FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 07-30-2008, 10:12 PM
Gene Heskett
 
Default awstats munged httpd rights in SElinux, how to fix?

Greetings;

Wanting to see who might have visited my simple web page, I installed awstats
from the fedora repo today.

The awstats selinux helper seems to be an empty file, yumex win't dl it or
install it even when checked.

>From the yumex screen:
7:59:02 : Package Queue:
17:59:02 : Packages to install
17:59:02 : ---> awstats-selinux-6.7-1.fc8.noarch
17:59:02 : Preparing for install/remove/update
17:59:02 : --> Preparing for install
17:59:02 : Package awstats-selinux is obsoleted by awstats, trying to install
awstats-6.8-1.fc8.noarch instead
17:59:02 : Package awstats-6.8-1.fc8.noarch already installed and latest
version
17:59:06 : Error in Dependency Resolution
17:59:06 : Success - empty transaction

which is self-explanatory.

But on attempting to look at my page at localhost, I get connection refused.

So I as root, do:service httpd restart
Stopping httpd: [FAILED]
Starting httpd: (13)Permission denied: httpd: could not open error log
file /etc/httpd/logs/error_log.
Unable to open logs
[FAILED]

And an selinux denial that says I can fix it with this:
#> setsebool -P httpd_unified=1

But I've now executed that line several times without success.

I've also gone through the httpd stuff and made much of it 0644 and owned by
apache:apache.

Obviously I'm suffering from the local heat and missing the flashing red light
here, so what is next folks? It was all working AFAIK before I installed
awstats, when running kernel 2.6.26 just yesterday, but now booted to
2.6.27-rc1. Dunno which is the culprit. Help!

--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
I don't make the rules, Gil, I only play the game.
-- Cash McCall

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 07-31-2008, 03:20 AM
Tim
 
Default awstats munged httpd rights in SElinux, how to fix?

On Wed, 2008-07-30 at 18:12 -0400, Gene Heskett wrote:
> Wanting to see who might have visited my simple web page, I installed awstats
> from the fedora repo today.
>
> The awstats selinux helper seems to be an empty file, yumex win't dl it or
> install it even when checked.
>
> >From the yumex screen:
> 7:59:02 : Package Queue:
> 17:59:02 : Packages to install
> 17:59:02 : ---> awstats-selinux-6.7-1.fc8.noarch
> 17:59:02 : Preparing for install/remove/update
> 17:59:02 : --> Preparing for install
> 17:59:02 : Package awstats-selinux is obsoleted by awstats, trying to install
> awstats-6.8-1.fc8.noarch instead
> 17:59:02 : Package awstats-6.8-1.fc8.noarch already installed and latest
> version
> 17:59:06 : Error in Dependency Resolution
> 17:59:06 : Success - empty transaction
>
> which is self-explanatory.
>
> But on attempting to look at my page at localhost, I get connection refused.
>
> So I as root, do:service httpd restart
> Stopping httpd: [FAILED]
> Starting httpd: (13)Permission denied: httpd: could not open error log
> file /etc/httpd/logs/error_log.
> Unable to open logs
> [FAILED]

Sounds more like Apache problems, not AWStats, this is Apache failing to
start. AWStats just reads the logs, *separately*. As a regular cron
job, as I recall. Though it can be fired up on demand.

NB: /etc/httpd/logs/ is a symlink to /var/log/httpd

> And an selinux denial that says I can fix it with this:
> #> setsebool -P httpd_unified=1
>
> But I've now executed that line several times without success.
>
> I've also gone through the httpd stuff and made much of it 0644 and owned by
> apache:apache.

Why and what? Configuration and log files should be owned by root,
files to be served out of the website should be owned by the author.

Are you still using your computer as root, and messing up file and
directory ownerships as you go along?

--
[tim@localhost ~]$ uname -r
2.6.25.11-97.fc9.i686

Don't send private replies to my address, the mailbox is ignored. I
read messages from the public lists.



--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 07-31-2008, 03:35 AM
Gene Heskett
 
Default awstats munged httpd rights in SElinux, how to fix?

