[tanya-jawab] squish on fedora 11
ada yang punya tutorial untuk menerapkan penggunaan squish pada fedora 11? saya sudah coba dengan cara seperti ini: [r...@master root]# tar xzvf adzap-20080508.tar.gz –C /usr/local/squid [r...@master root]# cd /usr/local/squid/adzap [r...@master root]# cd scripts [r...@master root]# vi wrapzap Ubah parameter zapper=/usr/local/squid/adzap/scripts/squid_redirect [r...@master root]# cd /usr/local/squid/etc [r...@master root]# vi squid.conf tambahkan parameter dibawah ini redirect_program /usr/local/squid/adzap/scripts/wrapzap [r...@master root]# /usr/local/squid/sbin/squid –k reconfigure tapi tetap aja gak bisa. errornya: #tail /var/log/messages May 19 09:13:00 localhost setroubleshoot: SELinux is preventing the squid (squid_t) from executing wrapzap. For complete SELinux messages. run sealert -l 5584bdec-a033-4766-993d-3d562a04a4e4 May 19 09:13:00 localhost setroubleshoot: SELinux is preventing the squid (squid_t) from executing wrapzap. For complete SELinux messages. run sealert -l 5584bdec-a033-4766-993d-3d562a04a4e4 May 19 09:13:03 localhost squid[8422]: Squid Parent: child process 8509 started May 19 09:13:03 localhost (squid): The redirector helpers are crashing too rapidly, need help! trus yang command # /usr/local/squid/sbin/squid –k reconfigure gak bisa dijalankan karena foldernya gak ada.. apa dibuat manual? help pliss -- Adi Pane axeadip...@gmail.com -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id Arsip dan info milis selengkapnya di http://linux.or.id/milis
Re: [tanya-jawab] squish on fedora 11
2010/5/19 Adi Pane if07...@students.del.ac.id: ada yang punya tutorial untuk menerapkan penggunaan squish pada fedora 11? saya sudah coba dengan cara seperti ini: [r...@master root]# tar xzvf adzap-20080508.tar.gz –C /usr/local/squid [r...@master root]# cd /usr/local/squid/adzap [r...@master root]# cd scripts [r...@master root]# vi wrapzap Ubah parameter zapper=/usr/local/squid/adzap/scripts/squid_redirect [r...@master root]# cd /usr/local/squid/etc [r...@master root]# vi squid.conf tambahkan parameter dibawah ini redirect_program /usr/local/squid/adzap/scripts/wrapzap [r...@master root]# /usr/local/squid/sbin/squid –k reconfigure tapi tetap aja gak bisa. errornya: #tail /var/log/messages May 19 09:13:00 localhost setroubleshoot: SELinux is preventing the squid (squid_t) from executing wrapzap. For complete SELinux messages. run sealert -l 5584bdec-a033-4766-993d-3d562a04a4e4 May 19 09:13:00 localhost setroubleshoot: SELinux is preventing the squid (squid_t) from executing wrapzap. For complete SELinux messages. run sealert -l 5584bdec-a033-4766-993d-3d562a04a4e4 May 19 09:13:03 localhost squid[8422]: Squid Parent: child process 8509 started May 19 09:13:03 localhost (squid): The redirector helpers are crashing too rapidly, need help! trus yang command # /usr/local/squid/sbin/squid –k reconfigure gak bisa dijalankan karena foldernya gak ada.. apa dibuat manual? help pliss -- Adi Pane axeadip...@gmail.com -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id Arsip dan info milis selengkapnya di http://linux.or.id/milis sudah jalankan ini ? sealert -l 5584bdec-a033-4766-993d-3d562a04a4e4 nanti dikasih liat disuruh menjalankan apa.. Kalau selinux nya tidak ingin digunakan di disabled saja. -- Regards, Adit http://simplyaddo.web.id ym : science2rule hp : 08561749716 -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id Arsip dan info milis selengkapnya di http://linux.or.id/milis
Re: [tanya-jawab] squish on fedora 11
