Feb 082014
 

 

Depending on policy configuration, services may only be allowed to run on certain port numbers. Attempting to change the port a service runs on without changing policy may result in the service failing to start. Runsemanage port -l | grep -w “http_port_t” as the root user to list the ports SELinux allows httpd to listen on:

# semanage port -l | grep -w http_port_t
http_port_t                    tcp      80, 443, 488, 8008, 8009, 8443

By default, SELinux allows http to listen on TCP ports 80, 443, 488, 8008, 8009, or 8443. If/etc/httpd/conf/httpd.conf is configured so that httpd listens on any port not listed for http_port_t, httpd fails to start.

To configure httpd to run on a port other than TCP ports 80, 443, 488, 8008, 8009, or 8443:

  1. Edit /etc/httpd/conf/httpd.conf as the root user so the Listen option lists a port that is not configured in SELinux policy for httpd. The following example configures httpd to listen on the 10.0.0.1 IP address, and on port 12345:

  2. # Change this to Listen on specific IP addresses as shown below to
    # prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
    #
    #Listen 12.34.56.78:80
    Listen 10.0.0.1:12345

  3. Run semanage port -a -t http_port_t -p tcp 12345 as the root user to add the port to SELinux policy configuration.

  4. Run semanage port -l | grep -w http_port_t as the root user to confirm the port is added:

  5. # semanage port -l | grep -w http_port_t
    http_port_t                    tcp      12345, 80, 443, 488, 8008, 8009, 8443

If you no longer run httpd on port 12345, run semanage port -d -t http_port_t -p tcp 12345 as the root user to remove the port from policy configuration.

Source

May 182010
 

I was having a problem with WordPress where I could not upload any documents to my website via posting and I could not activate Akismet or change Appearance or Themes. Basically, I could not write to the backend even though my MySql account had full privileges in the database. I got the following error message when I tried to enter my Akismet key:

Akismet The key you entered could not be verified because a connection to akismet.com could not be established. Please check your server configuration.

The problem was that Apache did not have read/write access to the blog website.

The solution was to change the owner of the blog from root to apache the restart the web service.

sudo chown -R apache:root /var/www/html/blog/

sudo service httpd restart

Once I did this my errors went away.