search

litespeedtech / ls-cloud-image

GNU General Public License v3.0
36 stars 38 forks source link

update to set SELinux to permissive for Centos #21

Closed meramsey closed 4 years ago

meramsey commented 4 years ago

Set Centos based installs to set SELinux to permissive. https://linuxize.com/post/how-to-disable-selinux-on-centos-8/

Before:

[root@cyberpanel-centos ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      31

After:

[root@cyberpanel-centos ~]# setenforce 0
[root@cyberpanel-centos ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      31
[root@cyberpanel-centos ~]#
[root@cyberpanel-centos ~]# sed -i 's|^SELINUX.*|SELINUX=permissive|g' /etc/selinux/config
[root@cyberpanel-centos ~]#
Code-Egg commented 4 years ago

Hi @whattheserver ,

I just did quick the test on CentOS8 and found out that CyberPanel will auto turn it to permissive mode so we don't need to bother "/etc/selinux/config". Please check.

meramsey commented 4 years ago

tried it twice and this failed earlier but must been before that worked for you. Before i disabled it https://pastebin.com/03VJh360

Thought that was why it failed. so disabled it then tried again. This time it failed due to an issue which looks unrelated. https://pastebin.com/P1Rkkz1e

Possible the check needs to be added sooner in the process to ensure that it doesn't fail to be set. Centos8 latest image on Vultr FIY

Code-Egg commented 4 years ago

I just tried the exactly same environment, CentOS8 on Vultr, with command

bash <( curl -sk https://raw.githubusercontent.com/litespeedtech/ls-cloud-image/master/Setup/cybersetup.sh )

No error, no traceback 

###################################################################
If your provider has a network-level firewall
Please make sure you have opened following port for both in/out:
TCP: 8090 for CyberPanel
TCP: 80, TCP: 443 and UDP: 443 for webserver
TCP: 21 and TCP: 40110-40210 for FTP
TCP: 25, TCP: 587, TCP: 465, TCP: 110, TCP: 143 and TCP: 993 for mail service
TCP: 53 and UDP: 53 for DNS service
Connection closed by foreign host.
Would you like to restart your server now? [y/N]: Finish CyberPanel
No match for argument: ghostscript
No packages marked for removal.
Dependencies resolved.
Nothing to do.
Complete!
***Total of 974 seconds to finish process***
meramsey commented 4 years ago

So strange i reinstalled the centos 8 OS scratch and tried it fresh twice and the same result.

So i terminated and created new centos 8 in chicago DC and it worked. So you are right seems i hit a weird edge case or theres something off about the Atlanta DC Centos8 template.

Can close this. and my commit is not needed. Appreciate the sanity check. @Code-Egg

Code-Egg commented 4 years ago

No problem