sudah mas, hasil nya ini: Summary: SELinux is preventing the squid (squid_t) from executing wrapzap. Detailed Description: SELinux has denied the squid from executing wrapzap. If squid is supposed to be able to execute wrapzap, this could be a labeling problem. Most confined domains are allowed to execute files labeled bin_t. So you could change the labeling on this file to bin_t and retry the application. If this squid is not supposed to execute wrapzap, this could signal a intrusion attempt. Allowing Access: If you want to allow squid to execute wrapzap: chcon -t bin_t 'wrapzap' If this fix works, please update the file context on disk, with the following command: semanage fcontext -a -t bin_t 'wrapzap' Please specify the full path to the executable, Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this selinux-policy to make sure this becomes the default labeling. Additional Information: Source Context unconfined_u:system_r:squid_t:s0 Target Context unconfined_u:object_r:usr_t:s0 Target Objects wrapzap [ file ] Source squid Source Path /usr/sbin/squid Port Unknown Host localhost Source RPM Packages squid-3.0.STABLE13-1.fc11 Target RPM Packages Policy RPM selinux-policy-3.6.12-39.fc11 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name execute Host Name localhost Platform Linux localhost 2.6.29.4-167.fc11.i686.PAE #1 SMP Wed May 27 17:28:22 EDT 2009 i686 i686 Alert Count 155 First Seen Wed May 19 08:37:50 2010 Last Seen Wed May 19 09:13:07 2010 Local ID 5584bdec-a033-4766-993d-3d562a04a4e4 Line Numbers Raw Audit Messages node=localhost type=AVC msg=audit(1274235187.82:25439): avc: denied { execute } for pid=8528 comm=squid name=wrapzap dev=sda6 ino=94245 scontext=unconfined_u:system_r:squid_t:s0 tcontext=unconfined_u:object_r:usr_t:s0 tclass=file node=localhost type=SYSCALL msg=audit(1274235187.82:25439): arch=4003 syscall=11 success=no exit=-13 a0=2c666e0 a1=bffbe0e8 a2=2d36b88 a3=4000 items=0 ppid=8523 pid=8528 auid=0 uid=23 gid=23 euid=23 suid=23 fsuid=23 egid=23 sgid=23 fsgid=23 tty=(none) ses=1 comm=squid exe=/usr/sbin/squid subj=unconfined_u:system_r:squid_t:s0 key=(null) end kalo selinux nya di disabled apa pengaruh nya mas? cara men disabled selinux gmana mas?? maaf, masih baru nyoba.. thank, bwt info nya mas - Original Message - From: aditya hilman aditya.hil...@gmail.com To: tanya-jawab@linux.or.id Sent: Wednesday, May 19, 2010 2:54:05 PM GMT +07:00 Bangkok, Hanoi, Jakarta Subject: Re: [tanya-jawab] squish on fedora 11 2010/5/19 Adi Pane if07...@students.del.ac.id: ada yang punya tutorial untuk menerapkan penggunaan squish pada fedora 11? saya sudah coba dengan cara seperti ini: [r...@master root]# tar xzvf adzap-20080508.tar.gz –C /usr/local/squid [r...@master root]# cd /usr/local/squid/adzap [r...@master root]# cd scripts [r...@master root]# vi wrapzap Ubah parameter zapper=/usr/local/squid/adzap/scripts/squid_redirect [r...@master root]# cd /usr/local/squid/etc [r...@master root]# vi squid.conf tambahkan parameter dibawah ini redirect_program /usr/local/squid/adzap/scripts/wrapzap [r...@master root]# /usr/local/squid/sbin/squid –k reconfigure tapi tetap aja gak bisa. errornya: #tail /var/log/messages May 19 09:13:00 localhost setroubleshoot: SELinux is preventing the squid (squid_t) from executing wrapzap. For complete SELinux messages. run sealert -l 5584bdec-a033-4766-993d-3d562a04a4e4 May 19 09:13:00 localhost setroubleshoot: SELinux is preventing the squid (squid_t) from executing wrapzap. For complete SELinux messages. run sealert -l 5584bdec-a033-4766-993d-3d562a04a4e4 May 19 09:13:03 localhost squid[8422]: Squid Parent: child process 8509 started May 19 09:13:03 localhost (squid): The redirector helpers are crashing too rapidly, need help! trus yang command # /usr/local/squid/sbin/squid –k reconfigure gak bisa dijalankan karena foldernya gak ada.. apa dibuat manual? help pliss -- Adi Pane axeadip...@gmail.com -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id Arsip dan info milis selengkapnya di http://linux.or.id/milis sudah jalankan ini ? sealert -l 5584bdec-a033-4766-993d-3d562a04a4e4 nanti dikasih liat disuruh menjalankan apa.. Kalau selinux nya tidak ingin digunakan di disabled saja. -- Regards, Adit http://simplyaddo.web.id ym : science2rule hp : 08561749716 -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id Arsip dan info milis selengkapnya di http://linux.or.id/milis -- Adi Pane axeadip...@gmail.com -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id