On Wednesday 30 July 2008, Tim wrote:
>On Wed, 2008-07-30 at 18:12 -0400, Gene Heskett wrote:
>> Wanting to see who might have visited my simple web page, I installed
>> awstats from the fedora repo today.
>>
>> The awstats selinux helper seems to be an empty file, yumex win't dl it or
>> install it even when checked.
>>
>> >From the yumex screen:
>>
>> 7:59:02 : Package Queue:
>> 17:59:02 : Packages to install
>> 17:59:02 : ---> awstats-selinux-6.7-1.fc8.noarch
>> 17:59:02 : Preparing for install/remove/update
>> 17:59:02 : --> Preparing for install
>> 17:59:02 : Package awstats-selinux is obsoleted by awstats, trying to
>> install awstats-6.8-1.fc8.noarch instead
>> 17:59:02 : Package awstats-6.8-1.fc8.noarch already installed and latest
>> version
>> 17:59:06 : Error in Dependency Resolution
>> 17:59:06 : Success - empty transaction
>>
>> which is self-explanatory.
>>
>> But on attempting to look at my page at localhost, I get connection
>> refused.
>>
>> So I as root, do:service httpd restart
>> Stopping httpd: [FAILED]
>> Starting httpd: (13)Permission denied: httpd: could not open error log
>> file /etc/httpd/logs/error_log.
>> Unable to open logs
>> [FAILED]
>
>Sounds more like Apache problems, not AWStats, this is Apache failing to
>start. AWStats just reads the logs, *separately*. As a regular cron
>job, as I recall. Though it can be fired up on demand.
>
Actually, its something in the new 2.6.27-rc1 kernel that is stopping it.
I just rebooted to 2.6.26 final, and its happy as a clam. The 2.6.27-rc1
kernel has some newer options targeted at net security that I haven't quite
grokked yet.

Back to awstats, where does this output show up? As a web page on localhost,
or something it takes mrtg to look at?

Also, what user does the cron entry belong to?

>NB: /etc/httpd/logs/ is a symlink to /var/log/httpd

That I had figured out.
>
>> And an selinux denial that says I can fix it with this:
>> #> setsebool -P httpd_unified=1
>>
>> But I've now executed that line several times without success.
>>
>> I've also gone through the httpd stuff and made much of it 0644 and owned
>> by apache:apache.
>
>Why and what? Configuration and log files should be owned by root,
>files to be served out of the website should be owned by the author.
>
I'll switch them back then.

>Are you still using your computer as root, and messing up file and
>directory ownerships as you go along?

Here and there. If fedora would give me what I want to do, I'd use it as is,
but it doesn't.

--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
May I ask a question?

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 07-31-2008, 05:28 AM
Tim
 
Default awstats munged httpd rights in SElinux, how to fix?

Tim:
>> Sounds more like Apache problems, not AWStats, this is Apache failing to
>> start. AWStats just reads the logs, *separately*. As a regular cron
>> job, as I recall. Though it can be fired up on demand.


Gene Heskett:
> Actually, its something in the new 2.6.27-rc1 kernel that is stopping it.
> I just rebooted to 2.6.26 final, and its happy as a clam. The 2.6.27-rc1
> kernel has some newer options targeted at net security that I haven't quite
> grokked yet.

You're using non-Fedora kernels? I don't see that one offered to me.
If so, I'm not too surprised if things break, Fedora will have modified
kernels to suit how their distro works, they all have their quirks.

> Back to awstats, where does this output show up? As a web page on localhost,
> or something it takes mrtg to look at?

AWStats produces a set of webpages with statistics that you can login
and view. See the screenshots on <http://awstats.sourceforge.net/>.

You'd have to look at the configuration details inserted into Apache's
configuration, to see where it comes from.

I hadn't installed it, but it's on my hosted website, so I'm familiar
with using it. I'm installing it now, to have a look at how it actually
works. I've got it running, and with no errors. Though I had to tweak
two settings in a /etc/awstats/awstats.localhost.conf configuration file
to suit my website (localhost, for this test - setting the sitedomain
directive to localhost, and for it to *NOT* skip results from 127.0.0.1,
by putting some other bogus IP in the skiphosts directive).

NB: I've done this with a spinning headache, so you ought to be able to
manage this as well, without my headache.

Looking at its configuration files, it serves static content out
of /usr/share/awstats/, dynamic content from /var/lib/awstats/, and
you'd view results <http://localhost/awstats/awstats.pl?config=sitename>
(changing "sitename" to the sitename set in the configuration file
inside /etc/awstats/).

