SELinux fixes

If you are anything like me and don’t want to disable SELinux upon installation of Fedora Linux, then I have a hint for you.

List all files from selinux-policy-targeted and look at the output. You will the list of all files in the RPM package. Few of those files are SELinux manuals for better tweaking.

/usr/share/man/man8/ftpd_selinux.8.gz
/usr/share/man/man8/httpd_selinux.8.gz
/usr/share/man/man8/kerberos_selinux.8.gz
/usr/share/man/man8/named_selinux.8.gz
/usr/share/man/man8/nfs_selinux.8.gz
/usr/share/man/man8/nis_selinux.8.gz
/usr/share/man/man8/rsync_selinux.8.gz
/usr/share/man/man8/samba_selinux.8.gz
/usr/share/man/man8/ypbind_selinux.8.gz

I just fixed two problems easily after looking into the documentation.

One was with bind, which was complaining with “Permission denied” on any incoming zone transfer (slave zone). named had all the access there is to all folders, but still couldn’t write. This command (mentioned in man 8 named_selinuhelped immediately:

setsebool -P named_write_master_zones 1

Anoner problem was with Apache, which wasn’t showing anything in user’s public_html directory. man 8 httpd_linux suggested the solution that worked:

setsebool -P httpd_enable_homedirs 1
chcon -R -t httpd_sys_content_t ~user/public_html

Static Subversion for Red Hat 6.2

I’ve heard a few harsh words about Subversion before. Mostly these came from sysadmins who complained about all bits and pieces Subversion requires to work properly. Some mentioned that it is not trivial to compile with the set of options that is different from the default.

Today I spent about three hours together with The Master of Strace trying to make Subversion command line client svn work on one of our old machines that runs Red Hat Linux 6.2. The only way to success, it seems, was to compile the static version of svn. Since we needed support for https:// URLs, we had to build with OpenSSL. OpenSSL is not trivial to compile statically too, because of it enourmous love of Kerberos5. While trying to make it work we also jumped through a number of versions of Subversion and other components.

Finally, we managed to build everything. In case you’ll ever need a statically compiled version of svn (from Subversion version 0.17.1 (r4503)), you can get it here (the binary is about 7 MB):

/usr/local/bin/svn

As far as I am concerned it works just fine. It runs on Red Hat Linux 6.2 and can work (import, checkout, commit, etc) with repository running on one of the recent versions (1.1.4 if I recall correctly).

Needless to say that today I’ve heard a few more not-for-kids-ears words and phrases towards Subversion developers.

Switches do die

That NoName 100 Mbps switch that I was using for my internal network has strangely died today. I’ve experienced problems with it before, but it was different all the time. I always had a hub as a temporary backup solution, but I gave it away some time ago. Thanks to my brother, I now have a brand new 3Com 100Mbps switch. It is only 5 ports instead of 8 ports of the dead one, but it should be enough. I have only 3 ports occupied now, so there are another 2 for my guests.

The funny coincidence is that two days ago I had to repeat three times that network administration is not my biggest interest. :)

MRTG

MRTG (Multi Router Traffic Grapher) is monitoring utility, which runs on many platforms and is capable of collecting and graphing statistical information such as network traffic, CPU/Memory/Disk space usage, etc. MRTG can gather information using both SNMP protocol and external scripts. Below are few pieces of my MRTG config file together with scripts, which I felt like sharing.

Continue reading “MRTG”