Re: [qmailadmin] qmailadmin/apache how-to ???
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2008-05-04, at 0638, Maurizio Rottin wrote: 2008/5/3 D. Hilbig [EMAIL PROTECTED]: Since it is a public webserver and SELinux is an additional layer of security I would prefer not to disable it. I guess it might be time to learn more about SELinux. I was hoping that someone has already written a document on what needs to be changed. Oh well... qmail and qmailadmin are security-bug free, then selinux is a weak enhancement. you forgot the word IF at the beginning of that sentence. qmail itself has a history of over ten years with no verified security holes, and only two possible holes reported which are caused by 32/64- bit discrepancies. while that is a very strong track record, and while i do feel that qmail itself is the most secure MTA on the planet, i don't consider it guaranteed free of security holes, any more than i would any other program. anyway you can meanwhile leave selinux activated but in targeted way (not enforced),so that selinux will report any problem encountered but won't stop the execution. This is a good way for debugging it and create new rules; i've never found a written policy for qmailadmin...(and be sure restorecond is onchkconfig --list | grep restorecond) excellent advice... this keeps SELinux from interfering with the proper operation of the server, while giving you feedback about what which specific rules need to be written for your system. doing a google search for selinux howto will give you a long list of web pages which will teach you how SELinux works. the guys on the fedora team really know this stuff cold, because they've been writing the tools for fedora 8 and fedora 9 to allow people to manage policies. the first pages i would read would be the ones they've written. - | John M. Simpson -- KG4ZOW -- Programmer At Large | | http://www.jms1.net/ [EMAIL PROTECTED] | - | Hope for America -- http://www.ronpaul2008.com/ | - -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) iD8DBQFIH1FyEB9RczMG/PsRAqzxAKDbhSWyFg0MrLr4x33XO1xWA1kZ/QCeKY2C fJGsRgb8GUnrB5cmIdIhKbQ= =0w4V -END PGP SIGNATURE- !DSPAM:481f5182120501977914725!
Re: [qmailadmin] qmailadmin/apache how-to ???
there two way to make it work! one is configure selinux with new rules, the other one is disable selinux. to disable selinux do #setenforce 0 then edit /etc/selinux.conf??? don't remember where the file is..and chenge in disable so that in the next reboot selinux won't come up again. 2008/5/3 D. Hilbig [EMAIL PROTECTED]: Yes. I get the login screen, but cannot login. Here are the error messages: May 2 23:25:57 server setroubleshoot: SELinux is preventing the /var/www/cgi-bin/qmailadmin from using potentially mislabeled files cdb (var_t). For complete SELinux messages. run sealert -l 1ec6bf27-c839-4063-a36f-bc80e2872bc2 May 2 23:25:57 server setroubleshoot: SELinux is preventing the /var/www/cgi-bin/qmailadmin from using potentially mislabeled files (etc). For complete SELinux messages. run sealert -l 9a4c375d-6ec9-4cce-82a4-50b21f1c8b58 -Original Message- From: ed [mailto:[EMAIL PROTECTED] Sent: Thursday, May 01, 2008 1:35 PM To: qmailadmin@inter7.com Subject: Re: [qmailadmin] qmailadmin/apache how-to ??? On Wed, 30 Apr 2008 15:14:41 -0700 D. Hilbig [EMAIL PROTECTED] wrote: Where can I find a good how-to for configuring qmailadmin under apache? I'd like a document that provides some technical insights with respect to the apache configuration including any security concerns. I'm also wondering about an possible issues with SELinux in targeted mode. I'm using CentOS v5.1 with apache v2.2.3. Any help is appreciated. Do you have a problem with the configuration at the moment? -- The 14.4 dialup to the PS2 is losing cohesion because of a trailing space in /etc/passwd. The Sys Admin is ordering a pizza. :: http://www.s5h.net/ :: http://www.s5h.net/gpg.html -- mr !DSPAM:481c5777120508044218332!
RE: [qmailadmin] qmailadmin/apache how-to ???
