其實我都已經set過九次都唔係好記得個死人selinux點set.每一次setup一部新機都比佢玩一輪.為左唔好再比佢玩,我決定將今次嘅setup經歷blog低佢,以後就有得refer.
今次我嘅target係setup果套mailgraph on centOS 5,我用嘅mailgraph version係1.13,開始我仲發夢想用yum install去setup.點不知當然無啦,唯有自已去http://mailgraph.schweikert.ch download.
首先我要install好所有dependency先.
perl -MCPAN -e shell
install File::Tail
quit
wget http://oss.oetiker.ch/rrdtool/pub/rrdtool-1.2.23.tar.gz
tar zxf rrdtool-1.2.23.tar.gz
cd rrdtool-1.2.23
BUILD_DIR=/tmp/rrdbuild
INSTALL_DIR=/usr/local/rrdtool-1.2.23
./configure --prefix=$INSTALL_DIR && make && make install
之後就可以開始setup套mailgraph喇:-
wget http://mailgraph.schweikert.ch/pub/mailgraph-1.13.tar.gz
tar zxf mailgraph-1.13.tar.gz
cd mailgraph-1.13
cp mailgraph.pl /usr/local/bin
然後vi mailgraph-init
將MAIL_LOG改成"MAIL_LOG=/var/log/maillog"
cp mailgraph-init /etc/init.d
最後就vi mailgraph.cgi
將my $rrd =改成"my $rrd = '/var/lib/mailgraph.rrd'"
將my $rrd_virus =改成"my $rrd_virus = '/var/lib/mailgraph_virus.rrd'"
cp mailgraph.cgi /var/www/cgi-bin
理輪上就已經完成,可惜我enable左selinux,所就仲有嘢搞.
唔理佢嘅話你就會見到/var/log/httpd/error_log有下面嘅error message:
[Wed Aug 22 15:21:46 2007] [error] [client 99.99.99.99] ERROR: opening '/var/lib/mailgraph.rrd': Permission denied, referer: http://99.99.99.99/cgi-bin/mailgraph.cgi
而且你都會見到/var/log/messages有下面嘅error message:
Aug 22 14:57:00 server setroubleshoot: SELinux is preventing the mailgraph.cgi from using potentially mislabeled files mailgraph.rrd (var_lib_t). For complete SELinux messages. run sealert -l c961bc8c-9da8-468b-8727-8ba3eafc3517
唔做嘢當然佢唔會work啦.
[root@server ~]# ls -Z /var/lib/*.rrd
-rwxr--r-- root root user_u:object_r:var_lib_t mailgraph.rrd
-rwxr--r-- root root user_u:object_r:var_lib_t mailgraph_virus.rrd
[root@server ~]# ls -Z /var/www/cgi-bin/mailgraph.cgi
-rwxr-xr-x root root user_u:object_r:httpd_sys_script_exec_t /var/www/cgi-bin/mailgraph.cgi
一睇就知道邊度出錯啦,就係因為rrd同個cgi唔同security label囉,rrd係var_lib_t,而個cgi就係httpd_sys_script_exec_t.於是我就將/var/lib/*.rrd改個label改到一樣囉,點解唔改mailgraph.cgi?因為mailgrahp.cgi個label係control個script做得d咩,所以一改佢咪violate左個原意囉.
chcon -t httpd_user_content_t /var/lib/*.rrd
[root@server mailgraph-1.13]# ls -laZ /var/lib/*.rrd
-rwxr--r-- root root user_u:object_r:httpd_sys_content_t /var/lib/mailgraph.rrd
-rwxr--r-- root root user_u:object_r:httpd_sys_content_t /var/lib/mailgraph_virus.rrd
finally我睇到個mailgraph喇,不過都仲係有d問題,點解個graph好似停左無update到嘅?
身為一個IT人,寫Blog點少得IT架.
= 快速標籤
- linux (8)
- amanda (2)
- arcserve (2)
- imagemagick (2)
- oracle (2)
- SUN (1)
- Solaris (1)
- Solstice Backup (1)
