[tanya-jawab] squish on fedora 11
ada yang punya tutorial untuk menerapkan penggunaan squish pada fedora 11? saya sudah coba dengan cara seperti ini: [r...@master root]# tar xzvf adzap-20080508.tar.gz –C /usr/local/squid [r...@master root]# cd /usr/local/squid/adzap [r...@master root]# cd scripts [r...@master root]# vi wrapzap Ubah parameter zapper=/usr/local/squid/adzap/scripts/squid_redirect [r...@master root]# cd /usr/local/squid/etc [r...@master root]# vi squid.conf tambahkan parameter dibawah ini redirect_program /usr/local/squid/adzap/scripts/wrapzap [r...@master root]# /usr/local/squid/sbin/squid –k reconfigure tapi tetap aja gak bisa. errornya: #tail /var/log/messages May 19 09:13:00 localhost setroubleshoot: SELinux is preventing the squid (squid_t) from executing wrapzap. For complete SELinux messages. run sealert -l 5584bdec-a033-4766-993d-3d562a04a4e4 May 19 09:13:00 localhost setroubleshoot: SELinux is preventing the squid (squid_t) from executing wrapzap. For complete SELinux messages. run sealert -l 5584bdec-a033-4766-993d-3d562a04a4e4 May 19 09:13:03 localhost squid[8422]: Squid Parent: child process 8509 started May 19 09:13:03 localhost (squid): The redirector helpers are crashing too rapidly, need help! trus yang command # /usr/local/squid/sbin/squid –k reconfigure gak bisa dijalankan karena foldernya gak ada.. apa dibuat manual? help pliss -- Adi Pane axeadip...@gmail.com -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id Arsip dan info milis selengkapnya di http://linux.or.id/milis
Re: [tanya-jawab] squish on fedora 11
2010/5/19 Adi Pane if07...@students.del.ac.id: ada yang punya tutorial untuk menerapkan penggunaan squish pada fedora 11? saya sudah coba dengan cara seperti ini: [r...@master root]# tar xzvf adzap-20080508.tar.gz –C /usr/local/squid [r...@master root]# cd /usr/local/squid/adzap [r...@master root]# cd scripts [r...@master root]# vi wrapzap Ubah parameter zapper=/usr/local/squid/adzap/scripts/squid_redirect [r...@master root]# cd /usr/local/squid/etc [r...@master root]# vi squid.conf tambahkan parameter dibawah ini redirect_program /usr/local/squid/adzap/scripts/wrapzap [r...@master root]# /usr/local/squid/sbin/squid –k reconfigure tapi tetap aja gak bisa. errornya: #tail /var/log/messages May 19 09:13:00 localhost setroubleshoot: SELinux is preventing the squid (squid_t) from executing wrapzap. For complete SELinux messages. run sealert -l 5584bdec-a033-4766-993d-3d562a04a4e4 May 19 09:13:00 localhost setroubleshoot: SELinux is preventing the squid (squid_t) from executing wrapzap. For complete SELinux messages. run sealert -l 5584bdec-a033-4766-993d-3d562a04a4e4 May 19 09:13:03 localhost squid[8422]: Squid Parent: child process 8509 started May 19 09:13:03 localhost (squid): The redirector helpers are crashing too rapidly, need help! trus yang command # /usr/local/squid/sbin/squid –k reconfigure gak bisa dijalankan karena foldernya gak ada.. apa dibuat manual? help pliss -- Adi Pane axeadip...@gmail.com -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id Arsip dan info milis selengkapnya di http://linux.or.id/milis sudah jalankan ini ? sealert -l 5584bdec-a033-4766-993d-3d562a04a4e4 nanti dikasih liat disuruh menjalankan apa.. Kalau selinux nya tidak ingin digunakan di disabled saja. -- Regards, Adit http://simplyaddo.web.id ym : science2rule hp : 08561749716 -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id Arsip dan info milis selengkapnya di http://linux.or.id/milis
Re: [tanya-jawab] squish on fedora 11
sudah mas, hasil nya ini:
Summary:
SELinux is preventing the squid (squid_t) from executing wrapzap.
Detailed Description:
SELinux has denied the squid from executing wrapzap. If squid is supposed to be
able to execute wrapzap, this could be a labeling problem. Most confined
domains
are allowed to execute files labeled bin_t. So you could change the labeling on
this file to bin_t and retry the application. If this squid is not supposed to
execute wrapzap, this could signal a intrusion attempt.