As a comparison, I have previously installed webalizer, and that stores
its statistics in /var/lib/webalizer, and generates HTML for viewing the
stats in /var/www/usage, and its results at <http://localhost/usage/>.
This worked without my customising it, though I would go ahead and do
so, to stop it showing things like CSS and JPEG files as "page" results.

And if you use use virtual hosts to serve different websites from the
same webserver software, you'd want to customise your stats program to
separate the results.

I mention an alternative stats program, since webalizer seems to be
installed by default, and it can be handy to have a look at more than
one analyzer, to see which results you like reading better.

> Also, what user does the cron entry belong to?

[root@gonzales ~]# ll /etc/cron.hourly/awstats
-rwxr-xr-x 1 root root 188 2008-07-22 06:50 /etc/cron.hourly/awstats

[root@gonzales ~]# ll -Z /etc/cron.hourly/awstats
-rwxr-xr-x root root system_ubject_r:bin_t:s0 /etc/cron.hourly/awstats

How did it originally set itself up as?

>> Are you still using your computer as root, and messing up file and
>> directory ownerships as you go along?

> Here and there. If fedora would give me what I want to do, I'd use it as is,
> but it doesn't.

Generally, I find it does. I only "su -" to reconfigure things. But
once you stay as root while doing things, you paint yourself into a
corner.

I also leave SELinux as default (enabled and targeted). I might
temporarily disable it to see if it made a difference to something I was
trying to beat into submission, but it goes back on again once I work
out where any problems were.

I had no SELinux issues while using either of these stats analysers.

--
[tim@localhost ~]$ uname -r
2.6.25.11-97.fc9.i686

Don't send private replies to my address, the mailbox is ignored. I
read messages from the public lists.



--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 07-31-2008, 05:51 AM
Tim
 
Default awstats munged httpd rights in SElinux, how to fix?

On Thu, 2008-07-31 at 14:58 +0930, Tim wrote:
> I've got it running, and with no errors. Though I had to tweak
> two settings in a /etc/awstats/awstats.localhost.conf configuration
> file to suit my website (localhost, for this test - setting the
> sitedomain directive to localhost, and for it to *NOT* skip results
> from 127.0.0.1, by putting some other bogus IP in the skiphosts
> directive).

You *might* want to add the following tweak, *if* you don't want viewing
the stats to be counted as part of the website stats. Find the
SkipFiles directive (in the site awstats config file), and include the
following: REGEX[^/awstats]

Mine looks like the following, since I've not skipped anything else:

SkipFiles="REGEX[^/awstats]"^M

I haven't removed any of the MS-DOS style line endings (the trailing ^M
characters), as it seems to work fine as it is.

--
[tim@localhost ~]$ uname -r
2.6.25.11-97.fc9.i686

Don't send private replies to my address, the mailbox is ignored. I
read messages from the public lists.



--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 07-31-2008, 09:41 PM
Gene Heskett
 
Default awstats munged httpd rights in SElinux, how to fix?

On Thursday 31 July 2008, Tim wrote:
>Tim:
>>> Sounds more like Apache problems, not AWStats, this is Apache failing to
>>> start. AWStats just reads the logs, *separately*. As a regular cron
>>> job, as I recall. Though it can be fired up on demand.
>
>Gene Heskett:
[...]
>AWStats produces a set of webpages with statistics that you can login
>and view. See the screenshots on <http://awstats.sourceforge.net/>.
>
[...]

>NB: I've done this with a spinning headache, so you ought to be able to
>manage this as well, without my headache.

ouch, like my aching back, thats not good at all, mine is from 70+ years of
abuse & 25 extra pounds, does your's have a reason?
[...]
>I mention an alternative stats program, since webalizer seems to be
>installed by default, and it can be handy to have a look at more than
>one analyzer, to see which results you like reading better.

I see that is installed, but finding a viewer for it seems to be purely by
accident, it opened ELinks, whatever that is, when I clicked on its july
report from within midnight commander.

Grumble... Question for the webalizer folks then? Why is there not a link to
the viewer in the k-menu's?

