I am trying to scan uploaded files on PHP server using clamAV. I've installed ClamAV on my server (Centos 7). Currently, I am using PHP 7, so I am using Clamd socket connection to scan uploaded files. I've enabled PHP sockets, clamd.sock file is present at /var/run/clamd.scan/ folder with apache owner.
My Socket connection code -
$socket = socket_create(AF_UNIX, SOCK_STREAM, 0);
if(socket_connect($socket, '/var/run/clamd.scan/clamd.sock')) {
return $socket;
}
When I try to run above code on the browser I am getting error as socket_connect(): unable to connect [13]: Permission denied, But if I run the PHP code through command line with a user as root it is working fine.
I know there is some issue with SELinux policy with Centos as if I disable SELinux policy everything is working fine from the browser as well. I have checked httpd_can_network_connect --> on and antivirus_can_scan_system --> on both are on.
The issue is with accessing anything inside /var/run/ folder for apache user, there is something (some policy) from SELinux which is stopping apache to connect to clamd socket file. Any ideas?
After debugging, got to know that this is SELinux policy issue.
You need to enable daemons_enable_cluster_mode policy in SELinux.
To Enable daemons_enable_cluster_mode:
setsebool -P daemons_enable_cluster_mode 1
This will allow executing ClamAV scan through another service like Apache in my case.
Related
I have problem with all version of bitnami. When I shut down or restart my pc, WAMP can't connect with MySQL. I closed skype but still have the same problem. I also changed to XAMPP but the problem still there when I shut down. In the end, I revert to bitnami and I still have the same problem. I've watched all the troubleshooting video and do something like changing port to 3307 but I can't resolve this problem.
This is the message I get from bitnami:
Stderr:
Unknown error starting mysql
Starting Apache Web Server...
Exit code: 1
Stdout:
Stderr:
Unknown error starting apache
could you try this?
1.- Go to the control panel->Administrative Tools -> Services,
2.- find web Deployment Service and stop it.
3.- Start the apache server in bitnami
You can check if the port it's in use with the console,
1.- click the Start button,
2.- type cmd
3.- right-click “Command Prompt” when it shows up in the search results. Click “Run as administrator.”
When the console appears copy the next command:
netstat -ab
I have a simple script that outputs Permission denied warning in the browser:
rename('/opt/web/test.tmp', '/opt/web/test.tmp1')
Script path is /opt/web/test_rename.php
/opt/, /opt/web/ and /opt/web/test_rename.php are 777 and have apache owner / group.
httpd process owner is apache
test.tmp is 777 and have apache owner as well
It works fine with cli.
What else could I do to make it work via apache?
The problem was with SELinux. It can block php rename function.
I've found the answer here: http://forums.fedoraforum.org/archive/index.php/t-111081.html
On the Fedora Core 3 Linux distribution, you may get a "failed to open stream: Permission denied in ..." message. In fact changing the permission of the directory will not work (even if you set to 0777).
It is because of the new SELinux kernel that allow apache user to write only in /tmp dir (I think). In order to solve the problem you must to disable the SELinux (at least for apache service) to allow the server to write in other directories. To do that, run the system-config-securitylevel app and disable the SE to apache service. Reboot your system and continue your work.
I'm working on websocket. I came across this article, and simply downloaded their file and try running it in my localhost.
https://www.sanwebe.com/2013/05/chat-using-websocket-php-socket
What I understand is, they want to sue local server's websocket server.
But I have problem in starting up the server. I'm using windows 10 with wamp 2.2. As I checked webscket is enabled in my php.ini's extention.
I followed this example to cmd the right path to start it but to no avail:
https://www.sanwebe.com/2013/05/chat-using-websocket-php-socket/comment-page-1#comment-5593
It says 'php.exe' is not recognized as an internal or external ...
I then searched online again, thus set the path to my php folder in the system's environment variable. The path is: C:\wamp\bin\php. Then I closed the cmd and relaunched. Nothing worked out. The same error shows up.