Allowing Access:
If you want to allow squid to execute wrapzap: chcon -t bin_t 'wrapzap' If this
fix works, please update the file context on disk, with the following command:
semanage fcontext -a -t bin_t 'wrapzap' Please specify the full path to the
executable, Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this selinux-policy
to make sure this becomes the default labeling.
Additional Information:
Source Context unconfined_u:system_r:squid_t:s0
Target Context unconfined_u:object_r:usr_t:s0
Target Objects wrapzap [ file ]
Source squid
Source Path /usr/sbin/squid
Port Unknown
Host localhost
Source RPM Packages squid-3.0.STABLE13-1.fc11
Target RPM Packages
Policy RPM selinux-policy-3.6.12-39.fc11
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name execute
Host Name localhost
Platform Linux localhost 2.6.29.4-167.fc11.i686.PAE #1 SMP
Wed May 27 17:28:22 EDT 2009 i686 i686
Alert Count 155
First Seen Wed May 19 08:37:50 2010
Last Seen Wed May 19 09:13:07 2010
Local ID 5584bdec-a033-4766-993d-3d562a04a4e4
Line Numbers
Raw Audit Messages
node=localhost type=AVC msg=audit(1274235187.82:25439): avc: denied { execute }
for pid=8528 comm=squid name=wrapzap dev=sda6 ino=94245
scontext=unconfined_u:system_r:squid_t:s0
tcontext=unconfined_u:object_r:usr_t:s0 tclass=file
node=localhost type=SYSCALL msg=audit(1274235187.82:25439): arch=4003
syscall=11 success=no exit=-13 a0=2c666e0 a1=bffbe0e8 a2=2d36b88 a3=4000
items=0 ppid=8523 pid=8528 auid=0 uid=23 gid=23 euid=23 suid=23 fsuid=23
egid=23 sgid=23 fsgid=23 tty=(none) ses=1 comm=squid exe=/usr/sbin/squid
subj=unconfined_u:system_r:squid_t:s0 key=(null)
end
kalo selinux nya di disabled apa pengaruh nya mas?
cara men disabled selinux gmana mas??
maaf, masih baru nyoba..
thank, bwt info nya mas
- Original Message -
From: aditya hilman aditya.hil...@gmail.com
To: tanya-jawab@linux.or.id
Sent: Wednesday, May 19, 2010 2:54:05 PM GMT +07:00 Bangkok, Hanoi, Jakarta
Subject: Re: [tanya-jawab] squish on fedora 11
2010/5/19 Adi Pane if07...@students.del.ac.id:
ada yang punya tutorial untuk menerapkan penggunaan squish pada fedora 11?
saya sudah coba dengan cara seperti ini:
[r...@master root]# tar xzvf adzap-20080508.tar.gz –C /usr/local/squid
[r...@master root]# cd /usr/local/squid/adzap
[r...@master root]# cd scripts
[r...@master root]# vi wrapzap
Ubah parameter
zapper=/usr/local/squid/adzap/scripts/squid_redirect
[r...@master root]# cd /usr/local/squid/etc
[r...@master root]# vi squid.conf
tambahkan parameter dibawah ini
redirect_program /usr/local/squid/adzap/scripts/wrapzap
[r...@master root]# /usr/local/squid/sbin/squid –k reconfigure
tapi tetap aja gak bisa.
errornya:
#tail /var/log/messages
May 19 09:13:00 localhost setroubleshoot: SELinux is preventing the squid
(squid_t) from executing wrapzap. For complete SELinux messages. run sealert
-l 5584bdec-a033-4766-993d-3d562a04a4e4
May 19 09:13:00 localhost setroubleshoot: SELinux is preventing the squid
(squid_t) from executing wrapzap. For complete SELinux messages. run sealert
-l 5584bdec-a033-4766-993d-3d562a04a4e4
May 19 09:13:03 localhost squid[8422]: Squid Parent: child process 8509
started
May 19 09:13:03 localhost (squid): The redirector helpers are crashing too
rapidly, need help!
trus yang command # /usr/local/squid/sbin/squid –k reconfigure gak bisa
dijalankan
karena foldernya gak ada..
apa dibuat manual?
help pliss
--
Adi Pane
axeadip...@gmail.com
--
FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab
Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id
Arsip dan info milis selengkapnya di http://linux.or.id/milis
sudah jalankan ini ?
sealert -l 5584bdec-a033-4766-993d-3d562a04a4e4
nanti dikasih liat disuruh menjalankan apa..
Kalau selinux nya tidak ingin digunakan di disabled saja.
