SnipeIT - Connection Refused

black3dynamite

@dustinb3403 said in SnipeIT - Connection Refused:

@black3dynamite

[root@snipeit conf.d]# cat snipeit.conf

Creating the new virtual host in Apache.

LoadModule rewrite_module modules/mod_rewrite.so

<VirtualHost *:80>
ServerAdmin webmaster@localhost
<Directory /var/www/html/snipeit/public>
Allow From All
AllowOverride All
Options +Indexes
</Directory>
DocumentRoot /var/www/html/snipeit/public
ServerName snipeit.domain.com
ErrorLog /var/log/httpd/snipeIT.error.log
CustomLog /var/log/access.log combined
</VirtualHost>

And httpd.conf is set to the same fqdn

Did the httpd.service startup successfully?

DustinB3403

@black3dynamite No it failed.

[root@snipeit ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Mon 2017-08-14 16:29:45 EDT; 5min ago
	 Docs: man:httpd(8)
		   man:apachectl(8)
  Process: 1326 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
  Process: 896 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
 Main PID: 896 (code=exited, status=1/FAILURE)

Aug 14 16:29:43 snipeit.domain.com systemd[1]: Starting The Apache HTTP Server...
Aug 14 16:29:45 snipeit.domain.com httpd[896]: [Mon Aug 14 16:29:45.339624 2017] [so:warn] [pid 896] AH01574...ping
Aug 14 16:29:45 snipeit.domain.com systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Aug 14 16:29:45 snipeit.domain.com kill[1326]: kill: cannot find process ""
Aug 14 16:29:45 snipeit.domain.com systemd[1]: httpd.service: control process exited, code=exited status=1
Aug 14 16:29:45 snipeit.domain.com systemd[1]: Failed to start The Apache HTTP Server.
Aug 14 16:29:45 snipeit.domain.com systemd[1]: Unit httpd.service entered failed state.
Aug 14 16:29:45 snipeit.domain.com systemd[1]: httpd.service failed.
Hint: Some lines were ellipsized, use -l to show in full.

DustinB3403

But for a different reason this time.

DustinB3403

-- Unit session-2.scope has begun starting up.
Aug 14 16:36:17 snipeit.domain.com chronyd[595]: Selected source 96.126.105.86
Aug 14 16:38:01 snipeit.domain.com polkitd[592]: Registered Authentication Agent for unix-process:2415:51024 (system bus name :1.25 [/usr/bin/
Aug 14 16:38:01 snipeit.domain.com polkitd[592]: Unregistered Authentication Agent for unix-process:2415:51024 (system bus name :1.25, object
Aug 14 16:38:13 snipeit.domain.com polkitd[592]: Registered Authentication Agent for unix-process:2422:52180 (system bus name :1.26 [/usr/bin/
Aug 14 16:38:13 snipeit.domain.com systemd[1]: Starting The Apache HTTP Server...
-- Subject: Unit httpd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has begun starting up.
Aug 14 16:38:13 snipeit.domain.com httpd[2428]: [Mon Aug 14 16:38:13.395958 2017] [so:warn] [pid 2428] AH01574: module rewrite_module is alrea
Aug 14 16:38:13 snipeit.domain.com systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Aug 14 16:38:13 snipeit.domain.com kill[2429]: kill: cannot find process ""
Aug 14 16:38:13 snipeit.domain.com systemd[1]: httpd.service: control process exited, code=exited status=1
Aug 14 16:38:13 snipeit.domain.com systemd[1]: Failed to start The Apache HTTP Server.
-- Subject: Unit httpd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has failed.
--
-- The result is failed.
Aug 14 16:38:13 snipeit.domain.com systemd[1]: Unit httpd.service entered failed state.
Aug 14 16:38:13 snipeit.domain.com systemd[1]: httpd.service failed.
Aug 14 16:38:13 snipeit.domain.com polkitd[592]: Unregistered Authentication Agent for unix-process:2422:52180 (system bus name :1.26, object

DustinB3403

I'm kind of stumped as to why this happened. To my knowledge nothing was changed within the org over the weekend, and nothing with this system specifically. . .

travisdh1

Hrm, is this a Debian/Ubuntu or RedHat/CentOS/Fedora host? This has happened to me before, but I don't remember what fixed it and all my documentation has been wiped out of existence now.

