phpMyAdmin blokování

David_Grenar · říjen 30, 2009, 9:00am

Zdravým všechny,

Jsem linuxový začátečník. K svým prvním linuxovým kroků jsem se rozhodl pro fedoru. Byla mi doporučena pro přechod z Win XP. Pravda je že má velice dobrou příručku což každý začátečník uvítá. Nainstalovat Apache se mi dle příručky povedlo. Bohužel ale nevím jak zprovoznit phpMyAdmin. Tedy na localhostu funguje ale jakmile se chci na něj dosta z jiného pc tak mi to vypíše toto:

Forbidden

You don’t have permission to access /phpmyadmin on this server.

Apache/2.2.13 (Fedora) Server at 192.168.1.4 Port 80

Nevíte pls někdo kde se to dá povolit.

Děkuji

covex · říjen 31, 2009, 5:09pm

Povolit se to do jiste da a to pochopenim podstaty problemu. V tvem pripade k tomu bude potreba se podivat do /var/log/httpd/ a prohlednout logy, dale se podivat na nastaveni apache (/etc/httpd/conf/httpd.conf), ale do /var/log/audit (pokud mas zapnuty selinux) a na prava souboru a adresare phpmyadmin.

MMCH: Jak si ten phpmyadmin instaloval?

David_Grenar · listopad 1, 2009, 3:50pm

Instalaci phpMyAdmina jsem provedl pomocí příkazu:

yum -y install phpmyadmin

(/etc/httpd/conf/httpd.conf co bych měl tady v tomto souboru hledat.?

Olouvám se za ty výpisi. Nevím kde bych to měl hledat.

Tady je výpis /var/log/audit

type=SYSTEM_SHUTDOWN msg=audit(1257088498.506:18): user pid=1877 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0 msg=‘init: exe="/sbin/shutdown" (hostname=?, addr=?, terminal=? res=success)’
type=CRED_DISP msg=audit(1257088498.518:19): user pid=1711 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg=‘op=PAM:setcred acct=“root” exe="/bin/login" (hostname=?, addr=?, terminal=tty1 res=success)’
type=USER_END msg=audit(1257088498.533:20): user pid=1711 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg=‘op=PAM:session_close acct=“root” exe="/bin/login" (hostname=?, addr=?, terminal=tty1 res=success)’
type=SYSTEM_RUNLEVEL msg=audit(1257088498.559:21): user pid=1885 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:initrc_t:s0 msg=‘old-level=3 new-level=6: exe="/sbin/runlevel" (hostname=?, addr=?, terminal=console res=success)’
type=DAEMON_END msg=audit(1257088502.364:6512): auditd normal halt, sending auid=0 pid=2062 subj=system_u:system_r:initrc_t:s0 res=success
type=DAEMON_START msg=audit(1257088604.171:5759): auditd start, ver=1.7.14 format=raw kernel=2.6.30.9-90.fc11.i586 auid=4294967295 pid=1176 subj=system_u:system_r:auditd_t:s0 res=success
type=CONFIG_CHANGE msg=audit(1257088604.296:4): audit_backlog_limit=320 old=64 auid=4294967295 ses=4294967295 subj=system_u:system_r:auditctl_t:s0 res=1
type=USER_AUTH msg=audit(1257088629.202:5): user pid=1711 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg=‘op=PAM:authentication acct=“root” exe="/bin/login" (hostname=?, addr=?, terminal=tty1 res=success)’
type=USER_ACCT msg=audit(1257088629.206:6): user pid=1711 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg=‘op=PAM:accounting acct=“root” exe="/bin/login" (hostname=?, addr=?, terminal=tty1 res=success)’
