Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
06-13-2006, 11:18 PM
|
#1
|
Member
Registered: Aug 2005
Location: California
Distribution: CentOS 5
Posts: 54
Rep:
|
SE Linux woes
Hey all,
For the two people on Earth who don't yet know it, I'm running Fedora Core 5 from Redhat. You probably also know that this comes equipped with SE Linux, which I've left on for, well, enhanced security.
I'm hosting a website on the system and want to post some pictures as part of the site. I'm coding my HTML manually
and am calling my images with a standard <IMG SRC="mypic.jpg"> tag. Trouble is, when I point my browser to the server's webpage and try to view the images, I get "broken gif" images. If I try posting a link to the image with <A HREF blah blah </A> instead, I get "403 forbidden" when I click on the link.
I've never had this problem before I switched to using later versions of FC that have SE Linux installed, so I've reason to suspect it's the problem. Any ideas?
Matt
|
|
|
06-13-2006, 11:19 PM
|
#2
|
Member
Registered: Aug 2005
Location: California
Distribution: CentOS 5
Posts: 54
Original Poster
Rep:
|
Addendum: I've already double-checked that file permissions on the images files themselves are set correctly and that the HTML code is referring to the right pathname in the <IMG SRC> tag.
|
|
|
06-13-2006, 11:53 PM
|
#3
|
Member
Registered: Mar 2004
Posts: 135
Rep:
|
try disable selinux by using
/usr/sbin/setenforce 0
Then run your webpage to see whether it works or not. If yes. It means the root problem lies at selinxu. You can edit the policy file to get it work.
|
|
|
06-14-2006, 01:43 AM
|
#4
|
Member
Registered: Jun 2003
Location: Batam
Distribution: Ubuntu 10 And Linux Mint
Posts: 414
Rep:
|
try
setsebool httpd_disable_trans 1
|
|
|
06-14-2006, 04:16 AM
|
#5
|
Senior Member
Registered: Aug 2005
Posts: 1,755
Rep:
|
Quote:
Originally Posted by cylarz
Hey all,
For the two people on Earth who don't yet know it, I'm running Fedora Core 5 from Redhat. You probably also know that this comes equipped with SE Linux, which I've left on for, well, enhanced security.
I'm hosting a website on the system and want to post some pictures as part of the site. I'm coding my HTML manually
and am calling my images with a standard <IMG SRC="mypic.jpg"> tag. Trouble is, when I point my browser to the server's webpage and try to view the images, I get "broken gif" images. If I try posting a link to the image with <A HREF blah blah </A> instead, I get "403 forbidden" when I click on the link.
I've never had this problem before I switched to using later versions of FC that have SE Linux installed, so I've reason to suspect it's the problem. Any ideas?
Matt
|
A file needs to have the right "context" to be accessible by Apache. Files created in the /var/www/html directory will inherit the correct context; but if you move files from other places, it won't have the correct context. You can restore context with the "restorecon" command, like:
Code:
restorecon mypic.jpg
or
Code:
restorecon -R /var/www/html
Turning off security is not a good idea.
|
|
|
06-15-2006, 01:33 AM
|
#6
|
LQ Newbie
Registered: Jul 2003
Location: India
Posts: 12
Rep:
|
Disable SELinux
edit file /etc/selinux/config.
set SELINUX=disable
your problem wil be solved.
|
|
|
06-15-2006, 02:13 PM
|
#7
|
Member
Registered: Jul 2003
Location: NY
Distribution: Slackware, Termux
Posts: 901
|
Quote:
Originally Posted by cylarz
...I'm coding my HTML manually
and am calling my images with a standard <IMG SRC="mypic.jpg"> tag. Trouble is, when I point my browser to the server's webpage and try to view the images, I get "broken gif" images. If I try posting a link to the image with <A HREF blah blah </A> instead, I get "403 forbidden" when I click on the link.
I've never had this problem before I switched to using later versions of FC that have SE Linux installed...
|
Now that's hardened.
|
|
|
06-20-2006, 09:01 AM
|
#8
|
Member
Registered: Oct 2003
Location: King George, VA
Distribution: RHEL/CentOS/Scientific/Fedora, LinuxMint
Posts: 370
Rep:
|
Quote:
Originally Posted by akamol
edit file /etc/selinux/config.
set SELINUX=disable
your problem wil be solved.
|
disabling security solves problems? Well I think SElinux is implemented for a reason
If in fact it is SElinux. He just needs to set the proper SElinux permissions with chcon command
|
|
|
06-20-2006, 09:36 AM
|
#9
|
Senior Member
Registered: Nov 2003
Location: Knoxville, TN
Distribution: Kubuntu 9.04
Posts: 1,168
Rep:
|
If security gets in the way of usability, then disabling (some) security does solve the problem. A typical desktop PC user really has no need for SELinux at all. Running an Apache web server though... well, if it uses a public IP disabling SELinux might not be such a good idea.
|
|
|
All times are GMT -5. The time now is 02:35 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|