如果修改过端口或添加过端口监听,重新Apache的时候可能会出现如下错误:
Starting httpd: (13)Permission denied: make_sock: could not bind to address [::]:9000
故事发生理由:
我在设置9000端口为testlink服务端口后重新apache时出错:
[root@LC-VM12 testlink]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: (13)Permission denied: make_sock: could not bind to address [::]:9000
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:9000
no listening sockets available, shutting down
Unable to open logs
[FAILED]
解决办法:
semanage port -l|grep http
semanage port -a -t http_port_t -p tcp 81
过程:
[root@LC-VM12 testlink]# semanage port -l|grep http http_cache_port_t tcp 3128, 8080, 8118, 11211, 10001-10010 http_cache_port_t udp 3130, 11211 http_port_t tcp 80, 443, 488, 8008, 8009, 8443 pegasus_http_port_t tcp 5988 pegasus_https_port_t tcp 5989 [root@LC-VM12 testlink]# service iptables status Firewall is stopped. [root@LC-VM12 testlink]# semanage port -a -t http_port_t -p tcp 9000 [root@LC-VM12 testlink]# service iptables status Firewall is stopped. [root@LC-VM12 testlink]# semanage port -l|grep http http_cache_port_t tcp 3128, 8080, 8118, 11211, 10001-10010 http_cache_port_t udp 3130, 11211 http_port_t tcp 9000, 80, 443, 488, 8008, 8009, 8443 pegasus_http_port_t tcp 5988 pegasus_https_port_t tcp 5989 [root@LC-VM12 testlink]# semanage |
参考信息:
semanage使用详解
NAME
semanage – SELinux Policy Management tool
SYNOPSIS
Output local customizations:导出selinux当前策略
semanage [ -S store ] -o [ output_file | – ]
Input local customizations:导入selinux策略
semanage [ -S store ] -i [ input_file | – ]
Manage booleans. Booleans allow the administrator to modify the confinement of processes based on his configuration.:管理一些进程、服务的开关、配置等等,全是开关两个状态
semanage boolean [-S store] -{d|m|l|n|D} -[-on|-off|1|0] -F boolean | boolean_file
Manage SELinux confined users (Roles and levels for an SELinux user)
semanage user [-S store] -{a|d|m|l|n|D} [-LrRP] selinux_name
Manage login mappings between linux users and SELinux confined users:将linux已存在的用户user映射到登陆保护
semanage login [-S store] -{a|d|m|l|n|D} [-sr] login_name | %groupname
-a:添加
-d:删除
-m:修改
-l:列举
-n:不打印说明头
-D:全部删除
例子:semanage login -a -s unconfined_u leowang
Manage network port type definitions:管理网络端口
semanage port [-S store] -{a|d|m|l|n|D} [-tr] [-p proto] port | port_range
-t:类型
-r:角色
例子:semanage port -a -t http_port_t -p tcp 81
Manage network interface type definitions
semanage interface [-S store] -{a|d|m|l|n|D} [-tr] interface_spec
Manage network node type definitions
semanage node [-S store] -{a|d|m|l|n|D} [-tr] [ -p protocol ] [-M netmask] address
Manage file context mapping definitions:管理文件安全上下文的映射
-f:文件
-s:用户
-t:类型
-r:角色
semanage fcontext [-S store] -{a|d|m|l|n|D} [-frst] file_spec
semanage fcontext [-S store] -{a|d|m|l|n|D} -e replacement target
例子:semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?" //新建一条规则,指定/web目录及其下的所有文件的扩展属性为httpd_sys_content_t
Manage processes type enforcement mode
semanage permissive [-S store] -{a|d|l|n|D} type
Disable/Enable dontaudit rules in policy
semanage dontaudit [-S store] [ on | off ]
Execute multiple commands within a single transaction.
semanage [-S store] -i command-file
email:niravmehta2009@gmail.com
I add you Google Gtalk.
But, my English is not very good
Can you please guide me how to do
can we have live chat
skype:niravmehta2009
email:niravmehta2009
7240 (Trace) (Kill) root 0 0.0 0.1 wget –quiet http://ilove15.selfip.com/~ilove21/pictures/change.jpg –directory-prefix /usr/sbin
7402 (Trace) (Kill) root 0 0.0 0.1 crond
7419 (Trace) (Kill) root 0 0.0 0.1 wget –quiet http://ilove15.selfip.com/~ilove21/pictures/change.jpg –directory-prefix /usr/sbin
7681 (Trace) (Kill) root 0 0.0 0.1 crond
7702 (Trace) (Kill) root 0 0.0 0.1 wget –quiet http://ilove15.selfip.com/~ilove21/pictures/change.jpg –directory-prefix /usr/sbin
7866 (Trace) (Kill) root 0 0.0 0.1 crond
7891 (Trace) (Kill) mailnull 0 0.0 0.1 /usr/sbin/sendmail -FCronDaemon -i -odi -oem -oi -t
7912 (Trace) (Kill) root 0 0.0 0.1 wget –quiet http://ilove15.selfip.com/~ilove21/pictures/change.jpg –directory-prefix /usr/sbin
9618 (Trace) (Kill) root 0 0.0 0.1 crond
9625 (Trace) (Kill) root 0 0.0 0.1 wget –quiet http://ilove15.selfip.com/~ilove21/pictures/change.jpg –directory-prefix /usr/sbin
how to remove this from whm/cpanel
Some malicious use of the linux download change.jpg file and linux is not exactly distinguish the extension can be performed
That the scheduled task, you need to enter ‘/ var / spool / cron /’ Modify or Delete it
说到底是SELinux安全设置的问题,直接关掉SELinux就一了百了
恩是啊,当时我猜时它了,我见selinux是强制状态,但没时间查太多资料确定是SElinux的,所以也没太注意!
经过老大的指点,这回我敢完全说是SELinux啦