Having it installed, but effectively unavailable doesn't make a lot of sense
to me. If there had been such a menu entry, its likely I would have used it
rather than doing a freshmeat search for the newest, highly rated such tool &
then went hunting in yumex for a suitable rpm. But, OTOH, this IS linux, go
find your own tools, but linking a name to a function doesn't seem to be a
strong point in linux either.

I've not looked at either enough to develop a love affair with either of them
just yet.

>> Also, what user does the cron entry belong to?
>
>[root@gonzales ~]# ll /etc/cron.hourly/awstats
>-rwxr-xr-x 1 root root 188 2008-07-22 06:50 /etc/cron.hourly/awstats
>
So thats good.

>[root@gonzales ~]# ll -Z /etc/cron.hourly/awstats
>-rwxr-xr-x root root system_ubject_r:bin_t:s0
> /etc/cron.hourly/awstats
>
>How did it originally set itself up as?

ls -l /etc/awstats/:
-rw-r--r-- 1 root root 62137 2008-07-30 17:28 awstats.coyote.coyote.den.conf
-rw-r--r-- 1 root root 62130 2008-07-21 17:17
awstats.localhost.localdomain.conf
-rw-r--r-- 1 root root 62130 2008-07-21 17:17 awstats.model.conf

And I haven't touched what the rpm installed.

And its output is at:
http://localhost/awstats/awstats.pl?config=coyote.coyote.den

Since I'm running an oddball port # to the outside world, I was rather
surprised to see the googlebot was there every day this last month.

>>> Are you still using your computer as root, and messing up file and
>>> directory ownerships as you go along?
>>
>> Here and there. If fedora would give me what I want to do, I'd use it as
>> is, but it doesn't.
>
>Generally, I find it does. I only "su -" to reconfigure things. But
>once you stay as root while doing things, you paint yourself into a
>corner.

It would appear to be the natural result. Some of this started when I tried
to build OpenMovieEditor, and F8 apparently doesn't have enough GLX stuff to
build it, 8 OpenGL functions seem to have been stripped from the library by
RedHat. Reason? Damned if I know. See some of my posts in that thread.
This is however, a perfect example of the major reason I do run as root, its
a hell of a lot easier to fix stuff they've silently broken in what I view as
just as flagrant a market lockin as M$ is famous for doing.

Why else would they strip 8 function calls out of the OpenGL stuff?

>I also leave SELinux as default (enabled and targeted). I might
>temporarily disable it to see if it made a difference to something I was
>trying to beat into submission, but it goes back on again once I work
>out where any problems were.

Its been enabled/targetted here non-stop for 4 or 5 months, and things were
humming right along, till 2.6.27-rc1. I've rebuilt it without the IPsec
options for selinux now, but haven't rebooted, I've been busy saying magic
incantations and making shingles appear, all nailed down, on a new 16x26
garage roof. All that magic sure makes me sweat though, and working through a
half hours light drizzle didn't help. Another 10 shingles or so and the
front half is done, but I need to do all the trim around the edges for the
back half before I can step over the peak with shingles in hand.

>I had no SELinux issues while using either of these stats analysers.

I think I, in my haste, pointed too many fingers. The one I pointed at
awstats was in error. This is a 2.6.27-rc1 (straight from kernel.org)
problem. The selinux guys are poking at it now I believe, but not sure, its
been quite a few hours since I got up from this keyboard around 10:30ish this
morning.

--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
After your lover has gone you will still have PEANUT BUTTER!

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 07-31-2008, 09:42 PM
Gene Heskett
 
Default awstats munged httpd rights in SElinux, how to fix?

On Thursday 31 July 2008, Tim wrote:
>On Thu, 2008-07-31 at 14:58 +0930, Tim wrote:
>> I've got it running, and with no errors. Though I had to tweak
>> two settings in a /etc/awstats/awstats.localhost.conf configuration
>> file to suit my website (localhost, for this test - setting the
>> sitedomain directive to localhost, and for it to *NOT* skip results
>> from 127.0.0.1, by putting some other bogus IP in the skiphosts
>> directive).
>
>You *might* want to add the following tweak, *if* you don't want viewing
>the stats to be counted as part of the website stats. Find the
>SkipFiles directive (in the site awstats config file), and include the
>following: REGEX[^/awstats]
>
>Mine looks like the following, since I've not skipped anything else:
>
> SkipFiles="REGEX[^/awstats]"^M
>
Nice hint, thanks Tim.

