Webserver and SELinux

Finally got a chance to setup a webserver with selinux enabled. The most important thing is to set security context where the files located to be in httpd security context using ‘chcon’ command.

Here’s some example:

# chcon -v --type=httpd_sys_content_t /html
context of /html changed to user_u:object_r:httpd_sys_content_t
# chcon -v --type=httpd_sys_content_t /html/index.html
context of /html/index.html changed to user_u:object_r:httpd_sys_content_t
# ls -Z /html/index.html
-rw-r--r-- root root user_u:object_r:httpd_sys_content_t /html/index.html
# ls -Z | grep html
drwxr-xr-x root root user_u:object_r:httpd_sys_content_t html

SELinux also by default denied httpd process to send an email. You can override this by using ‘setsebool’ command. Here’s some example using getsebool and setsebool.

# getsebool -a | grep httpd_can_sendmail
httpd_can_sendmail --> off
# setsebool -P httpd_can_sendmail on
# getsebool -a | grep httpd_can_sendmail
httpd_can_sendmail --> on

That’s it.

Thank you
Budiwijaya

 

https://budiwijaya net/webserver-selinux html, https://budiwijaya net/category/linux, https://budiwijaya net/category/quick-tips, https://budiwijaya net/webserver-selinux html?share=email, chcon -t for web server, Linux Budi, webserver with selinux

Varnish – tips trick #1

Here’s varnish tips trick number 1

How to check varnish rule? Create a file (ie: check-varnish.sh) with this content:

#!/bin/bash
varnishd -C -f /etc/varnish/default.vcl

How to check top domain on multi domain varnish configuration? Create a file (ie: check-top-domain.sh) with this content:

#!/bin/bash
varnishtop -i RxHeader -C -I ^Host

https://budiwijaya net/varnish-tips-trick-1 html, reverse proxy trick, https://budiwijaya net/category/linux/linux-debian, https://budiwijaya net/category/linux/linux-ubuntu, https://budiwijaya net/varnish-tips-trick-1 html?share=email, varnishing tips and tricks, varnish vcl trick, varnish reverse proxy multiple domain, varnish reverse proxy configuration multi domain, varnish as proxy ubuntu

Working with three timezone

Working in a company with a client in another timezone is a challenge. I’ve scheduled a migration of a service from one of my clients and miss schedule!

The results of the meeting we decided to migrate on Tuesday at 22:00 with timezone PST. And on the day Tuesday at 12 pm WIB, so I was ready to migrate client service. After I’ve been waiting for, the client is not online, it turns out Tuesday at 12 pm WIB is equal to Monday 10 pm PST.

So the correct time is Wednesday at 12 pm WIB. So here’s a tips. Put your clients timezone on your computer. Here’s a screenshot of 3 timezone on my office computer.


Uploaded with ImageShack.us

https://budiwijaya net/category/indonesia, https://budiwijaya net/working-with-three-timezone html?share=email, budi tag tips, budi wijaya in nyc, Timezone|budiwijaya net

Howto monitor ntp server with mrtg

I’m currently maintain several ntp servers that listed in ntppool.org.
Average of all ntp servers listed there, there must be monitoring using mrtg.
After a little searching and asking questions on the mailing list. Here’s my configuration:
———————getntp.pl———————

################################## 
#getntp.pl 
#source : http://www.satsignal.eu/ntp/NTPandMRTG.html 
#budiw 20120728
$ntp_str = `ntpq -c rv $ARGV[0]`;
$val = (split(/\\,/,$ntp_str))[20];
$val =~ s/offset=//i;
$val = int ($val + 100);
if ($val < 0) {
$val = 0;
}
print "0\\n";
print "$val\\n";
print "0\\n";
print "0\\n";

 
—————–ntppackets.pl—————————

#!/usr/bin/perl
use strict;
##################################
#ntppackets.pl
#source from ntp mailing lists
#http://lists.ntp.org/pipermail/pool/2012-July/006049.html
#### Options ####
my $uptimeprog = '/usr/bin/uptime'; # Set to program to give system uptime
my $hostnameprog = '/bin/hostname'; # Set to program to give system hostname
##### Nothing below here should have to be changed #####
# Clear path and get uptime
delete $ENV{PATH};
delete $ENV{BASH_ENV};
my $uptime = `$uptimeprog`;
chomp($uptime);
$uptime=substr($uptime,12);
my $hostname = `$hostnameprog`;
chomp($hostname);
my $received = 0;
my $sent = 0;
my $status = `/usr/bin/ntpdc -c iostats`;
if($status =~ m!received packets:\\s*(-?\\d+)!) {
$received=$1 + 2147483648;
}
if($status =~ m!packets sent:\\s*(-?\\d+)!) {
$sent=$1 + 2147483648;
}
print "$received\\n$sent\n$uptime\\n$hostname\\n";
-----------mrtg.conf---------------------------
#
# NTP Packets
#
Title[ntppackets]: XXX NTP packets
Target[ntppackets]: `/home/budiw/paket/ntp-mrtg/ntppackets.pl`
PageTop[ntppackets]: Received and sent NTP packets for yyy
MaxBytes[ntppackets]: 60000
Options[ntppackets]: growright, nopercent
YLegend[ntppackets]: #/s
ShortLegend[ntppackets]:
Legend1[ntppackets]: Received packets/s
Legend2[ntppackets]: Sent packets/s
Legend3[ntppackets]: Maximal 5 minute received packets/s
Legend4[ntppackets]: Maximal 5 minute sent packets/s
LegendI[ntppackets]:  received packets/s
LegendO[ntppackets]:  sent packets/s
WithPeak[ntppackets]: wmy
#
# NTP offsets
#
Target[xxx_ntp]: `perl /home/budiw/paket/ntp-mrtg/getntp.pl 127.0.0.1`
MaxBytes[xxx_ntp]: 100
MaxBytes2[xxx_ntp]: 200
Unscaled[xxx_ntp]: dwmy
Timezone[xxx_ntp]: GMT+7
Title[xxx_ntp]: NTP statistics for XXX - offset from NTP
Options[xxx_ntp]: integer, gauge, nopercent, growright
YLegend[xxx_ntp]: offset+100 ms
ShortLegend[xxx_ntp]: ms
LegendI[xxx_ntp]:
LegendO[xxx_ntp]: offset:
Legend1[xxx_ntp]: n/a
Legend2[xxx_ntp]: time offset in ms, with 100ms offset added to ensure it's positive!
PageTop[xxx_ntp]: NTP -- XXX

—————–
Here’s one example scripts on action:
NTP – Offsets+100ms

NTP – Received and sent NTP packets for alynne.blankon.in

BUDI MONITOR COM, https://budiwijaya net/howto-monitor-ntp-server-with-mrtg html?share=email, mrtg ntp monitoring, mrtg ntp, ntp monitoring, https://budiwijaya net/howto-monitor-ntp-server-with-mrtg html, ntp mrtg, monitoring ntp server, ntp server monitor, monitor ntp