Since it is a public webserver and SELinux is an additional layer of security I would prefer not to disable it. I guess it might be time to learn more about SELinux. I was hoping that someone has already written a document on what needs to be changed. Oh well... -Original Message- From: Maurizio Rottin [mailto:[EMAIL PROTECTED] Sent: Saturday, May 03, 2008 5:16 AM To: qmailadmin@inter7.com Subject: Re: [qmailadmin] qmailadmin/apache how-to ??? there two way to make it work! one is configure selinux with new rules, the other one is disable selinux. to disable selinux do #setenforce 0 then edit /etc/selinux.conf??? don't remember where the file is..and chenge in disable so that in the next reboot selinux won't come up again. 2008/5/3 D. Hilbig [EMAIL PROTECTED]: Yes. I get the login screen, but cannot login. Here are the error messages: May 2 23:25:57 server setroubleshoot: SELinux is preventing the /var/www/cgi-bin/qmailadmin from using potentially mislabeled files cdb (var_t). For complete SELinux messages. run sealert -l 1ec6bf27-c839-4063-a36f-bc80e2872bc2 May 2 23:25:57 server setroubleshoot: SELinux is preventing the /var/www/cgi-bin/qmailadmin from using potentially mislabeled files (etc). For complete SELinux messages. run sealert -l 9a4c375d-6ec9-4cce-82a4-50b21f1c8b58 -Original Message- From: ed [mailto:[EMAIL PROTECTED] Sent: Thursday, May 01, 2008 1:35 PM To: qmailadmin@inter7.com Subject: Re: [qmailadmin] qmailadmin/apache how-to ??? On Wed, 30 Apr 2008 15:14:41 -0700 D. Hilbig [EMAIL PROTECTED] wrote: Where can I find a good how-to for configuring qmailadmin under apache? I'd like a document that provides some technical insights with respect to the apache configuration including any security concerns. I'm also wondering about an possible issues with SELinux in targeted mode. I'm using CentOS v5.1 with apache v2.2.3. Any help is appreciated. Do you have a problem with the configuration at the moment? -- The 14.4 dialup to the PS2 is losing cohesion because of a trailing space in /etc/passwd. The Sys Admin is ordering a pizza. :: http://www.s5h.net/ :: http://www.s5h.net/gpg.html -- mr !DSPAM:481cc0ec120503459687583!
Re: [qmailadmin] qmailadmin/apache how-to ???
Wouldn't a requisite of using selinux be to learn how it works first instead of blindly following a how-to so when it breaks you're able to function to fix it? I've been using qmailadmin since about 1998 and have never had an issue with it security-wise. Just my $0.02CAD :) - Original Message - From: D. Hilbig [EMAIL PROTECTED] To: qmailadmin@inter7.com qmailadmin@inter7.com Sent: Sat May 03 12:45:41 2008 Subject: RE: [qmailadmin] qmailadmin/apache how-to ??? Since it is a public webserver and SELinux is an additional layer of security I would prefer not to disable it. I guess it might be time to learn more about SELinux. I was hoping that someone has already written a document on what needs to be changed. Oh well... -Original Message- From: Maurizio Rottin [mailto:[EMAIL PROTECTED] Sent: Saturday, May 03, 2008 5:16 AM To: qmailadmin@inter7.com Subject: Re: [qmailadmin] qmailadmin/apache how-to ??? there two way to make it work! one is configure selinux with new rules, the other one is disable selinux. to disable selinux do #setenforce 0 then edit /etc/selinux.conf??? don't remember where the file is..and chenge in disable so that in the next reboot selinux won't come up again. 2008/5/3 D. Hilbig [EMAIL PROTECTED]: Yes. I get the login screen, but cannot login. Here are the error messages: May 2 23:25:57 server setroubleshoot: SELinux is preventing the /var/www/cgi-bin/qmailadmin from using potentially mislabeled files cdb (var_t). For complete SELinux messages. run sealert -l 1ec6bf27-c839-4063-a36f-bc80e2872bc2 May 2 23:25:57 server setroubleshoot: SELinux is preventing the /var/www/cgi-bin/qmailadmin from using potentially mislabeled files (etc). For complete SELinux messages. run sealert -l 9a4c375d-6ec9-4cce-82a4-50b21f1c8b58 -Original Message- From: ed [mailto:[EMAIL PROTECTED] Sent: Thursday, May 01, 2008 1:35 PM To: qmailadmin@inter7.com Subject: Re: [qmailadmin] qmailadmin/apache how-to ??? On Wed, 30 Apr 2008 15:14:41 -0700 D. Hilbig [EMAIL PROTECTED] wrote: Where can I find a good how-to for configuring qmailadmin under apache? I'd like a document that provides some technical insights with respect to the apache configuration including any security concerns. I'm also wondering about an possible issues with SELinux in targeted mode. I'm using CentOS v5.1 with apache v2.2.3. Any help is appreciated. Do you have a problem with the configuration at the moment? -- The 14.4 dialup to the PS2 is losing cohesion because of a trailing space in /etc/passwd. The Sys Admin is ordering a pizza. :: http://www.s5h.net/ :: http://www.s5h.net/gpg.html -- mr !DSPAM:481cc1bc120508759915645!
