2012/08/26

Doku WIKI 安裝(CENTOS 6 with SELinux)


Doku WIKI安裝

  • Doku wiki 是一套免用資料庫的 wiki 套件,他需要的程式語言為 PHP 安裝、使用、備份都很方便。底下案例以 Doku wiki 的安裝在 student 的個人網頁目錄內為範例說明,此範例是在 SELinux 打開的狀況下安裝,過程中會遇到 SELinux 的問題並且排除該問題。
# 請上官方網站抓下最新的檔案,必且放到該目錄底下,請確定已經設定好個人的網頁目錄了。
[student@demo public_html]$ pwd
/home/student/public_html
[student@demo public_html]$ wget http://www.splitbrain.org/_media/projects/dokuwiki/dokuwiki-2012-01-25b.tgz
[student@demo public_html]$ tar zxvf dokuwiki-2012-01-25b
[student@demo public_html]$ mv dokuwiki-2012-01-25b wiki
[student@demo public_html]$ chmod 777 wiki/conf/
# 觀看 /var/log/messages 有產生 selinux 警告
root@demo public_html]# tail /var/log/messages
....略....
Aug 26 16:03:47 demo setroubleshoot: SELinux is preventing /usr/sbin/httpd "add_name" 
access on page.idx. For complete SELinux messages. 
run sealert -l a5821478-152b-46bb-892d-633ca202b0f8

# 觀看訊息內容
[root@demo public_html]# sealert -l 21c6b959-1cae-4f30-814e-0ecab713f86f

Summary:

SELinux is preventing /usr/sbin/httpd "write" access on conf.

Detailed Description:

[SELinux is in permissive mode. This access was not denied.]

SELinux denied access requested by httpd. It is not expected that this access is
required by httpd and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug
report.

Additional Information:

Source Context                unconfined_u:system_r:httpd_t:s0
Target Context                unconfined_u:object_r:user_home_t:s0
Target Objects                conf [ dir ]
Source                        httpd
Source Path                   /usr/sbin/httpd
Port                          
Host                          demo.example.com
Source RPM Packages           httpd-2.2.15-5.el6
Target RPM Packages           
Policy RPM                    selinux-policy-3.7.19-54.el6
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Plugin Name                   catchall
Host Name                     demo.example.com
Platform                      Linux demo.example.com 2.6.32-71.el6.x86_64 #1 SMP
                              Wed Sep 1 01:33:01 EDT 2010 x86_64 x86_64
Alert Count                   3
First Seen                    Sun Aug 26 15:59:59 2012
Last Seen                     Sun Aug 26 16:02:32 2012
Local ID                      21c6b959-1cae-4f30-814e-0ecab713f86f
Line Numbers                  

Raw Audit Messages            

node=demo.example.com type=AVC msg=audit(1345968152.291:113): avc: 
 denied  { write } for  pid=2472 comm="httpd" name="conf" dev=dm-2 ino=2778 scontext=unconfined_u:system_r:httpd_t:s0 
tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir

node=demo.example.com type=SYSCALL msg=audit(1345968152.291:113): arch=c000003e
syscall=21 success=yes exit=0 a0=7ff4e47fa080 a1=2 a2=0 a3=7ff4e46343e0 items=0 
ppid=2466 pid=2472 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48
fsgid=48 tty=(none) ses=1 comm="httpd" exe="/usr/sbin/httpd"
 subj=unconfined_u:system_r:httpd_t:s0 key=(null)

# 提示沒有明確建議,直接用下列方式修正將檔案設定為 httpd_sys_content_t 的type屬性,再試試看。
[root@demo ~]# chcon --reference=/var/www/html /home/student/public_html/ -R
[student@demo public_html]$ pwd
/home/student/public_html
[student@demo public_html]$ chmod 777 wiki/conf/
[student@demo public_html]$ chmod 777 wiki/data/
[student@demo public_html]$ chmod 777 wiki/data/pages/
[student@demo public_html]$ chmod 777 wiki/data/attic/
[student@demo public_html]$ chmod 777 wiki/data/media
[student@demo public_html]$ chmod 777 wiki/data/media_attic
[student@demo public_html]$ chmod 777 wiki/data/media_meta
[student@demo public_html]$ chmod 777 wiki/data/meta
[student@demo public_html]$ chmod 777 wiki/data/cache
[student@demo public_html]$ chmod 777 wiki/data/locks
[student@demo public_html]$ chmod 777 wiki/data/index
[student@demo public_html]$ chmod 777 wiki/data/tmp
  • reload 網頁,發現所有問題已經排除,繼續下一頁安裝。
Sa unit13 doku install.png
  • 刪除 install.php 避免產生安全性問題
[student@demo wiki]$ rm install.php
  • 安裝完成, enjoy it!!
Sa unit13 doku install finish.png

沒有留言: