php-fpm error unable to bind listening socket for
2015-08-26 00:00
666 查看
摘要: php-fpm error unable to bind listening socket for address '127.0.0.1:9003': Permission denied (13)
0 down vote
SELinux can be configured to stop programs from opening ports, even ports above 1024. This can be a useful protection against malware.
If SELinux is enabled (which you can check by running getenforce - if the respons is Enforced, that means that SELinux is active), there are two ways of fixing the problem.
First, the easy way. This one is to simply disable SELinux. The downside is that your server is now far more vulnerable to compromise/hacking/attacks. If you do choose to make your server less secure, you can run the command setenforce 0. You will also need to change the configuration to stop it from being reactivated after restart; this is done by editing the file /etc/selinux/config and changing the line
SELINUX=enforcing
to
SELINUX=disabled
Second, the secure way . This is to change your selinux configuration to allow this port to be opened. Since SELinux is a very complicated thing - as it must be, to do what it does - it takes a bit of work. There is one shortcut, though, which is to let SELinux itself figure out what new permissions it needs to allow.
In order to do this, you start by setting SELinux to permissive instead of disabled. This means that SELinux won't be enforcing its rules, but it will log the information about everything that it would have stopped if it had been enforcing them. Once you've had your application running, you can pass the contents of the log to audit2allow which will help you create the rules you need:
grep php-fpm /var/log/audit/audit.log | audit2allow -m phpfpm > phpfpmlocal.tmp
You should look in the file phpfpmlocal.tmp to verify that the permissions look OK. Once you've done so, and made any edits that seem reasonable to you, re-run audit2allow again to build the module, and semodule to load it
grep php-fpm /var/log/audit/audit.log | audit2allow -M phpfpmlocal
semodule -i phpfmlocal.pp
Once the new module is loaded, you can turn enforcement back on.
0 down vote
SELinux can be configured to stop programs from opening ports, even ports above 1024. This can be a useful protection against malware.
If SELinux is enabled (which you can check by running getenforce - if the respons is Enforced, that means that SELinux is active), there are two ways of fixing the problem.
First, the easy way. This one is to simply disable SELinux. The downside is that your server is now far more vulnerable to compromise/hacking/attacks. If you do choose to make your server less secure, you can run the command setenforce 0. You will also need to change the configuration to stop it from being reactivated after restart; this is done by editing the file /etc/selinux/config and changing the line
SELINUX=enforcing
to
SELINUX=disabled
Second, the secure way . This is to change your selinux configuration to allow this port to be opened. Since SELinux is a very complicated thing - as it must be, to do what it does - it takes a bit of work. There is one shortcut, though, which is to let SELinux itself figure out what new permissions it needs to allow.
In order to do this, you start by setting SELinux to permissive instead of disabled. This means that SELinux won't be enforcing its rules, but it will log the information about everything that it would have stopped if it had been enforcing them. Once you've had your application running, you can pass the contents of the log to audit2allow which will help you create the rules you need:
grep php-fpm /var/log/audit/audit.log | audit2allow -m phpfpm > phpfpmlocal.tmp
You should look in the file phpfpmlocal.tmp to verify that the permissions look OK. Once you've done so, and made any edits that seem reasonable to you, re-run audit2allow again to build the module, and semodule to load it
grep php-fpm /var/log/audit/audit.log | audit2allow -M phpfpmlocal
semodule -i phpfmlocal.pp
Once the new module is loaded, you can turn enforcement back on.
相关文章推荐
- 天下数据分享服务器FTP安全攻略
- 安装PHP可能会出现的错误
- php大力力 [017节]来来来,庆祝一下🎁大力力第一个数据库录入程序完成!
- windows使用ftp向inux传送文件
- PHPExcel导出mysql数据库数据
- 使用PHPExcel导出文件
- 9、FTP封杀用户、限制传输速率、限制访问目录、为匿名用户提供下载资源
- 一个守护vsftp进程的脚本
- 谈谈关于PHP的代码安全相关的一些致命知识
- (4)PHP中的CGI实现
- PHP创建定义数组
- (3)PHP生命周期和Zend引擎
- PHP扩展模块安装
- php生成静态页面
- thinkphp达到UploadFile.class.php图片上传功能
- TControl的显示函数(5个非虚函数,4个虚函数)和三个例子的执行过程(包括SetParent的例子)
- Ftp上传下载文件,并能自定义进度条展示(FtpClient)
- php教程|php基础知识
- php教程|php基础知识
- Yii 2.0鉴权之RBAC(Yii2.0 Authorization By RBAC)