type=LOGIN msg=audit(1257088629.207:7): login pid=1711 uid=0 old auid=4294967295 new auid=0 old ses=4294967295 new ses=1
type=USER_ROLE_CHANGE msg=audit(1257088629.278:8): user pid=1711 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg=‘pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023: exe="/bin/login" (hostname=?, addr=?, terminal=tty1 res=success)’
type=USER_START msg=audit(1257088629.337:9): user pid=1711 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg=‘op=PAM:session_open acct=“root” exe="/bin/login" (hostname=?, addr=?, terminal=tty1 res=success)’
type=CRED_ACQ msg=audit(1257088629.356:10): user pid=1711 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg=‘op=PAM:setcred acct=“root” exe="/bin/login" (hostname=?, addr=?, terminal=tty1 res=success)’
type=USER_LOGIN msg=audit(1257088629.356:11): user pid=1711 uid=0 auid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg=‘op=login id=0 exe="/bin/login" (hostname=?, addr=?, terminal=tty1 res=success)’
type=USER_AUTH msg=audit(1257089306.748:12): user pid=1859 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg=‘op=PAM:authentication acct=“root” exe="/usr/sbin/sshd" (hostname=192.168.1.3, addr=192.168.1.3, terminal=ssh res=success)’
type=USER_ACCT msg=audit(1257089306.752:13): user pid=1859 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg=‘op=PAM:accounting acct=“root” exe="/usr/sbin/sshd" (hostname=192.168.1.3, addr=192.168.1.3, terminal=ssh res=success)’
type=CRED_ACQ msg=audit(1257089306.755:14): user pid=1859 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg=‘op=PAM:setcred acct=“root” exe="/usr/sbin/sshd" (hostname=192.168.1.3, addr=192.168.1.3, terminal=ssh res=success)’
type=LOGIN msg=audit(1257089306.755:15): login pid=1859 uid=0 old auid=4294967295 new auid=0 old ses=4294967295 new ses=2
type=USER_ROLE_CHANGE msg=audit(1257089306.784:16): user pid=1859 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg=‘pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=?: exe="/usr/sbin/sshd" (hostname=?, addr=?, terminal=? res=failed)’
type=USER_ROLE_CHANGE msg=audit(1257089306.784:17): user pid=1859 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg=‘pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023: exe="/usr/sbin/sshd" (hostname=?, addr=?, terminal=? res=success)’
type=USER_START msg=audit(1257089306.787:18): user pid=1859 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg=‘op=PAM:session_open acct=“root” exe="/usr/sbin/sshd" (hostname=192.168.1.3, addr=192.168.1.3, terminal=ssh res=success)’
type=USER_LOGIN msg=audit(1257089306.844:19): user pid=1864 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg=‘uid=0: exe="/usr/sbin/sshd" (hostname=192.168.1.3, addr=192.168.1.3, terminal=/dev/pts/0 res=success)’
type=CRED_REFR msg=audit(1257089306.846:20): user pid=1864 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg=‘op=PAM:setcred acct=“root” exe="/usr/sbin/sshd" (hostname=192.168.1.3, addr=192.168.1.3, terminal=ssh res=success)’