Re: [qmailadmin] qmailadmin/apache how-to ???
try this cd /pathtoqmailamin tar zxvf qmailadmin-1.2.9.tar.gz cd qmailadmin-1.2.9 ./configure --enable-cgibindir=/var/www/cgi-bin --enable-htmldir=/var/www/html [--disable-ezmlm-mysql depends on how you compiled vpopmail] make make install-strip cd /var/www/html echo 'html' qmailadmin.html echo 'script language=JavaScript' qmailadmin.html echo setTimeout('location.href=\/cgi-bin/qmailadmin\',0); qmailadmin.html echo '/script' qmailadmin.html echo 'head' qmailadmin.html echo 'titleMail Admin' qmailadmin.html echo '/title' qmailadmin.html echo '/head' qmailadmin.html echo 'body bgcolor=white' qmailadmin.html echo '/body' qmailadmin.html echo '/html' qmailadmin.html cd /etc/httpd/conf/ echo httpd.conf echo VirtualHost YOURIPOR*:80 httpd.conf echo 'DocumentRoot /var/www/html' httpd.conf echo 'ScriptAlias /cgi-bin/ /var/www/cgi-bin/' httpd.conf echo 'ServerName YOURSERVERNAME' httpd.conf echo 'DirectoryIndex qmailadmin.html' httpd.conf echo 'ErrorLog /var/log/httpd/qmailadmin_error.log' httpd.conf echo 'CustomLog /var/log/httpd/qmailadmin_access.log combined' httpd.conf echo '/VirtualHost' httpd.conf echo httpd.conf 2008/5/1 D. Hilbig [EMAIL PROTECTED]: Where can I find a good how-to for configuring qmailadmin under apache? I'd like a document that provides some technical insights with respect to the apache configuration including any security concerns. I'm also wondering about an possible issues with SELinux in targeted mode. I'm using CentOS v5.1 with apache v2.2.3. Any help is appreciated. -- mr !DSPAM:481ad6a2120501128411945!
RE: [qmailadmin] qmailadmin/apache how-to ???
Yes. I get the login screen, but cannot login. Here are the error messages: May 2 23:25:57 server setroubleshoot: SELinux is preventing the /var/www/cgi-bin/qmailadmin from using potentially mislabeled files cdb (var_t). For complete SELinux messages. run sealert -l 1ec6bf27-c839-4063-a36f-bc80e2872bc2 May 2 23:25:57 server setroubleshoot: SELinux is preventing the /var/www/cgi-bin/qmailadmin from using potentially mislabeled files (etc). For complete SELinux messages. run sealert -l 9a4c375d-6ec9-4cce-82a4-50b21f1c8b58 -Original Message- From: ed [mailto:[EMAIL PROTECTED] Sent: Thursday, May 01, 2008 1:35 PM To: qmailadmin@inter7.com Subject: Re: [qmailadmin] qmailadmin/apache how-to ??? On Wed, 30 Apr 2008 15:14:41 -0700 D. Hilbig [EMAIL PROTECTED] wrote: Where can I find a good how-to for configuring qmailadmin under apache? I'd like a document that provides some technical insights with respect to the apache configuration including any security concerns. I'm also wondering about an possible issues with SELinux in targeted mode. I'm using CentOS v5.1 with apache v2.2.3. Any help is appreciated. Do you have a problem with the configuration at the moment? -- The 14.4 dialup to the PS2 is losing cohesion because of a trailing space in /etc/passwd. The Sys Admin is ordering a pizza. :: http://www.s5h.net/ :: http://www.s5h.net/gpg.html !DSPAM:481ba749120502055149098!
Re: [qmailadmin] qmailadmin/apache how-to ???
