LISTSERV - LSTSRV-L Archives - COMMUNITY.EMAILOGY.COM

LSTSRV-L Archives

LISTSERV Site Administrators' Forum

LSTSRV-L

	LISTSERV Archives
	LSTSRV-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives
Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Re: SELinux (RHEL7) and port 2306 (Listserv V17.0)
Steven J Depinet <[log in to unmask]>
Fri, 15 Apr 2022 15:54:34 +0000
text/plain (1 lines)
Thanks Nathan, I’ll add "setsebool -P httpd_can_network_connect 1" (one of the settings that I had seen mentioned, but didn’t know if it was required) to the "semanage port -a -t http_port_t -p tcp 2306” that I’ve run. That names (locally) the tcp port 2306, which, I’m told) is required for the httpd daemon to use it under SELinux.



Again, thanks,



Steve dePinet					Northern Arizona University

Systems Programmer, Sr.			Box 5100

Information Technology Services	Flagstaff, Az 86011

[log in to unmask]			(928) 523-6843









> On Apr 15, 2022, at 06:05, Nathan Brindle <[log in to unmask]> wrote:

> 

> I don't know if this will fix your specific problem, but if the web pages are visible in the browser, and the problem is you can't execute anything that would require WA to talk to port 2306, you may need to run the following at the shell prompt:

>  

> sudo setsebool -P httpd_can_network_connect 1

>  

> You have to do this if the firewall is set to be restrictive/enforcing. So in order for httpd to communicate with LISTSERV, it has to be able to connect to the network. The default is to disallow this (0) so it must be set manually to 1.

>  

> If you later experience problems with WA writing to the "upload" directory, you may also need to execute

>  

> sudo semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/archives/upload'

> sudo restorecon -v '/var/www/html/archives/upload'

>  

> (change the path to the upload directory if it differs in your installation). 

>  

> This is not to say there isn't something else going on in SELinux that needs to be modified, but that's usually the first thing to look at.

>  

> Note that in most cases I know of, there is no reason to allow external access to port 2306.  As long as WA can talk to port 2306 locally, that's all that's strictly necessary.

>  

> I'll finish by saying I'm not an SELinux expert by any stretch of the imagination.  Most of the above was discovered the hard way when I was building CentOS 7 sandbox machines in our cloud several years ago – lots of Googling and digging through the Linux documentation.  So if the above doesn't work for you, I'm not sure what else I can say.  It did work for me.

>  

> -----Original Message-----

> From: LISTSERV Site Administrators' Forum <[log in to unmask]> On Behalf Of Steven J Depinet

> Sent: Thursday, April 14, 2022 1:34 PM

> To: [log in to unmask]

> Subject: SELinux (RHEL7) and port 2306 (Listserv V17.0)

>  

> Greetings,

>  

> I’m trying to upgrade the OS of my Listserv (V17.0) machine, and ran into issues with SELinux not liking was use of port 2306. A google search showed enough to determine that wa uses 2306 to communicate with Listserv, but that’s about all I got from that.  The error I get is:

>  

> SELinux is preventing wa from name_connect access on the tcp_socket port 2306.

>  

> It goes on to suggest:

> If you want to allow wa to connect to network port 2306, Then you need to modify the port type.

>  

> Then provides the command:

> semanage port -a -t PORT_TYPE -p tcp 2306, where PORT_TYPE is one of the following: dns_port_t, dnssec_port_t, kerberos_port_t, ocsp_port_t

>  

> I note that the old machine is RHEL6, and uses iptables, whereas the new RHEL7 machine uses firewalld, but I do not see any iptables rules for port 2306 on the old machine, but it does not run selinux, either.

>  

> Any ideas? Do I need a firewalld rule allowing localhost to use port 2306, or do I follow the suggestion and modify the port type? If the latter, what type?

>  

> Thanks,

>  

> Steve dePinet                                                                    Northern Arizona University

> Systems Programmer, Sr.                             Box 5100

> Information Technology Services              Flagstaff, Az 86011

> [log in to unmask]                                               (928) 523-6843

>  

>  

>  

>  

>  

> ############################

>  

> To unsubscribe from the LSTSRV-L list:

> write to: mailto:[log in to unmask]

> or click the following link:

> http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTSRV-L&A=1

> 

> To unsubscribe from the LSTSRV-L list, click the following link:

> http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTSRV-L&A=1

> 





############################



To unsubscribe from the LSTSRV-L list:

write to: mailto:[log in to unmask]

or click the following link:

http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTSRV-L&A=1
ATOM RSS1 RSS2
COMMUNITY.EMAILOGY.COM