This is what I did on cmd:
1) cd C:\wamp\bin\php
2) php.exe -q C:\projects\myfolder\server.php
Please help me to connect to wamp server's websocket to run the example I've downloaded.In the console, the error shown is:
WebSocket connection to 'ws://localhost:9000/demo/server.php' failed: Error in connection establishment: net::ERR_CONNECTION_REFUSED
I found the answer from this site: http://rodrixar.blogspot.my/2011/07/how-to-run-php-sockets-in-wamp.html
I did the following,
1) open cmd
2) cd C:\wamp\bin\php\php5.6.19
3)php.exe -q C:\projects\mysite\server.php
4) Firewall open up and allow access for CLI
5) now connection made already..
Problem
When xdebug server is running from IntelliJ IDEA, I get 502 Bad Gateway from nginx when I try loading my site to trigger breakpoints.
If I stop the xdebug server, the site works as intended.
So, I'm not able to run the debugger, but it did work previously (!). Not able to pinpoint why it suddenly stopped working.
Setup
A short explanation of the setup (let me know if I need to expand on this).
My php app is running in a docker container, and it is linked to nginx running in a different container using volumes_fromin the docker compose config.
After starting the app, I can verify using phpinfo(); the xdebug module is loaded.
My xdebug.ini has the following content:
zend_extension=xdebug.so
xdebug.remote_enable=1
xdebug.remote_host=10.0.2.2
xdebug.remote_connect_back=0
xdebug.remote_port=5555
xdebug.idekey=complex
xdebug.remote_handler=dbgp
xdebug.remote_log=/var/log/xdebug.log
xdebug.remote_autostart=1
I got the ip address for remote_host (where the xdebug server is running) by these steps:
docker-machine ssh default
route -n | awk '/UG[ \t]/{print $2}' <-- Returns 10.0.2.2
To verify I could reach the debugging server from within my php container, I did the following steps
docker exec -it randomhash bash
nc -z -v 10.0.2.2 5555
Giving the following output depending on xdebug server running or not:
Running: Connection to 10.0.2.2 5555 port [tcp/*] succeeded!
Not running: nc: connect to 10.0.2.2 port 5555 (tcp) failed: Connection refused
So IntelliJ IDEA is surely set up to receive connections on 5555. I also did the appropriate path mapping between my source file paths and the remote path (when setting up the PHP Remote Debugging server from within IDEA).
Any ideas? Kind of lost on this one as I don't have much experience with any of these technologies :D
This sometimes happens, the reason is the errors in php-fpm and xdebug (exactly)!
When I refactored my colleagues code, оne page on the project returned 502 Bad Gateway
Here's what I found:
php-fpm.log
WARNING: [pool www] child 158 said into stderr: "*** Error in `php-fpm: pool www': free(): invalid size: 0x00007f1351b7d2a0 ***"
........
........
WARNING: [pool www] child 158 exited on signal 6 (SIGABRT - core dumped) after 38.407847 seconds from start
I found a piece of code that caused the error:
ob_start();
$result = eval("?>".$string."<"."?p"."hp return 1;");
$new_string = ob_get_clean();
But that is not all. The error occurred only in a certain state $string which at first glance, did not differ from the others. In my case, everything is simple. I removed the code that caused the error. This did not affect the functionality of the web page. I continued to debug the code further.
I had the same problem with the Vagrant Homestead Parallels box with a Silicon chip. Switching from php 7.3 to 7.4 fixed the issue for me.
my cassandra is working well in CLI. and thrift also installed well. i already started apache server and cassandara..but when trying to execute php file that is not executed on browser.it shows the error as:
TException: Error: TSocket: Could not connect to localhost:9160 (Permission denied [13])
and the 12th and 13th line is:
$socket = new TSocket('localhost', 9160);
$transport = new TBufferedTransport($socket, 1024, 1024);
i gave 127.0.0.1 instead of localhost.even it is not working.
can any one please help me?
hi every one i solve the problem....
selinux is cause for that problem.....
TException: Error: TSocket: Could not connect to localhost:9160 (Permission denied [13])
To resolve it, you need to change an SELinux boolean value (which will automatically persist across reboots). You may also want to restart httpd to reset the proxy worker, although this isn't strictly required.
setsebool -P httpd_can_network_connect 1
http://wiki.apache.org/httpd/13PermissionDenied