30选5玩法|福彩30选5开奖结果321|

在开启selinux的情况下,如何修改httpd的端口且服务能正常使用

来源:本站原创 网络技术 超过4,360 views围观 0条评论

 

本次测试将原有httpd的port 80 修改为801

[[email protected] ~]# systemctl restart httpd
Job for httpd.service failed. See ‘systemctl status httpd.service’ and ‘journalctl -xn’ for details.
[[email protected] ~]# systemctl stop httpd
[[email protected] ~]# systemctl start httpd
Job for httpd.service failed. See ‘systemctl status httpd.service’ and ‘journalctl -xn’ for details.
[[email protected] ~]# !v
vim /etc/httpd/conf/httpd.conf

#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 801? 修改为801 违返selinux

[[email protected] ~]# semanage port -l |grep http
http_cache_port_t????????????? tcp????? 8080, 8118, 8123, 10001-10010
http_cache_port_t????????????? udp????? 3130
http_port_t??????????????????? tcp????? 80, 81, 443, 488, 8008, 8009, 8443, 9000? 没有801所以不能接管httpd
pegasus_http_port_t??????????? tcp????? 5988
pegasus_https_port_t?????????? tcp????? 5989

[[email protected] ~]#systemctl status -l httpd

10月 19 14:46:02 localhost.localdomain httpd[1452]: AH00558: httpd: Could not reliably determine the server’s fully qualified domain name, using localhost.localdomain. Set the ‘ServerName’ directive globally to suppress this message
10月 19 14:46:02 localhost.localdomain httpd[1452]: (13)Permission denied: AH00072: make_sock: could not bind to address [::]:801
10月 19 14:46:02 localhost.localdomain httpd[1452]: (13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:801

[[email protected] ~]# journalctl -xn

*****? Plugin catchall (1.49 confidence) suggests

10月 19 14:46:02 localhost.localdomain httpd[1452]: (13)Permission denied: AH00072: make_sock: could not bind to address [::]:801
10月 19 14:46:02 localhost.localdomain httpd[1452]: (13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:801 ? //不允许801调用本地sock

If you believe that httpd should be allowed name_bin
Then you should report this as a bug.
You can generate a local policy module to allow this
Do
allow this access for now by executing:
# grep httpd /var/log/audit/audit.log | audit2allow
# semodule -i mypol.pp??? *********//selinux报错
解决方案

semanage port -a -t http_port_t -p tcp 801? 将801加入selinux

http_cache_port_t????????????? tcp????? 8080, 8118, 8123, 10001-10010
http_cache_port_t????????????? udp????? 3130
http_port_t??????????????????? tcp????? 801, 80, 81, 443, 488, 8008, 8009, 8443, 9000?? ///801已加入

[[email protected] ~]# systemctl status httpd.service
httpd.service – The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled)
Active: active (running) since 二 2016-10-18 18:18:25 CST; 6min ago????? //启动正常
Process: 49005 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
Main PID: 49231 (httpd)
Status: “Total requests: 0; Current requests/sec: 0; Current traffic:?? 0 B/sec”
CGroup: /system.slice/httpd.service

[[email protected] ~]# netstat -ntlp |grep http
tcp6?????? 0????? 0 :::801????????????????? :::*??????????????????? LISTEN????? 49231/httpd

本地测试
[[email protected] ~]# curl http://localhost:801
test1
t2
艇3
dfdfdfdf

外部测试完成

扩展
senamage 端口 增加 类型 [] 协议 TCP/UDP 端口
semanage port -a -t http_port_t -p tcp 801
senamage 端口 修改 类型 [] 协议 TCP/UDP 端口
semanage port -m -t http_port_t -p tcp 801
senamage 端口 删除 类型 [] 协议 TCP/UDP 端口
semanage port -d -t http_port_t -p tcp 801

image

文章出自:CCIE那点事 http://www.rygqfb.tw/ 版权所?#23567;?#26412;站文章除注明出处外,皆为作者原创文章,可自由引用,但请注明来源。 禁止全文转载。
本文链接:http://www.rygqfb.tw/?p=3548转载请注明转自CCIE那点事
如果?#19981;叮?a title="CCIE那点事 | IT运维故障发现和解决基地 我致力于为企业IT管理提供助力!" href="http://www.rygqfb.tw/?feed=rss2" target="_blank">点此订阅本站
  • 相关文章
  • 为您推荐
  • 各种观点
?
暂时还木有人评论,坐等沙发!
发表评论

您必须 [ 登录 ] 才能发表留言!

?
?
30选5玩法
安徽快三基本走势 是3d开奖结果 pk10论坛 手机麻将单机版下载 贵州十一选五推荐号 四ill麻将血战到 快乐飞艇开奖官网 青海快3走势图今天 大乐透 开奖 结果股票行情 北京快三