxx_ntp]: `perl /home/budiw/paket/ntp-mrtg/getntp.pl 127.0.0.1`
MaxBytes[xxx_ntp]: 100
MaxBytes2[xxx_ntp]: 200
Unscaled[xxx_ntp]: dwmy
Timezone[xxx_ntp]: GMT+7
Title[xxx_ntp]: NTP statistics for XXX - offset from NTP
Options[xxx_ntp]: integer, gauge, nopercent, growright
YLegend[xxx_ntp]: offset+100 ms
ShortLegend[xxx_ntp]: ms
LegendI[xxx_ntp]:
LegendO[xxx_ntp]: offset:
Legend1[xxx_ntp]: n/a
Legend2[xxx_ntp]: time offset in ms, with 100ms offset added to ensure it's positive!
PageTop[xxx_ntp]: NTP -- XXX

—————–
Here’s one example scripts on action:
NTP – Offsets+100ms

NTP – Received and sent NTP packets for alynne.blankon.in

BUDI MONITOR COM, https://budiwijaya net/howto-monitor-ntp-server-with-mrtg html?share=email, mrtg ntp monitoring, mrtg ntp, ntp monitoring, https://budiwijaya net/howto-monitor-ntp-server-with-mrtg html, ntp mrtg, monitoring ntp server, ntp server monitor, monitor ntp

Tips to delete sessions file of php in CentOS 5.5

Different from Ubuntu, in CentOS 5.5, I do not find a mechanism to delete files from the php session. Because I’m worried the sessions file is not deleted, I import the fileremoval mechanism of Ubuntu.

I copy the following files from Ubuntu.

$cat /usr/lib64/php/maxlifetime

#!/bin/sh -e
max=1440
for ini in /etc/php.ini; do
cur=$(sed -n -e ‘s/^[[:space:]]*session.gc_maxlifetime[[:space:]]*=[[:space:]]*\([0-9]\+\).*$/\1/p’ $ini 2>/dev/null || true);
[ -z “$cur” ] && cur=0
[ “$cur” -gt “$max” ] && max=$cur
done
echo $(($max/60))
exit 0

Then we create cron file to auto delete the sessions files.

$cat /etc/cron.d/php

# /etc/cron.d/php5: crontab fragment for php5
# This purges session files older than X, where X is defined in seconds
# as the largest value of session.gc_maxlifetime from all your php.ini
# files, or 24 minutes if not defined. See /usr/lib/php5/maxlifetime
# Look for and purge old sessions every 30 minutes
09,39 * * * * root [ -x /usr/lib64/php/maxlifetime ] && [ -d /var/lib/php/session ] && find /var/lib/php/session -depth -mindepth 1 -maxdepth 1 -type f -cmin +$(/usr/lib64/php/maxlifetime) -delete

That’s it.

centos php session files, /var/lib/php/session, clear /var/lib/php/session, centos ramcache sessions, https://budiwijaya net/tips-to-delete-sessions-file-of-php-in-centos-5-5 html?share=email, centos delete file, clear file centos, php-session centos 6 6, how to clear php session files linux, what is $cat in centos

Installing Mailing List Manager a.k.a Mailman on Ubuntu 6.06

Mailman Logo
Mailman

Recently I Installed a mailing list manager on my mailserver. I use GNU’s mailman. It’s straightforward and simple and they have a web-based administration. I’m following this tutorial from wiki.ubuntu.com.

But unfortunately, this tutorial has some error in configuration. After a long search finally I found that, the line at /etc/mailman/mm_cfg.py should be MTA = None. But in the tutorial is MTA = Postfix.

The configuration error is not quickly found, because the mailing list is running as usual. I found this error on this situation.

My server is postfix and using virtual mail. I have a mailbox called dummybox@example.com. Then I create a lists called dummybox@lists.example.com. Everytime I send an email to dummybox@example.com, postfix try to deliver the email to mailman. And whoops, its error!

After changing MTA to None, this error dissapear.

Update #1:
I change the  MTA to None on wiki.ubuntu.com. Thank God it’s wiki, a collaborated pages. So I can change the error.

ubuntu mailing list software, mailing list software ubuntu, ubuntu mailing list manager, installing maililig list manager, mailing list manager ubuntu, mailman ubuntu, postfix mailing list manager, ubuntu mail manager, ubuntu mailing list, installing mailing list manager in ubuntu