Re: [tanya-jawab] squish on fedora 11
On Wed, May 19, 2010 at 3:06 PM, Adi Pane if07...@students.del.ac.id wrote: sudah mas, hasil nya ini: Summary: SELinux is preventing the squid (squid_t) from executing wrapzap. Detailed Description: SELinux has denied the squid from executing wrapzap. If squid is supposed to be able to execute wrapzap, this could be a labeling problem. Most confined domains are allowed to execute files labeled bin_t. So you could change the labeling on this file to bin_t and retry the application. If this squid is not supposed to execute wrapzap, this could signal a intrusion attempt. Allowing Access: If you want to allow squid to execute wrapzap: chcon -t bin_t 'wrapzap' If this fix works, please update the file context on disk, with the following command: semanage fcontext -a -t bin_t 'wrapzap' Please specify the full path to the executable, Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this selinux-policy to make sure this becomes the default labeling. jalankan ini chcon -t bin_t 'wrapzap' Additional Information: Source Context unconfined_u:system_r:squid_t:s0 Target Context unconfined_u:object_r:usr_t:s0 Target Objects wrapzap [ file ] Source squid Source Path /usr/sbin/squid Port Unknown Host localhost Source RPM Packages squid-3.0.STABLE13-1.fc11 Target RPM Packages Policy RPM selinux-policy-3.6.12-39.fc11 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name execute Host Name localhost Platform Linux localhost 2.6.29.4-167.fc11.i686.PAE #1 SMP Wed May 27 17:28:22 EDT 2009 i686 i686 Alert Count 155 First Seen Wed May 19 08:37:50 2010 Last Seen Wed May 19 09:13:07 2010 Local ID 5584bdec-a033-4766-993d-3d562a04a4e4 Line Numbers Raw Audit Messages node=localhost type=AVC msg=audit(1274235187.82:25439): avc: denied { execute } for pid=8528 comm=squid name=wrapzap dev=sda6 ino=94245 scontext=unconfined_u:system_r:squid_t:s0 tcontext=unconfined_u:object_r:usr_t:s0 tclass=file node=localhost type=SYSCALL msg=audit(1274235187.82:25439): arch=4003 syscall=11 success=no exit=-13 a0=2c666e0 a1=bffbe0e8 a2=2d36b88 a3=4000 items=0 ppid=8523 pid=8528 auid=0 uid=23 gid=23 euid=23 suid=23 fsuid=23 egid=23 sgid=23 fsgid=23 tty=(none) ses=1 comm=squid exe=/usr/sbin/squid subj=unconfined_u:system_r:squid_t:s0 key=(null) end kalo selinux nya di disabled apa pengaruh nya mas? cara men disabled selinux gmana mas?? ini tentang selinux dari wiki http://en.wikipedia.org/wiki/Security-Enhanced_Linux cara disabled nya edit file konfigurasinya di /etc/sysconfig/selinux pada bagian SELINUX=enforcing rubah menjadi disabled trus restart mesinnya agar berubah.. bisa juga langsung tapi cuma permissive, jalankan perintah setenforce 0 tapi ketika mesin restart, selinux nya akan berubah lagi sesuai dengan konfigurasi yang ada di /etc/sysconfig/selinux maaf, masih baru nyoba.. thank, bwt info nya mas - Original Message - From: aditya hilman aditya.hil...@gmail.com To: tanya-jawab@linux.or.id Sent: Wednesday, May 19, 2010 2:54:05 PM GMT +07:00 Bangkok, Hanoi, Jakarta Subject: Re: [tanya-jawab] squish on fedora 11 2010/5/19 Adi Pane if07...@students.del.ac.id: ada yang punya tutorial untuk menerapkan penggunaan squish pada fedora 11? saya sudah coba dengan cara seperti ini: [r...@master root]# tar xzvf adzap-20080508.tar.gz –C /usr/local/squid [r...@master root]# cd /usr/local/squid/adzap [r...@master root]# cd scripts [r...@master root]# vi wrapzap Ubah parameter zapper=/usr/local/squid/adzap/scripts/squid_redirect [r...@master root]# cd /usr/local/squid/etc [r...