SnipeIT - Connection Refused

JaredBusch

@dustinb3403 said in SnipeIT - Connection Refused:

@JaredBusch one sec, it may have just needed to be stopped completely.

Well check your context with

ls -laZ /var/www/html

should look like this:

drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 snipeit

JaredBusch

@dustinb3403 said in SnipeIT - Connection Refused:

We're up and running.

OKAY @JaredBusch go bitch slap the SnipeIT team. . .

The pertinent question is, was the setenforce 0 in their guide or the script on here?

DustinB3403

@jaredbusch said in SnipeIT - Connection Refused:

ls -laZ /var/www/html

It does, I think we're in good shape.

JaredBusch

@jaredbusch said in SnipeIT - Connection Refused:

@dustinb3403 said in SnipeIT - Connection Refused:

We're up and running.

OKAY @JaredBusch go bitch slap the SnipeIT team. . .

The pertinent question is, was the setenforce 0 in their guide or the script on here?

It looks like @scottalanmiller's original post has the setenforce 0 in it. So the question is where did he get it from?

https://mangolassi.it/topic/6967/installing-snipe-it-on-centos-7-and-mariadb/1

DustinB3403

@jaredbusch said in SnipeIT - Connection Refused:

@dustinb3403 said in SnipeIT - Connection Refused:

We're up and running.

OKAY @JaredBusch go bitch slap the SnipeIT team. . .

The pertinent question is, was the setenforce 0 in their guide or the script on here?

That I honestly don't recall. I probably used an installation guide here on ML, as the information from their site is pretty bad.

DustinB3403

For a little necormancy

This issue came back again, thought I had resolved it after the last time.

Well this time I've got it set.

setsebool -P httpd_can_connect_ldap on
chcon -R -h -t httpd_sys_script_rw_t /var/www/html/snipeit/

sealert (which I had to install) showed I needed this as well

ausearch -c 'httpd' --raw | audit2allow -M my-httpd
semodule -i my-httpd.pp

Once done, reboot and check is httpd (apache) is running. For me it was.

tiagom

The installer doesn't setenforce 0. Depending on the distro being installed it even checks if selinux is enforcing and runs
setsebool -P httpd_can_connect_ldap on
chcon -R -h -t httpd_sys_script_rw_t /var/www/html/snipeit/

DustinB3403

@tiagom said in SnipeIT - Connection Refused:

The installer doesn't setenforce 0. Depending on the distro being installed it even checks if selinux is enforcing and runs
setsebool -P httpd_can_connect_ldap on
chcon -R -h -t httpd_sys_script_rw_t /var/www/html/snipeit/

Did it before, the original installer? Or was that a more recent change? I had to set that in order to get setenforce to allow apache.

tiagom

Original snipeit installer had it added on Sep 26, 2016.

DustinB3403

@tiagom hrm. . .

JaredBusch

@dustinb3403 said in SnipeIT - Connection Refused:

@tiagom hrm. . .

But the guide that is posted here instructed you to setenforce 0 before executing the script so that means that code never ran. I mentioned that in the posts a few months ago when I changed the thing to use git for CentOS 7.

JaredBusch

I ran out of test time the other day, for Fedora 26. But it seemed to have worked for that part.

I had other issues.

Solved SnipeIT - Connection Refused