>I haven't removed any of the MS-DOS style line endings (the trailing ^M
>characters), as it seems to work fine as it is.



--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
An evil mind is a great comfort.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-01-2008, 02:59 PM
Tim
 
Default awstats munged httpd rights in SElinux, how to fix?

Tim:
>> NB: I've done this with a spinning headache, so you ought to be able to
>> manage this as well, without my headache.

Gene Heskett:
> ouch, like my aching back, thats not good at all, mine is from 70+ years of
> abuse & 25 extra pounds, does your's have a reason?

Dunno if my headache's from the cold I've got, or the medication for it.
I do know why my back aches - getting stuck, many years ago, hauling
something heavy out of the back of a car...

>> I mention an alternative stats program

> I see that is installed, but finding a viewer for it seems to be purely by
> accident, it opened ELinks, whatever that is, when I clicked on its july
> report from within midnight commander.

How did you access it? Elinks is a text-only web browser, rather like
Lynx, but also supports some rudimentary tables or frames layout.

> Grumble... Question for the webalizer folks then? Why is there not a link to
> the viewer in the k-menu's?

Well, actually, one doesn't usually access such things through the
system menus, but through your web browser. What would be needed is
preloading the bookmarks on any browser that's on your system, with
<http://localhost/usage>. But then we don't do anything similar for all
the cgi-scripts that might be included with a web browser.

It's another of those read the manual / read the configuration file /
look at its scripts, things. It used to be that such things as
statistic analysers were programs that you'd install by hand, because
you wanted it, and would already have known about it.

> Having it installed, but effectively unavailable doesn't make a lot of sense
> to me. If there had been such a menu entry, its likely I would have used it
> rather than doing a freshmeat search for the newest, highly rated such tool &
> then went hunting in yumex for a suitable rpm.

Over the years I'd used webalizer, finding it's simple one page summary
rather useful. But more recently, preferred AWStats features. I'd left
it alone, before, as being rather convoluted. But when I changed
webhosts, they gave me with a poorly configured webalizer, and a fairly
well configured AWStats. And since I can't really reconfigure them,
thanks to how the host runs, I just went with the flow.

One thing that annoys me about them both, is the referrer stats. The
links for who referred to you is sanitised, somewhat. So you do have to
manually check your logs to find exactly what pages have referred to
you. You just know, when your stats have suddenly increased for one
month, that you've become the address on one of those random "exit this
porn site" buttons. ;-)

> ls -l /etc/awstats/:
> -rw-r--r-- 1 root root 62137 2008-07-30 17:28 awstats.coyote.coyote.den.conf
> -rw-r--r-- 1 root root 62130 2008-07-21 17:17 awstats.localhost.localdomain.conf
> -rw-r--r-- 1 root root 62130 2008-07-21 17:17 awstats.model.conf
>
> And I haven't touched what the rpm installed.

To cut down on workload, and avoid meaningless data/traffic, I'd remove
all but one, and customise it to suit your needs. Else, once an hour,
all three configuration files will be used to read your stats.

> Since I'm running an oddball port # to the outside world, I was rather
> surprised to see the googlebot was there every day this last month.

I can think of a few things: Faked user-agent string, hoping that the
googlebot might be allowed in where ordinary clients might shooed away.
And if you've ever mentioned the address for your server somewhere in
public, it'll have been indexed. Big brother is watching you, and I
don't mean that crappy TV show... ;-)

>>>> Are you still using your computer as root...

> Some of this started when I tried to build OpenMovieEditor, and F8
> apparently doesn't have enough GLX stuff to build it, 8 OpenGL
> functions seem to have been stripped from the library by RedHat.
> Reason? Damned if I know.

I'd still stick with using your computer as yourself, just use another
terminal as root for configuration issues. Especially if you're opening
your computer up to the world as a webserver. You do want as much
protection as you can manage, in that situation.

> I've been busy saying magic incantations and making shingles appear,
> all nailed down, on a new 16x26 garage roof. All that magic sure makes
> me sweat though, and working through a half hours light drizzle didn't
> help. Another 10 shingles or so and the front half is done, but I
> need to do all the trim around the edges for the back half before I
> can step over the peak with shingles in hand.