@master root]# vi squid.conf tambahkan parameter dibawah ini redirect_program /usr/local/squid/adzap/scripts/wrapzap [r...@master root]# /usr/local/squid/sbin/squid –k reconfigure tapi tetap aja gak bisa. errornya: #tail /var/log/messages May 19 09:13:00 localhost setroubleshoot: SELinux is preventing the squid (squid_t) from executing wrapzap. For complete SELinux messages. run sealert -l 5584bdec-a033-4766-993d-3d562a04a4e4 May 19 09:13:00 localhost setroubleshoot: SELinux is preventing the squid (squid_t) from executing wrapzap. For complete SELinux messages. run sealert -l 5584bdec-a033-4766-993d-3d562a04a4e4 May 19 09:13:03 localhost squid[8422]: Squid Parent: child process 8509 started May 19 09:13:03 localhost (squid): The redirector helpers are crashing too rapidly, need help! trus yang command # /usr/local/squid/sbin/squid –k reconfigure gak bisa dijalankan karena foldernya gak ada.. apa dibuat manual? help pliss -- Adi Pane axeadip...@gmail.com -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id Arsip dan info milis selengkapnya di http://linux.or.id/milis sudah jalankan ini ? sealert -l 5584bdec-a033-4766-993d-3d562a04a4e4 nanti dikasih liat disuruh
Re: [tanya-jawab] squish on fedora 11
--- Pada Rab, 19/5/10, Adi Pane if07...@students.del.ac.id menulis: Dari: Adi Pane if07...@students.del.ac.id Judul: Re: [tanya-jawab] squish on fedora 11 Kepada: tanya-jawab@linux.or.id Tanggal: Rabu, 19 Mei, 2010, 3:06 PM sudah mas, hasil nya ini: Summary: SELinux is preventing the squid (squid_t) from executing wrapzap. Detailed Description: SELinux has denied the squid from executing wrapzap. If squid is supposed to be able to execute wrapzap, this could be a labeling problem. Most confined domains are allowed to execute files labeled bin_t. So you could change the labeling on this file to bin_t and retry the application. If this squid is not supposed to execute wrapzap, this could signal a intrusion attempt. Allowing Access: If you want to allow squid to execute wrapzap: chcon -t bin_t 'wrapzap' If this fix works, please update the file context on disk, with the following command: semanage fcontext -a -t bin_t 'wrapzap' Please specify the full path to the executable, Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this selinux-policy to make sure this becomes the default labeling. Additional Information: Source Context unconfined_u:system_r:squid_t:s0 Target Context unconfined_u:object_r:usr_t:s0 Target Objects wrapzap [ file ] Source squid Source Path /usr/sbin/squid Port Unknown Host localhost Source RPM Packages squid-3.0.STABLE13-1.fc11 Target RPM Packages Policy RPM selinux-policy-3.6.12-39.fc11 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name execute Host Name localhost Platform Linux localhost 2.6.29.4-167.fc11.i686.PAE #1 SMP Wed May 27 17:28:22 EDT 2009 i686 i686 Alert Count 155 First Seen Wed May 19 08:37:50 2010 Last Seen Wed May 19 09:13:07 2010 Local ID 5584bdec-a033-4766-993d-3d562a04a4e4 Line Numbers Raw Audit Messages node=localhost type=AVC msg=audit(1274235187.82:25439): avc: denied { execute } for pid=8528 comm=squid name=wrapzap dev=sda6 ino=94245 scontext=unconfined_u:system_r:squid_t:s0 tcontext=unconfined_u:object_r:usr_t:s0 tclass=file node=localhost type=SYSCALL msg=audit(1274235187.82:25439): arch=4003 syscall=11 success=no exit=-13 a0=2c666e0 a1=bffbe0e8 a2=2d36b88 a3=4000 items=0 ppid=8523 pid=8528 auid=0 uid=23 gid=23 euid=23 suid=23 fsuid=23 egid=23 sgid=23 fsgid=23 tty=(none) ses=1 comm=squid exe=/usr/sbin/squid subj=unconfined_u:system_r:squid_t:s0 key=(null) end kalo selinux nya di disabled apa pengaruh nya mas? cara men disabled selinux gmana mas?? kalo di fedora sih cari file /etc/selinux/config cari bagian selinux = enforce menjadi selinux = disabled -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id Arsip dan info milis selengkapnya di http://linux.or.id/milis