DustinB3403

@travisdh1 Centos 7

DustinB3403

Same issue after a reboot

Aug 14 16:50:04 snipeit.domain.com systemd[1]: Starting The Apache HTTP Server...
Aug 14 16:50:06 snipeit.domain.com httpd[903]: [Mon Aug 14 16:50:06.723873 2017] [so:warn] [pid 903] AH01574: module rewrite_module ...kipping
Aug 14 16:50:06 snipeit.domain.com systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Aug 14 16:50:07 snipeit.domain.com kill[1334]: kill: cannot find process ""
Aug 14 16:50:07 snipeit.domain.com systemd[1]: httpd.service: control process exited, code=exited status=1
Aug 14 16:50:07 snipeit.domain.com systemd[1]: Failed to start The Apache HTTP Server.
Aug 14 16:50:07 snipeit.domain.com systemd[1]: Unit httpd.service entered failed state.
Aug 14 16:50:07 snipeit.domain.com systemd[1]: httpd.service failed.

travisdh1

@dustinb3403 said in SnipeIT - Connection Refused:

@travisdh1 Centos 7

Of course, one I don't have conveniently running at the moment

DustinB3403

@travisdh1 said in SnipeIT - Connection Refused:

@dustinb3403 said in SnipeIT - Connection Refused:

@travisdh1 Centos 7

Of course, one I don't have conveniently running at the moment

Well hop to it Minimal is only 680 MB

travisdh1

@dustinb3403 said in SnipeIT - Connection Refused:

@travisdh1 said in SnipeIT - Connection Refused:

@dustinb3403 said in SnipeIT - Connection Refused:

@travisdh1 Centos 7

Of course, one I don't have conveniently running at the moment

Well hop to it Minimal is only 680 MB

Yeah, and my home lab will do a netinstall in no time flat once I get around to it.

DustinB3403

@travisdh1 said in SnipeIT - Connection Refused:

@dustinb3403 said in SnipeIT - Connection Refused:

@travisdh1 said in SnipeIT - Connection Refused:

@dustinb3403 said in SnipeIT - Connection Refused:

@travisdh1 Centos 7

Of course, one I don't have conveniently running at the moment

Well hop to it Minimal is only 680 MB

Yeah, and my home lab will do a netinstall in no time flat once I get around to it.

VirtualBox is only seconds away. . .

DustinB3403

httpd is the only service failing. . .

[ ~]$ systemctl status httpd
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Mon 2017-08-14 16:50:07 EDT; 9min ago
	 Docs: man:httpd(8)
		   man:apachectl(8)
  Process: 1334 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
  Process: 903 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
 Main PID: 903 (code=exited, status=1/FAILURE)

[ ~]$ systemctl status mariadb
● mariadb.service - MariaDB database server
   Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2017-08-14 16:50:10 EDT; 9min ago
  Process: 1053 ExecStartPost=/usr/libexec/mariadb-wait-ready $MAINPID (code=exited, status=0/SUCCESS)
  Process: 899 ExecStartPre=/usr/libexec/mariadb-prepare-db-dir %n (code=exited, status=0/SUCCESS)
 Main PID: 1052 (mysqld_safe)
   CGroup: /system.slice/mariadb.service
		   ├─1052 /bin/sh /usr/bin/mysqld_safe --basedir=/usr
		   └─1306 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mariad...

DustinB3403

Setenforce 0

(AKA I can access the system) . . . so now how to configure it so this system isn't wide open. . .

travisdh1

@dustinb3403 said in SnipeIT - Connection Refused:

Setenforce 0

(AKA I can access the system) . . . so now how to configure it so this system isn't wide open. . .

Oh, that's in @JaredBusch's guides to setting up NextCloud... I bet you get it looked up before I find it

DustinB3403

@travisdh1 said in SnipeIT - Connection Refused:

@dustinb3403 said in SnipeIT - Connection Refused:

Setenforce 0

(AKA I can access the system) . . . so now how to configure it so this system isn't wide open. . .

Oh, that's in @JaredBusch's guides to setting up NextCloud... I bet you get it looked up before I find it

Found the guide. It was never updated with setenforce info.

JaredBusch

@dustinb3403 said in SnipeIT - Connection Refused:

@travisdh1 said in SnipeIT - Connection Refused:

@dustinb3403 said in SnipeIT - Connection Refused:

Setenforce 0

(AKA I can access the system) . . . so now how to configure it so this system isn't wide open. . .

Oh, that's in @JaredBusch's guides to setting up NextCloud... I bet you get it looked up before I find it

Found the guide. It was never updated with setenforce info.

Your problem is because somewhere along the way the old guides for Snipe said to setenforce 0 during install.

But Snipe's installer actually checks for SELinux to be enforcing and then sets the required contexts. So because the guide said to install with it off, the installer never set the contexts.

I found this when I figured out how to change the installer to use git. Lemme go dig that out.

JaredBusch

@DustinB3403
https://mangolassi.it/post/323040

This is where we talked about this.

Let me go hit my github and pull out the command without variables.

travisdh1

@jaredbusch "setenforce 0" always the lazy way out.

DustinB3403

@travisdh1 said in SnipeIT - Connection Refused:

@jaredbusch "setenforce 0" always the lazy way out.

That is what I did for the moment, just to test. But I would like to allow only the services that are required of the system.

Is there no way to specify httpd as being allowed through setenforce?