Re: [webmin-l] Webmin not reachable

[Przemysław O. <prz...@ma...>]

Im not 100% sure about webmin but virtualmin installer script install.sh 
disables selinux permanently.

That's why i suggested to set selinux to permissive and create a custom 
policy from selinux logs (at least im doing it with virtualmin its quite 
time consuming tho).

If you check selinux logs at /var/log/audit/audit.log and see "avc: 
denied ..." when you try to start or restart webmin it means there is no 
selinux policy for it so either disable selinux permanently or set it to 
permissive. Webmin will produce then lots of log lines in said log file.
Using selinux tools create a policy from those logs and activate it 
changing selinux to enforcing.
After that try restarting webmin and check if all functionality you need 
works correctly. If not back to permissive try to perform all needed 
actions in webmin once and modify selinux policy using new auditlog 
entries then apply and check. After a couple of runs the policy should 
be complete and webmin should be able to work with selinux enabled.
You might also need to relabel webmin files if they lack proper selinux 
labels.

On 12.09.2018 07:11, Mahmood Naderan via webadmin-list wrote:
> >1) Is selinux active if yes either set it to permissive and based on log
> >data create a custom policy for webmin (im not 100% sure for webmin but
> >virtualmin disables selinux compleetly during install) or disable
> >selinux altogether.
>
> Do you mean that I have to disable selinux during the installation of 
> webmin?
>
>
>
>
> >2) check if zone public is assigned to your public interface (public is
> >just a name and can be assigned to any or no interface).
>
>
> Yes. Please see below
>
> # firewall-cmd --get-default-zone
> public
> # firewall-cmd --get-active-zones
> public
>   interfaces: ens192
> # ifconfig
> ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
>         inet 192.168.168.52  netmask 255.255.255.0 broadcast 
> 192.168.168.255
>         inet6 fe80::3f36:3726:e718:ac10  prefixlen 64 scopeid 0x20<link>
>         ether 00:50:56:bd:65:b5  txqueuelen 1000 (Ethernet)
>         RX packets 7383146  bytes 3546644131 (3.3 GiB)
>         RX errors 0  dropped 1739  overruns 0  frame 0
>         TX packets 1092081  bytes 549233068 (523.7 MiB)
>         TX errors 0  dropped 0 overruns 0  carrier 0 collisions 0
>
> lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
>         inet 127.0.0.1  netmask 255.0.0.0
>         inet6 ::1  prefixlen 128  scopeid 0x10<host>
>         loop  txqueuelen 1000  (Local Loopback)
>         RX packets 43883  bytes 24024144 (22.9 MiB)
>         RX errors 0  dropped 0  overruns 0  frame 0
>         TX packets 43883  bytes 24024144 (22.9 MiB)
>         TX errors 0  dropped 0 overruns 0  carrier 0 collisions 0
>
> virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
>         inet 192.168.122.1  netmask 255.255.255.0 broadcast 
> 192.168.122.255
>         ether 52:54:00:8e:ba:8e  txqueuelen 1000 (Ethernet)
>         RX packets 0  bytes 0 (0.0 B)
>         RX errors 0  dropped 0  overruns 0  frame 0
>         TX packets 0  bytes 0 (0.0 B)
>         TX errors 0  dropped 0 overruns 0  carrier 0 collisions 0
>
>
>
>
>
>
> Regards,
> Mahmood
>
>
>
>
>
>
> -
> Forwarded by the Webmin mailing list at web...@li...
> To remove yourself from this list, go to
> http://lists.sourceforge.net/lists/listinfo/webadmin-list