SELinux with Apache / PHP

You have symlink your webapp to /var/www/ but still permission denied. Because file context is still not acceptable by selinux


To list context of folder or file (add -Z):

ls -Z ~khad/workspace/webapp/


To set file or folder read only, but apache can access:

chcon -R -t httpd_sys_content_t ~khad/workspace/webapp/


To set file or folder read and write, but apache can access:

chcon -R -t httpd_sys_rw_content_t ~khad/workspace/webapp/temp/


To allow connect network and database:

#setsebool -P httpd_can_network_connect 1
setsebool -P httpd_can_network_connect_db 1

Comments

Post a Comment

Popular posts from this blog

Ports to allow for whatsapp call

These are ports to be opened on your firewall to allow WA video call or voice call: WHATSAPP Call: TCP: 4244,5222,5223,5228,5242 UDP: 3478,45395 Reference: http://kaa.kiev.ua/blog/whatsapp-voice-calls-firewall-ports/ LINE call: TCP: 443 UDP: 2675
Read more

Manually clean up zimbra zmcat/zmcpustat exploit

Symptoms: server load high, cpu usage 300% To clean up manually follow this steps: STOP the process but dont kill it, use kill -STOP [PID] Hide from search engine (su zimbra): zmprov mcf zimbraMailKeepOutWebCrawlers TRUE +zimbraResponseHeader "X-Robots-Tag: noindex" chmod 755 /opt/zimbra/data/tmp/ chmod 755 /opt/zimbra/data/tmp/upload Delete malicious JSP, find using this command: grep -R '(request.getParameter.' /opt/zimbra/mailboxd /opt/zimbra/jetty For example: /opt/zimbra/mailboxd/webapps/zimbraAdmin/public/jsp/Alert.jsp and /opt/zimbra/jetty/webapps/zimbra/js/zimbra/csfe/XZimbra.jsp > /opt/zimbra/mailboxd/webapps/zimbraAdmin/public/jsp/Alert.jsp > /opt/zimbra/jetty/webapps/zimbra/js/zimbra/csfe/XZimbra.jsp chattr +i /opt/zimbra/mailboxd/webapps/zimbraAdmin/public/jsp/Alert.jsp /opt/zimbra/jetty/webapps/zimbra/js/zimbra/csfe/XZimbra.jsp Fix modified jsp files, find using: rpm -qa zimbra* | xargs rpm -qV - | egrep -E '^.{2}5' | grep .jsp For
Read more

Keychron K2 in Linux

Image
OK... I got new mechanical keyboard: Keychron K2 😀 Nice and compact keyboard layout with F-Keys and cursor keys. Brown switch and RGB Led and big battery It works nicely under Linux, I use gnome-shell, Fedora 30. Using USB cable or Bluetooth is also working. Key combo like Ctrl-Shift-PrintScreen is working and also trigger SysRq like Ctrl-Shift-Alt-PrintScreen-O is working (don't try this) To make Function keys without pressing Fn use this command: echo 2 > /sys/module/hid_apple/parameters/fnmode Ref: https://imgur.com/y3j6pUG To make it permanent, edit /etc/modprobe.d/keychron.conf and reboot: options hid-apple fnmode=2 We can also see remaining battery from Gnome Settings - Power
Read more