Selinux doesn't like setuid and setgid programs as I recall. I unfortunately don't know how to work around that, but I think this has been discussed in the past. Have you searched the mailing list archives? HTH, Tren - Original Message - From: D. Hilbig [EMAIL PROTECTED] To: qmailadmin@inter7.com qmailadmin@inter7.com Sent: Fri May 02 16:44:04 2008 Subject: RE: [qmailadmin] qmailadmin/apache how-to ??? Yes. I get the login screen, but cannot login. Here are the error messages: May 2 23:25:57 server setroubleshoot: SELinux is preventing the /var/www/cgi-bin/qmailadmin from using potentially mislabeled files cdb (var_t). For complete SELinux messages. run sealert -l 1ec6bf27-c839-4063-a36f-bc80e2872bc2 May 2 23:25:57 server setroubleshoot: SELinux is preventing the /var/www/cgi-bin/qmailadmin from using potentially mislabeled files (etc). For complete SELinux messages. run sealert -l 9a4c375d-6ec9-4cce-82a4-50b21f1c8b58 -Original Message- From: ed [mailto:[EMAIL PROTECTED] Sent: Thursday, May 01, 2008 1:35 PM To: qmailadmin@inter7.com Subject: Re: [qmailadmin] qmailadmin/apache how-to ??? On Wed, 30 Apr 2008 15:14:41 -0700 D. Hilbig [EMAIL PROTECTED] wrote: Where can I find a good how-to for configuring qmailadmin under apache? I'd like a document that provides some technical insights with respect to the apache configuration including any security concerns. I'm also wondering about an possible issues with SELinux in targeted mode. I'm using CentOS v5.1 with apache v2.2.3. Any help is appreciated. Do you have a problem with the configuration at the moment? -- The 14.4 dialup to the PS2 is losing cohesion because of a trailing space in /etc/passwd. The Sys Admin is ordering a pizza. :: http://www.s5h.net/ :: http://www.s5h.net/gpg.html !DSPAM:481ba9a0120509728869052!
Re: [qmailadmin] qmailadmin/apache how-to ???
On Wed, 30 Apr 2008 15:14:41 -0700 D. Hilbig [EMAIL PROTECTED] wrote: Where can I find a good how-to for configuring qmailadmin under apache? I'd like a document that provides some technical insights with respect to the apache configuration including any security concerns. I'm also wondering about an possible issues with SELinux in targeted mode. I'm using CentOS v5.1 with apache v2.2.3. Any help is appreciated. !DSPAM:4818ef53120506044111576! Do you have a problem with the configuration at the moment? -- The 14.4 dialup to the PS2 is losing cohesion because of a trailing space in /etc/passwd. The Sys Admin is ordering a pizza. :: http://www.s5h.net/ :: http://www.s5h.net/gpg.html signature.asc Description: PGP signature !DSPAM:481a297a120501057511886!
RE: [qmailadmin] qmailadmin/apache how-to ???
Qmailrocks.org -Original Message- From: ed [mailto:[EMAIL PROTECTED] Sent: Thursday, May 01, 2008 4:35 PM To: qmailadmin@inter7.com Subject: Re: [qmailadmin] qmailadmin/apache how-to ??? On Wed, 30 Apr 2008 15:14:41 -0700 D. Hilbig [EMAIL PROTECTED] wrote: Where can I find a good how-to for configuring qmailadmin under apache? I'd like a document that provides some technical insights with respect to the apache configuration including any security concerns. I'm also wondering about an possible issues with SELinux in targeted mode. I'm using CentOS v5.1 with apache v2.2.3. Any help is appreciated. Do you have a problem with the configuration at the moment? -- The 14.4 dialup to the PS2 is losing cohesion because of a trailing space in /etc/passwd. The Sys Admin is ordering a pizza. :: http://www.s5h.net/ :: http://www.s5h.net/gpg.html !DSPAM:481a2f3a120502686319533!
Re: [qmailadmin] qmailadmin/apache how-to ???
2008/5/1 Jeremy Kenney [EMAIL PROTECTED]: Qmailrocks.org qmailrocks is outdated! go to toaster instead! -- mr !DSPAM:481a36d2120501477918748!
Re: [qmailadmin] qmailadmin/apache how-to ???
On Thu, 1 May 2008 23:32:00 +0200 Maurizio Rottin [EMAIL PROTECTED] wrote: 2008/5/1 Jeremy Kenney [EMAIL PROTECTED]: Qmailrocks.org qmailrocks is outdated! go to toaster instead! -- mr !DSPAM:481a36d2120501477918748! Heh, Agreed, how did you jump straight on the qmailrocks.org thing though? -- The 28.8 frame relay to south lata is dropping packets because of a memory leak in the lyris server. The Rebel Alliance is looking for someone to blame. :: http://www.s5h.net/ :: http://www.s5h.net/gpg.html signature.asc Description: PGP signature !DSPAM:481a4a80120502282762728!
Re: [qmailadmin] qmailadmin/apache how-to ???
http://shupp.org/toaster Regards, Tren - Original Message - From: D. Hilbig [EMAIL PROTECTED] To: qmailadmin@inter7.com qmailadmin@inter7.com Sent: Sat Apr 26 13:48:58 2008 Subject: [qmailadmin] qmailadmin/apache how-to ??? Where can I find a good how-to for configuring qmailadmin under apache? I'm using CentOS v5.1 with apache v2.2.3. Any help is appreciated. !DSPAM:4813987b120501666388027!