Around here, we have neighbours who like playing with power tools all
week and weekend long, lawn mowers, chainsaws, angle grinders, and other
things that I haven't figured out. Compare that to me - the other week
I pruned several trees, and removed a whole one, using nothing other
than a hand saw, branch clippers, and brute force. The only noise I
subjected my neighbours to was the occasional swear word.

--
[tim@localhost ~]$ uname -r
2.6.25.11-97.fc9.i686

Don't send private replies to my address, the mailbox is ignored. I
read messages from the public lists.



--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-01-2008, 06:37 PM
Gene Heskett
 
Default awstats munged httpd rights in SElinux, how to fix?

On Friday 01 August 2008, Tim wrote:
>Tim:
>>> NB: I've done this with a spinning headache, so you ought to be able to
>>> manage this as well, without my headache.
>
>Gene Heskett:
>> ouch, like my aching back, thats not good at all, mine is from 70+ years
>> of abuse & 25 extra pounds, does your's have a reason?
>
>Dunno if my headache's from the cold I've got, or the medication for it.
>I do know why my back aches - getting stuck, many years ago, hauling
>something heavy out of the back of a car...
>
>>> I mention an alternative stats program
>>
>> I see that is installed, but finding a viewer for it seems to be purely by
>> accident, it opened ELinks, whatever that is, when I clicked on its july
>> report from within midnight commander.
>
>How did you access it? Elinks is a text-only web browser, rather like
>Lynx, but also supports some rudimentary tables or frames layout.
>
>> Grumble... Question for the webalizer folks then? Why is there not a
>> link to the viewer in the k-menu's?
>
>Well, actually, one doesn't usually access such things through the
>system menus, but through your web browser. What would be needed is
>preloading the bookmarks on any browser that's on your system, with
><http://localhost/usage>. But then we don't do anything similar for all
>the cgi-scripts that might be included with a web browser.
>
>It's another of those read the manual / read the configuration file /
>look at its scripts, things. It used to be that such things as
>statistic analysers were programs that you'd install by hand, because
>you wanted it, and would already have known about it.
>
>> Having it installed, but effectively unavailable doesn't make a lot of
>> sense to me. If there had been such a menu entry, its likely I would have
>> used it rather than doing a freshmeat search for the newest, highly rated
>> such tool & then went hunting in yumex for a suitable rpm.
>
>Over the years I'd used webalizer, finding it's simple one page summary
>rather useful. But more recently, preferred AWStats features. I'd left
>it alone, before, as being rather convoluted. But when I changed
>webhosts, they gave me with a poorly configured webalizer, and a fairly
>well configured AWStats. And since I can't really reconfigure them,
>thanks to how the host runs, I just went with the flow.
>
>One thing that annoys me about them both, is the referrer stats. The
>links for who referred to you is sanitised, somewhat. So you do have to
>manually check your logs to find exactly what pages have referred to
>you. You just know, when your stats have suddenly increased for one
>month, that you've become the address on one of those random "exit this
>porn site" buttons. ;-)
>
>> ls -l /etc/awstats/:
>> -rw-r--r-- 1 root root 62137 2008-07-30 17:28
>> awstats.coyote.coyote.den.conf -rw-r--r-- 1 root root 62130 2008-07-21
>> 17:17 awstats.localhost.localdomain.conf -rw-r--r-- 1 root root 62130
>> 2008-07-21 17:17 awstats.model.conf
>>
>> And I haven't touched what the rpm installed.
>
>To cut down on workload, and avoid meaningless data/traffic, I'd remove
>all but one, and customise it to suit your needs. Else, once an hour,
>all three configuration files will be used to read your stats.
>
>> Since I'm running an oddball port # to the outside world, I was rather
>> surprised to see the googlebot was there every day this last month.
>
>I can think of a few things: Faked user-agent string, hoping that the
>googlebot might be allowed in where ordinary clients might shooed away.
>And if you've ever mentioned the address for your server somewhere in
>public, it'll have been indexed. Big brother is watching you, and I
>don't mean that crappy TV show... ;-)

Grrr. Must be time I changed the domain name, but I'd still have to email it
to my friends, who like you, are many and sundry. Damned if I do & damned if
I don't. I should do a google search for one of the pictures there and see
if google has the link. I just tried google for 3 of my pix, but google
doesn't have a link. Just as well, I occasionally have stuff there that
burglars would love.

