Omnis 10.1 headless on centos 8
Bruno Del Sol
bruno.delsol at bydesign.fr
Mon Apr 26 19:14:29 UTC 2021
Salut Louis,
I don't use selinux because i'm no sysadmin, so It is setup as permissive on the centos server I install.
If the server is facing the internet, i do add other layers of security that are simpler to install and don't need
management :
- unattended-upgrades : automation of system updates
see https://www.tecmint.com/dnf-automatic-install-security-updates-automatically-in-centos-8/
- fail2ban : allow to jail boring ip that are constantly scanning ports and services
see https://www.atlantic.net/vps-hosting/how-to-protect-apache-and-ssh-with-fail2ban-on-centos-8/
- protect Apache against slowloris attacks with mod_qos (dnf install mod_qos)
see https://www.acunetix.com/blog/articles/slow-http-dos-attacks-mitigate-apache-http-server/>
As of today this is enough to keep these servers up and running 99% of the time.
HTH
Regards
Bruno
By Design
http://www.bydesign.fr
Bruno Del Sol
bruno.delsol at bydesign.fr
46, rue de La Tour d'Auvergne
75009 Paris (France)
Le 26/04/2021 à 19:09, Louis Kirouac a écrit :
> Hi $all
>
> I upgraded my VM to Centos 8 and
> installed omnis-headless-app-server-10.1-29237
>
> I used again Bruno's
> https://github.com/brunobydesign/how-to-install-omnis-headless-on-debian-10
> (Merci encore Bruno)
>
> I am able to open osadmin.htm IF I have SELinux disabled
> but when it is set to:Enforcing
> I get 403 error:
> [Mon Apr 26 12:49:51.206320 2021] [core:error] [pid 2271:tid
> 140119840319232] (13)Permission denied: [client 24.48.69.130:55831]
> AH00035: access to /omnishtml/osadmin.htm denied (filesystem path
> '/usr/local/omnisweb/omnis') because search permissions are missing on a
> component of the path
>
> I set SELinux rules to :
> /usr/local/omnisweb(/.*)? system_u:object_r:httpd_sys_content_t:s0
>
> Did anyone manage to make SELinux happy with Omnis headless on Centos 8 ?
>
> ----
>
> I also get in the omnis log:
>
> {"thread":0,"when":"20210426
> 12:25:41","type":"tracelog","length":74}libssl.so.1.0.0: cannot open shared
> object file: No such file or directory
>
> Should I worry about it?
>
> Merci,
> Thank you for your help
>
> Louis Kirouac
> _____________________________________________________________
> Manage your list subscriptions at http://lists.omnis-dev.com
> Start a new message -> mailto:omnisdev-en at lists.omnis-dev.com
More information about the omnisdev-en
mailing list