Toto je výpis z /var/log/httpd/

[Thu Oct 29 09:28:11 2009] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Thu Oct 29 09:28:11 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Oct 29 09:28:11 2009] [notice] Digest: generating secret for digest authentication …
[Thu Oct 29 09:28:11 2009] [notice] Digest: done
[Thu Oct 29 09:28:11 2009] [warn] ./mod_dnssd.c: No services found to register
[Thu Oct 29 09:28:11 2009] [notice] Apache/2.2.13 (Unix) DAV/2 configured – resuming normal operations
[Thu Oct 29 09:28:28 2009] [error] [client 127.0.0.1] Directory index forbidden by Options directive: /var/www/html/
[Thu Oct 29 09:28:29 2009] [error] [client 127.0.0.1] File does not exist: /var/www/html/favicon.ico
[Thu Oct 29 09:28:32 2009] [error] [client 127.0.0.1] File does not exist: /var/www/html/favicon.ico
[Thu Oct 29 09:29:36 2009] [error] [client 127.0.0.1] Directory index forbidden by Options directive: /var/www/html/
[Thu Oct 29 09:50:43 2009] [error] [client 127.0.0.1] Directory index forbidden by Options directive: /var/www/html/
[Thu Oct 29 09:50:55 2009] [error] [client 127.0.0.1] Directory index forbidden by Options directive: /var/www/html/
[Thu Oct 29 09:50:55 2009] [error] [client 127.0.0.1] File does not exist: /var/www/html/favicon.ico
[Thu Oct 29 09:50:58 2009] [error] [client 127.0.0.1] File does not exist: /var/www/html/favicon.ico
[Thu Oct 29 09:51:41 2009] [notice] caught SIGTERM, shutting down
[Thu Oct 29 09:51:43 2009] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Thu Oct 29 09:51:43 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Oct 29 09:51:43 2009] [notice] Digest: generating secret for digest authentication …
[Thu Oct 29 09:51:43 2009] [notice] Digest: done
[Thu Oct 29 09:51:43 2009] [warn] ./mod_dnssd.c: No services found to register
[Thu Oct 29 09:51:43 2009] [notice] Apache/2.2.13 (Unix) DAV/2 configured – resuming normal operations
[Thu Oct 29 09:51:57 2009] [error] [client 127.0.0.1] Directory index forbidden by Options directive: /var/www/html/
[Thu Oct 29 16:17:04 2009] [error] [client 127.0.0.1] Directory index forbidden by Options directive: /var/www/html/
[Thu Oct 29 16:20:41 2009] [notice] caught SIGTERM, shutting down
[Thu Oct 29 16:20:42 2009] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Thu Oct 29 16:20:42 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Oct 29 16:20:42 2009] [notice] Digest: generating secret for digest authentication …
[Thu Oct 29 16:20:42 2009] [notice] Digest: done
[Thu Oct 29 16:20:43 2009] [warn] ./mod_dnssd.c: No services found to register
[Thu Oct 29 16:20:43 2009] [notice] Apache/2.2.13 (Unix) DAV/2 PHP/5.2.9 configured – resuming normal operations
[Thu Oct 29 16:21:13 2009] [error] [client 192.168.1.5] Directory index forbidden by Options directive: /var/www/html/
[Thu Oct 29 16:25:32 2009] [error] [client 127.0.0.1] Directory index forbidden by Options directive: /var/www/html/
[Thu Oct 29 17:31:38 2009] [error] [client 192.168.1.5] Directory index forbidden by Options directive: /var/www/html/
[Thu Oct 29 21:39:13 2009] [error] [client 192.168.1.5] Directory index forbidden by Options directive: /var/www/html/
[Thu Oct 29 21:39:27 2009] [error] [client 192.168.1.5] Directory index forbidden by Options directive: /var/www/html/
[Thu Oct 29 21:55:33 2009] [error] [client 127.0.0.1] Directory index forbidden by Options directive: /var/www/html/
[Thu Oct 29 21:58:42 2009] [notice] caught SIGTERM, shutting down
[Thu Oct 29 21:58:43 2009] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Thu Oct 29 21:58:43 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Oct 29 21:58:43 2009] [notice] Digest: generating secret for digest authentication …
[Thu Oct 29 21:58:43 2009] [notice] Digest: done
[Thu Oct 29 21:58:43 2009] [warn] ./mod_dnssd.c: No services found to register
[Thu Oct 29 21:58:43 2009] [notice] Apache/2.2.13 (Unix) DAV/2 PHP/5.2.9 configured – resuming normal operations
[Thu Oct 29 22:03:06 2009] [error] [client 192.168.1.3] Directory index forbidden by Options directive: /var/www/html/
[Thu Oct 29 22:03:06 2009] [error] [client 192.168.1.3] File does not exist: /var/www/html/favicon.ico

David_Grenar · listopad 1, 2009, 9:57pm

Pokud to chápu tak by to mělo jet v pořádku ten phpMyAdmin ne?

Co bych měl v těch logal hledat.?

zp1 · listopad 2, 2009, 8:40am

Výchozí konfigurace v /etc/httpd/conf.d/phpMyAdmin.conf povoluje připojení jen z místní smyčky, to je u balíčkovaných programů obvyklý postup. Je na správci systému, aby provoz povolil z adres, jaké uzná za vhodné, může to být
allow from 192.168.1.

David_Grenar · listopad 2, 2009, 4:00pm

Jo dopsal jsem tam to co jste mi poradil.
Chtěl bych se zeptat jestli se ted dostanu do toho phpMyAdmina odkudkoliv ?
Dík moc.

covex · listopad 2, 2009, 6:35pm

Ta adresa 192.168.1. byl jen priklad, musis tam nastavit bud adresy pro tvuj rozsah nebo zrejme neco jako allow from * (precti si manual k phpMyAdmin), coz teda moc nedoporucuji, pri mnozstvi utoku na phpMyAdmin.