--
Regards,
Adit
http://simplyaddo.web.id
ym : science2rule
hp : 08561749716
--
FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab
Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id
Arsip dan info milis selengkapnya di http://linux.or.id/milis
--
Adi Pane
axeadip...@gmail.com
--
FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab
Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id
Re: [tanya-jawab] squish on fedora 11
On Wed, May 19, 2010 at 3:06 PM, Adi Pane if07...@students.del.ac.id wrote:
sudah mas, hasil nya ini:
Summary:
SELinux is preventing the squid (squid_t) from executing wrapzap.
Detailed Description:
SELinux has denied the squid from executing wrapzap. If squid is supposed to
be
able to execute wrapzap, this could be a labeling problem. Most confined
domains
are allowed to execute files labeled bin_t. So you could change the labeling
on
this file to bin_t and retry the application. If this squid is not supposed to
execute wrapzap, this could signal a intrusion attempt.
Allowing Access:
If you want to allow squid to execute wrapzap: chcon -t bin_t 'wrapzap' If
this
fix works, please update the file context on disk, with the following command:
semanage fcontext -a -t bin_t 'wrapzap' Please specify the full path to the
executable, Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this
selinux-policy
to make sure this becomes the default labeling.
jalankan ini
chcon -t bin_t 'wrapzap'
Additional Information:
Source Context unconfined_u:system_r:squid_t:s0
Target Context unconfined_u:object_r:usr_t:s0
Target Objects wrapzap [ file ]
Source squid
Source Path /usr/sbin/squid
Port Unknown
Host localhost
Source RPM Packages squid-3.0.STABLE13-1.fc11
Target RPM Packages
Policy RPM selinux-policy-3.6.12-39.fc11
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name execute
Host Name localhost
Platform Linux localhost 2.6.29.4-167.fc11.i686.PAE #1 SMP
Wed May 27 17:28:22 EDT 2009 i686 i686
Alert Count 155
First Seen Wed May 19 08:37:50 2010
Last Seen Wed May 19 09:13:07 2010
Local ID 5584bdec-a033-4766-993d-3d562a04a4e4
Line Numbers
Raw Audit Messages
node=localhost type=AVC msg=audit(1274235187.82:25439): avc: denied { execute
} for pid=8528 comm=squid name=wrapzap dev=sda6 ino=94245
scontext=unconfined_u:system_r:squid_t:s0
tcontext=unconfined_u:object_r:usr_t:s0 tclass=file
node=localhost type=SYSCALL msg=audit(1274235187.82:25439): arch=4003
syscall=11 success=no exit=-13 a0=2c666e0 a1=bffbe0e8 a2=2d36b88 a3=4000
items=0 ppid=8523 pid=8528 auid=0 uid=23 gid=23 euid=23 suid=23 fsuid=23
egid=23 sgid=23 fsgid=23 tty=(none) ses=1 comm=squid exe=/usr/sbin/squid
subj=unconfined_u:system_r:squid_t:s0 key=(null)
end
kalo selinux nya di disabled apa pengaruh nya mas?
cara men disabled selinux gmana mas??
ini tentang selinux dari wiki
http://en.wikipedia.org/wiki/Security-Enhanced_Linux
cara disabled nya edit file konfigurasinya di /etc/sysconfig/selinux
pada bagian
SELINUX=enforcing
rubah menjadi disabled
trus restart mesinnya agar berubah..
bisa juga langsung tapi cuma permissive, jalankan perintah
setenforce 0
tapi ketika mesin restart, selinux nya akan berubah lagi sesuai dengan
konfigurasi yang ada di /etc/sysconfig/selinux
maaf, masih baru nyoba..
thank, bwt info nya mas
- Original Message -
From: aditya hilman aditya.hil...@gmail.com
To: tanya-jawab@linux.or.id
Sent: Wednesday, May 19, 2010 2:54:05 PM GMT +07:00 Bangkok, Hanoi, Jakarta
Subject: Re: [tanya-jawab] squish on fedora 11
2010/5/19 Adi Pane if07...@students.del.ac.id:
ada yang punya tutorial untuk menerapkan penggunaan squish pada fedora 11?
saya sudah coba dengan cara seperti ini:
[r...@master root]# tar xzvf adzap-20080508.tar.gz –C /usr/local/squid
[r...@master root]# cd /usr/local/squid/adzap
[r...@master root]# cd scripts
[r...@master root]# vi wrapzap
Ubah parameter
zapper=/usr/local/squid/adzap/scripts/squid_redirect
[r...@master root]# cd /usr/local/squid/etc
[r...@master root]# vi squid.conf
tambahkan parameter dibawah ini
redirect_program /usr/local/squid/adzap/scripts/wrapzap
[r...@master root]# /usr/local/squid/sbin/squid –k reconfigure
tapi tetap aja gak bisa.
