I’m trying to live with the
benefits of SELinux instead of disabling it every time I discover find it
disallows the action I’m trying. I am testing a demo version of an application
I’m thinking about using on my Radio Blog that allows users to make
requests and dedications. I’m testing it on one of my other Linux backup systems
not published to the public of course.

 Oh today I don’t feel like using
specific ports and application names since I don’t know if I will used the
application. I still have a bit more testing and configuring to do with this
application.

            The requests mechanism is HTTP generated
and uses a specific port. Well using Webmin tool I believe I successfully
added a rule allowing for this port to be accessed. The issue now that I’m
writing about it may be in the functions of the application itself.

            A bit of background: The application runs on
Windows with a MySQL database instance on that Windows system. I have
another MySQL database instance running on my Linux web server system
that gets the updates via a utility from the other MySQL instance on the
Windows system. That works fine and the information on the two MySQL
instances is identical and my Linux web server can access its local MySQL
instance to draw its information to run the website. I also have some PHP
files I ftp’d over to my Linux system that runs my PHP generated web site
and performs various functions such as the HTTP requests and dedications.

            The request and dedications via HTTP are
the issue here and wait to be received via “the request line port” on my
Windows server that runs the application. Well I kept getting permission denied
errors when trying to make requests. I confirmed that this port was open on my
router, that it showed with “netstat” as listening on that port on the Windows
system waiting to hear the request. I was even able to successfully telnet to
“the request line port” on that system. I then went and looked at where the
request would be coming from, my Linux Web Server, and insured it had
permissions in the allow file of the application from the LAN (both NIC’s) and
the WAN. The WAN I knew worked since the alternative method of asking for
request worked fine from another source on the WAN.

            So now the issue was what is blocking the
requests from my Linux system! Well I started looking around and of course the
requests go through just fine with SELinux in permissive mode or
disabled. I had the “the request line port” enabled but then I started
thinking what if the request which are handled via a PHP file aren’t going out
via “the request line port”!

Plus the fact that the
“system-config-securitylevel” utility didn’t allow me to add that port the
same way I added the port for MySQL. I believe this is because that port is not
listening or running any application on my Linux server and mysql is running on
my Linux system.

            So now I’m completely up against it I cannot
add the port and the policies I added in SELinux via Webmin for that
“the request line port” is not having any affect. Then considering that the
“the request line port” may not be applicable from my Linux web server
and using a totally different port I started looking at the other SELinux
policy settings in the “system-config-securitylevel” utility.  Since this
was an HTTP request looked in the “HTTPD Service” section where I
checked “Allow HTTPD scripts and modules to connect to the network” and
now all my requests work!

            What does this mean? The PHP requests may go to
“the request line port” the Windows system where the application resides
but from the requesting system which will always be where the web server resides
it doesn’t use the “the request line port”. In the SELinux policy
settings I have to I checked “Allow HTTPD scripts and modules to connect to
the network” to allow request to propagate from the Linux web server.

This evening I’m getting some strange power issues and
having UPS on my systems have limited any issues.  Normally with these
types of power fluctuations I would need to reboot and re-sync my systems but
not today.

I went to take a shower on my way out to get a bite to eat
and all of the sudden I was in darkness. Well my UPS have kept all of my
systems up and running during these sporadic power fluctuations this evening
without an issue.

I have had several issues with the wiring of this house
which prompted me to go out to a local surplus store and purchase some heavy
duty UPS. I was also able to come up on some UPS at some government
auctions where they were bidding off surplus equipment.

The UPS I have you normally don’t see in a home
environment even one that has all of the equipment that I have!

I have 2 “APC Smart UPS 2200” and a rack mountable
“Compaq R3000 XR”. I have the “APC 2200’s” on “PC skates”
out on the floor and the “Compaq R3000 XR” in one of my racks with my
Web, Music, Windows and Linux servers and my routers and switches. I use the
“APC 2200’s” for my floor main systems and one switch.

I also have an “HP Powerwise 1000” and an “APC
800 RT” that I’m not using at this point. I intend to use the UPS I’m not
using on my entertainment equipment and will probably move on of my “APC
Smart UPS 2200” into another room to use with some of my audio or video
equipment as well.

For the very small price I paid since they were surplus and
auction pickups for less than 5% – 15% of normal cost they do excellent work.
Even when UPS are not keeping equipment up from a power outage they also filter
the power and knock down surges and spikes so they are well worth the investment
to protect your valuable computer systems presently and in the future when you
are going to purchase new equipment.

I was testing some items on my blogs and found that I was unable to leave comments. I looked through my settings and had comments enabled properly. I looked at the plugins and none of them affected the ability to leave comments.
I then went to Sixapart and found the following in their knowledge base article: http://www.sixapart.com/movabletype/kb/comments/comment_and_tra.html
That article set me straight and after setting my “Preferred Archive Type” to “Individual” my blog will now accept comments again.
I had to make this change individually on each blog

This past Sunday 4/02/2006 one of my memory modules failed today on my “Web Server”. I came in from working on my front lawn and then seeding & fertilizing the lawn. I then decided to take a moment to update my “Main Blog” and then of course couldn’t make any connection to my “Web Server”.
My “Music Server” was still streaming music and I could see a number of people listening to this Music on Winamp. I checked my other systems as well and they were all up so I knew there was not a power hit or anything that affected all the systems
I checked my KVM switch and hooked my web server directly to a monitor and received no response. I then tried to ping my “Web Server” from my “Music Server” and that didn’t work so I logged into my backup Linux server and couldn’t ping it from there either.
I then slid my “Web Server” out a bit on the rack and began isolating the issue. Once I determined it was the one stick of 512mb RAM I located my receipt called the store I bought it from and found that since I had purchased it as a package I had to return it as a package.
Anyway now I have my 1gb of RAM back and my web Server intact.
I now need to get my backup “Web Server” up to speed again. With all of the changes I have made to my main “Web Server” I have ported none over to my backup system! I should have been ready for this scenario!