Thanks, Resolved problem. /usr/sbin/setenforce 0 Disable selinux.
Martin SSBr | Strong Security Brasil | Fabricio Gimenes Porto | Dpto. Técnico | Tel. +55 11 2897-1566 |Cel. +55 11 9-4558-6564 |fgime...@strongsecurity.com.br As informações contidas nesta mensagem são CONFIDENCIAIS e protegidas pelo sigilo legal. A divulgação, distribuição ou reprodução do teor deste documento depende de autorização do emissor. Caso V. Sa. não seja o destinatário, preposto, ou a pessoa responsável pela entrega desta mensagem, fica, desde já, notificado que qualquer divulgação, distribuição ou reprodução é estritamente proibida, sujeitando-se o infrator às sanções legais. Caso esta comunicação tenha sido recebida por engano, favor nos avisar imediatamente, respondendo esta mensagem. The information contained in this message is CONFIDENTIAL. If the reader of this transmittal is not the intended recipient or an agent responsible for delivering it, you are hereby notified that you have received this communication in error, and that any dissemination, distribution, retention or copy of this communication is strictly prohibited. In this case, please immediately reply this message to the sender. Antes de imprimir pense em seu compromisso com o Meio Ambiente. -----Mensagem original----- De: Martin Hecht [mailto:he...@hlrs.de] Enviada em: Friday, September 25, 2015 5:53 AM Para: fgime...@strongsecurity.com.br Cc: Users' Help and Suggestions <openca-users@lists.sourceforge.net> Assunto: Re: [Openca-Users] RES: Openca Socket error Hi Fabricio, hmm... next I would check step by step what's happening. The error message sais that the server is not online and it mentions the path to the socket. So, if you try to restart the server, do you see the process, and does it stay alive? Just after start you should see some runs of configure_etc.sh and later there should be at least one process of perl running with the argument of openca_start (prepended by its full path). If the process is not there, we have to find out why it doesn't come up. Maybe there are other hints in the openca-start.log? If the process is there and there are no other log messages that would help, check if the socket exists, and if it is accessible by apache (file permissions, all down the path, group membership, maybe you have to add apache to the openca group or vice versa)? Does the time stamp of the socket fit to your latest openca server restart? If it is much older, remove it manually and try to restart the server again. If this should all be ok, is apparmor or selinux running? Did you change something in this area recently, or did the change come in by a security update of the OS? Maybe a more restrictive apparmor profile was distributed by an update and you have to add a few more lines to allow apache to access this socket. If this all does not give you a clue I would start reading the openca source and search for the place where the error message appears. Maybe there are some explaining comments in that region, or you get a hint from the code itself. BTW, which version of OpenCa do you use? Ehm... the server used to work before, and you didn't change anything just before you noticed the error, right? best, Martin On 09/24/2015 08:41 PM, Fabricio Gimenes wrote: > Martin, > > My server with this clear, ran the xml cleaning procedure and yet the > problem has not been resolved . > We can do some more procedure. > > Fabricio > > SSBr | Strong Security Brasil | Fabricio Gimenes Porto | Dpto. Técnico | > Tel. +55 11 2897-1566 |Cel. +55 11 9-4558-6564 > |fgime...@strongsecurity.com.br > As informações contidas nesta mensagem são CONFIDENCIAIS e protegidas pelo > sigilo legal. A divulgação, distribuição ou reprodução do teor deste > documento depende de autorização do emissor. Caso V. Sa. não seja o > destinatário, preposto, ou a pessoa responsável pela entrega desta mensagem, > fica, desde já, notificado que qualquer divulgação, distribuição ou > reprodução é estritamente proibida, sujeitando-se o infrator às sanções > legais. Caso esta comunicação tenha sido recebida por engano, favor nos > avisar imediatamente, respondendo esta mensagem. The information contained > in this message is CONFIDENTIAL. If the reader of this transmittal is not > the intended recipient or an agent responsible for delivering it, you are > hereby notified that you have received this communication in error, and that > any dissemination, distribution, retention or copy of this communication is > strictly prohibited. In this case, please immediately reply this message to > the sender. > Antes de imprimir pense em seu compromisso com o Meio Ambiente. > > -----Mensagem original----- > De: Martin Hecht [mailto:he...@hlrs.de] > Enviada em: Thursday, September 24, 2015 1:36 PM > Para: fgime...@strongsecurity.com.br > Cc: Users' Help and Suggestions <openca-users@lists.sourceforge.net> > Assunto: Re: [Openca-Users] Openca Socket error > > Hi Fabricio, > > this looks like the openca daemon has crashed or is in some kind of > deadlock. > Usually, you just have to stop the openca service in order to clean up > things, and start it again. > > It may take a while to become responsive again (in a VM running on old > hardware it may well be a minute and more), but as soon as the service > has finished its startup, you should be able to connect via browser again. > > However, if the reason for the crash is a full disk (or a file system > which ran out of inodes), then you first have to clean up e.g. the xml > log directory (I usually put everything into a tgz and remove all the > xml files and the directories of the current and the past year(s). A > proper logrotate mechanism would be useful here... > > Martin > > On 09/24/2015 02:53 PM, Fabricio Gimenes wrote: >> Hi, >> >> >> >> My name is Fabricio. >> >> >> >> I'm a problem in openca_socket , which access the apache web presents >> seguitne message. >> >> >> >> OpenCA Error: Server is not online or does not accept requests >> (//var/openca/tmp/openca_socket - //var/openca/tmp/openca_socket). 0 >> >> ------------------------------------------------------------------------------ _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