errornya:
#tail /var/log/messages
May 19 09:13:00 localhost setroubleshoot: SELinux is preventing the squid
(squid_t) from executing wrapzap. For complete SELinux messages. run sealert
-l 5584bdec-a033-4766-993d-3d562a04a4e4
May 19 09:13:00 localhost setroubleshoot: SELinux is preventing the squid
(squid_t) from executing wrapzap. For complete SELinux messages. run sealert
-l 5584bdec-a033-4766-993d-3d562a04a4e4
May 19 09:13:03 localhost squid[8422]: Squid Parent: child process 8509
started
May 19 09:13:03 localhost (squid): The redirector helpers are crashing too
rapidly, need help!
trus yang command # /usr/local/squid/sbin/squid –k reconfigure gak bisa
dijalankan
karena foldernya gak ada..
apa dibuat manual?
help pliss
--
Adi Pane
axeadip...@gmail.com
--
FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab
Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id
Arsip dan info milis selengkapnya di http://linux.or.id/milis
sudah jalankan ini ?
sealert -l 5584bdec-a033-4766-993d-3d562a04a4e4
nanti dikasih liat disuruh
Re: [tanya-jawab] squish on fedora 11
--- Pada Rab, 19/5/10, Adi Pane if07...@students.del.ac.id menulis:
Dari: Adi Pane if07...@students.del.ac.id
Judul: Re: [tanya-jawab] squish on fedora 11
Kepada: tanya-jawab@linux.or.id
Tanggal: Rabu, 19 Mei, 2010, 3:06 PM
sudah mas, hasil nya ini:
Summary:
SELinux is preventing the squid (squid_t) from executing
wrapzap.
Detailed Description:
SELinux has denied the squid from executing wrapzap. If
squid is supposed to be
able to execute wrapzap, this could be a labeling problem.
Most confined domains
are allowed to execute files labeled bin_t. So you could
change the labeling on
this file to bin_t and retry the application. If this squid
is not supposed to
execute wrapzap, this could signal a intrusion attempt.
Allowing Access:
If you want to allow squid to execute wrapzap: chcon -t
bin_t 'wrapzap' If this
fix works, please update the file context on disk, with the
following command:
semanage fcontext -a -t bin_t 'wrapzap' Please specify the
full path to the
executable, Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this selinux-policy
to make sure this becomes the default labeling.
Additional Information:
Source Context unconfined_u:system_r:squid_t:s0
Target Context unconfined_u:object_r:usr_t:s0
Target Objects wrapzap [ file ]
Source squid
Source Path /usr/sbin/squid
Port Unknown
Host localhost
Source RPM Packages squid-3.0.STABLE13-1.fc11
Target RPM Packages
Policy RPM selinux-policy-3.6.12-39.fc11
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name execute
Host Name localhost
Platform Linux localhost 2.6.29.4-167.fc11.i686.PAE #1 SMP
Wed May 27 17:28:22 EDT 2009 i686 i686
Alert Count 155
First Seen Wed May 19 08:37:50 2010
Last Seen Wed May 19 09:13:07 2010
Local ID 5584bdec-a033-4766-993d-3d562a04a4e4
Line Numbers
Raw Audit Messages
node=localhost type=AVC msg=audit(1274235187.82:25439):
avc: denied { execute } for pid=8528 comm=squid
name=wrapzap dev=sda6 ino=94245
scontext=unconfined_u:system_r:squid_t:s0
tcontext=unconfined_u:object_r:usr_t:s0 tclass=file
node=localhost type=SYSCALL msg=audit(1274235187.82:25439):
arch=4003 syscall=11 success=no exit=-13 a0=2c666e0
a1=bffbe0e8 a2=2d36b88 a3=4000 items=0 ppid=8523 pid=8528
auid=0 uid=23 gid=23 euid=23 suid=23 fsuid=23 egid=23
sgid=23 fsgid=23 tty=(none) ses=1 comm=squid
exe=/usr/sbin/squid subj=unconfined_u:system_r:squid_t:s0
key=(null)
end
kalo selinux nya di disabled apa pengaruh nya mas?
cara men disabled selinux gmana mas??
kalo di fedora sih cari file /etc/selinux/config
cari bagian
selinux = enforce
menjadi
selinux = disabled
--
FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab
Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id
Arsip dan info milis selengkapnya di http://linux.or.id/milis
