Solved SnipeIT - Connection Refused
-
@jaredbusch "setenforce 0" always the lazy way out.
-
@travisdh1 said in SnipeIT - Connection Refused:
@jaredbusch "setenforce 0" always the lazy way out.
That is what I did for the moment, just to test. But I would like to allow only the services that are required of the system.
Is there no way to specify httpd as being allowed through setenforce?
-
Straight from the install script.
By default this should be what was done.#Sets SELinux context type so that scripts running in the web server process are allowed read/write access chcon -R -h -t httpd_sys_script_rw_t /var/www/html/snipeit
Turn SELinux back on
setenforce 1
The restart Apache
systemctl restart httpd
-
@jaredbusch said in SnipeIT - Connection Refused:
Straight from the install script.
By default this should be what was done.#Sets SELinux context type so that scripts running in the web server process are allowed read/write access chcon -R -h -t httpd_sys_script_rw_t /var/www/html/snipeit
Turn SELinux back on
setenforce 1
The restart Apache
systemctl restart httpd
That didn't work.
-
@dustinb3403 said in SnipeIT - Connection Refused:
@jaredbusch said in SnipeIT - Connection Refused:
Straight from the install script.
By default this should be what was done.#Sets SELinux context type so that scripts running in the web server process are allowed read/write access chcon -R -h -t httpd_sys_script_rw_t /var/www/html/snipeit
Turn SELinux back on
setenforce 1
The restart Apache
systemctl restart httpd
That didn't work.
Was wondering, because that is not how I learned to change that in ownCloud. Sec.
-
@JaredBusch one sec, it may have just needed to be stopped completely.
-
We're up and running.
OKAY @JaredBusch go bitch slap the SnipeIT team. . .
-
@dustinb3403 said in SnipeIT - Connection Refused:
@JaredBusch one sec, it may have just needed to be stopped completely.
Well check your context with
ls -laZ /var/www/html
should look like this:
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 snipeit
-
@dustinb3403 said in SnipeIT - Connection Refused:
We're up and running.
OKAY @JaredBusch go bitch slap the SnipeIT team. . .
The pertinent question is, was the
setenforce 0
in their guide or the script on here? -
@jaredbusch said in SnipeIT - Connection Refused:
ls -laZ /var/www/html
It does, I think we're in good shape.
-
@jaredbusch said in SnipeIT - Connection Refused:
@dustinb3403 said in SnipeIT - Connection Refused:
We're up and running.
OKAY @JaredBusch go bitch slap the SnipeIT team. . .
The pertinent question is, was the
setenforce 0
in their guide or the script on here?It looks like @scottalanmiller's original post has the
setenforce 0
in it. So the question is where did he get it from?https://mangolassi.it/topic/6967/installing-snipe-it-on-centos-7-and-mariadb/1
-
@jaredbusch said in SnipeIT - Connection Refused:
@dustinb3403 said in SnipeIT - Connection Refused:
We're up and running.
OKAY @JaredBusch go bitch slap the SnipeIT team. . .
The pertinent question is, was the
setenforce 0
in their guide or the script on here?That I honestly don't recall. I probably used an installation guide here on ML, as the information from their site is pretty bad.
-
For a little necormancy
This issue came back again, thought I had resolved it after the last time.
Well this time I've got it set.
setsebool -P httpd_can_connect_ldap on
chcon -R -h -t httpd_sys_script_rw_t /var/www/html/snipeit/
sealert (which I had to install) showed I needed this as well
ausearch -c 'httpd' --raw | audit2allow -M my-httpd
semodule -i my-httpd.pp
Once done, reboot and check is httpd (apache) is running. For me it was.
-
The installer doesn't
setenforce 0
. Depending on the distro being installed it even checks if selinux is enforcing and runs
setsebool -P httpd_can_connect_ldap on
chcon -R -h -t httpd_sys_script_rw_t /var/www/html/snipeit/
-
@tiagom said in SnipeIT - Connection Refused:
The installer doesn't
setenforce 0
. Depending on the distro being installed it even checks if selinux is enforcing and runs
setsebool -P httpd_can_connect_ldap on
chcon -R -h -t httpd_sys_script_rw_t /var/www/html/snipeit/
Did it before, the original installer? Or was that a more recent change? I had to set that in order to get setenforce to allow apache.
-
Original snipeit installer had it added on Sep 26, 2016.
-
@tiagom hrm. . .
-
@dustinb3403 said in SnipeIT - Connection Refused:
@tiagom hrm. . .
But the guide that is posted here instructed you to
setenforce 0
before executing the script so that means that code never ran. I mentioned that in the posts a few months ago when I changed the thing to use git for CentOS 7. -
I ran out of test time the other day, for Fedora 26. But it seemed to have worked for that part.
I had other issues.