1. httpd.service 재시작 후 에러 발생
# systemctl restart httpd.service
Job for httpd.service failed. See 'systemctl status httpd.service' and 'journalctl -xn' for details.
2. 상태 메시지 확인
# systemctl status -l httpd.service
httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled)
Active: failed (Result: exit-code) since Wed 2015-03-18 08:49:33 KST; 41s ago
Process: 1823 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
Process: 1820 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 1820 (code=exited, status=1/FAILURE)
Mar 18 08:49:33 server11.example.com systemd[1]: Starting The Apache HTTP Server...
Mar 18 08:49:33 server11.example.com httpd[1820]: (13)Permission denied: AH00072: make_sock: could not bind to address [::]:82
Mar
18 08:49:33 server11.example.com httpd[1820]: (13)Permission denied:
AH00072: make_sock: could not bind to address 0.0.0.0:82
Mar 18 08:49:33 server11.example.com httpd[1820]: no listening sockets available, shutting down
Mar 18 08:49:33 server11.example.com httpd[1820]: AH00015: Unable to open logs
Mar 18 08:49:33 server11.example.com systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Mar 18 08:49:33 server11.example.com systemd[1]: Failed to start The Apache HTTP Server.
Mar 18 08:49:33 server11.example.com systemd[1]: Unit httpd.service entered failed state.
※ 아파치 포트는 82번으로 설정되어 있다.
# grep ^Listen /etc/httpd/conf/httpd.conf
Listen 82
3. SELinux로 인해 httpd가 포트 82/TCP에 바인딩 되지 않음을 확인
# sealert -a /var/log/audit/audit.log
.......
If you want to allow /usr/sbin/httpd to bind to network port 82
Then you need to modify the port type.
Do
# semanage port -a -t PORT_TYPE -p tcp 82
where PORT_TYPE is one of the following: http_cache_port_t,
http_port_t, jboss_management_port_t, jboss_messaging_port_t,
ntop_port_t, puppet_port_t.
.......
4. semanage를 사용하여 포트 82/TCP에 대한 적절한 포트 유형을 찾는다.
# semanage port -l |grep http
http_cache_port_t tcp 8080, 8118, 8123, 10001-10010
http_cache_port_t udp 3130
http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000 // 82번 추가
pegasus_http_port_t tcp 5988
pegasus_https_port_t tcp 5989
5. 포트 82/TCP를 http_port_t 유형에 할당
# semanage port -a -t http_port_t -p tcp 82
6. 할당된 82번 확인
# semanage port -l |grep ^http_port_t
http_port_t tcp 82, 80, 81, 443, 488, 8008, 8009, 8443, 9000
7. 재시작 및 방화벽 설정, 클라이언트에서 접속 확인
server# systemctl restart httpd.service
server# firewall-cmd --permanent --add-port=82/tcp
server# firewall-cmd --reload
desktop11$ curl http://server11.example.com:82
Hello
===================================================================================
1. ssh 포트를 기본 22번 포트 외에 999포트 추가
# grep ^Port /etc/ssh/sshd_config
Port 22
Port 999
2. ssh 유형 확인
# semanage port -l | grep ssh
ssh_port_t tcp 22
3. sshd 서비스 재시작 후 확인
# systemctl restart sshd.service
# systemctl status sshd.service
error: Bind to port 999 on 0.0.0.0 failed: Permission denied.
4. SELinux 메시지 확인
# sealert -a /var/log/audit/audit.log
If you want to allow /usr/sbin/sshd to bind to network port 999
Then you need to modify the port type.
Do
# semanage port -a -t PORT_TYPE -p tcp 999
where PORT_TYPE is one of the following: ssh_port_t, vnc_port_t, xserver_port_t.
5. 999포트 할당
# semanage port -a -t ssh_port_t -p tcp 999
# semanage port -l | grep ssh
ssh_port_t tcp 999, 22
'Linux > CentOS' 카테고리의 다른 글
| [CentOS7] SAMBA - 1 (0) | 2015.03.18 |
|---|---|
| [CentOS7] postfix (0) | 2015.03.18 |
| [CentOS7] unbound DNS (0) | 2015.03.17 |
| [CentOS7] Firewalld (0) | 2015.03.17 |
| [CentOS7] Network Bridge (0) | 2015.03.17 |
최근댓글