>>>>> Are you still using your computer as root...
>>
>> Some of this started when I tried to build OpenMovieEditor, and F8
>> apparently doesn't have enough GLX stuff to build it, 8 OpenGL
>> functions seem to have been stripped from the library by RedHat.
>> Reason? Damned if I know.

here is whats missing:

gcc -D_REENTRANT -D_FILE_OFFSET_BITS=64 -I/usr/local/include -Wall -Wmissing-declarations -Wdeclaration-after-statement -Wl,--rpath -Wl,/opt/gmerlin/lib -o .libs/bgavdump
bgavdump.o ../lib/.libs/libgmerlin_avdec.so -L/usr/local/lib /usr/local/lib/libgavl.so
/usr/lib/libavcodec.so.51: undefined reference to `faacDecDecode'
/usr/lib/libavcodec.so.51: undefined reference to `faacDecInit2'
/usr/lib/libavcodec.so.51: undefined reference to `faacDecClose'
/usr/lib/libavcodec.so.51: undefined reference to `faacDecOpen'
/usr/lib/libavcodec.so.51: undefined reference to `faacDecSetConfiguration'
/usr/lib/libavcodec.so.51: undefined reference to `faacDecInit'
/usr/lib/libavcodec.so.51: undefined reference to
`faacDecGetCurrentConfiguration'
/usr/lib/libavcodec.so.51: undefined reference to `faacDecGetErrorMessage'
collect2: ld returned 1 exit status
make[1]: *** [bgavdump] Error 1
make[1]: Leaving directory
`/opt/gmerlin-all-in-one-20080715/gmerlin_avdecoder/gmerlin-avdecoder-0.1.8/tests'
make: *** [all-recursive] Error 1
Compilation in gmerlin_avdecoder failed

I interpret that as saying that even though the functions are in the header
files ok, the library itself does not have them. Grrrr.

>I'd still stick with using your computer as yourself, just use another
>terminal as root for configuration issues. Especially if you're opening
>your computer up to the world as a webserver. You do want as much
>protection as you can manage, in that situation.

I'm not directly connected to the net here, dd-wrt, x86 version running on an
old 450 mhz k6-iii is between me and the black hats. It gets about 500 root
login attempts a day, but the password is both long and unique.

[...]

>Around here, we have neighbours who like playing with power tools all
>week and weekend long, lawn mowers, chainsaws, angle grinders, and other
>things that I haven't figured out. Compare that to me - the other week
>I pruned several trees, and removed a whole one, using nothing other
>than a hand saw, branch clippers, and brute force. The only noise I
>subjected my neighbours to was the occasional swear word.

Yeah I hear that. I have about a 5 minute monologue I've developed over the
years for such things as hitting my thumb with a hammer or similar. You can
hear it well past the property line too.

--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
I have more humility in my little finger than you have in your whole ____
BODY!
-- from "Cerebus" #82

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-02-2008, 02:56 AM
Tim
 
Default awstats munged httpd rights in SElinux, how to fix?

Tim:
>> I'd still stick with using your computer as yourself, just use another
>> terminal as root for configuration issues. Especially if you're opening
>> your computer up to the world as a webserver. You do want as much
>> protection as you can manage, in that situation.

Gene Heskett:
> I'm not directly connected to the net here, dd-wrt, x86 version
> running on an old 450 mhz k6-iii is between me and the black hats. It
> gets about 500 root login attempts a day, but the password is both
> long and unique.

In that case, the main worries would be that they could find an exploit
in a webserver that doesn't require a logon (abusing guestbook scripts,
and the like), or just abusing mail forms to send spam through your
service to someone else. I get a few script kiddies rattling the
windows on my website, but they only get 404s. I don't have the scripts
that they're looking for to exploit.

I don't have remote shell access, I haven't thought of a reason that I'd
really want it. One day I might set things so I can access my mail
servers remotely, but not before I've figured out how to do it securely
(i.e. encrypted access only).

--
[tim@localhost ~]$ uname -r
2.6.25.11-97.fc9.i686

Don't send private replies to my address, the mailbox is ignored. I
read messages from the public lists.



--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 

Thread Tools




All times are GMT. The time now is 06:34 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org