1.locate无法查询文件,提示locate:can no stat () `/var/lib/mlocate/mlocate.db':no such file or director
解决方法:
使用updatedb命令更新一下数据库即可
2.修改httpd.conf中的监听端口为8081,然后重启httpd服务,提示错误
解决办法:
1.设置色Linux的模式为宽容模式(permissive)
1)查看selinux的模式:getenforce
2)查看selinux的政策(Policy):sestatus
3)修改selinux的模式:setenforce
a) 0:转成permissive宽容模式;
b) 1:转成enforcing强制模式;
4)重启httpd服务
5)如果防火墙没有开放TCP8081端口,需要使用iptables添加端口准入
6)重启失效,需要重新设置,或者将SELinux设置为永久宽容模式,但是不建议这样设置,于系统造成不安全
2.设置SELinux中允许http的服务的允许端口为需要的端口---待完善
3.重启http的服务提示Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain for ServerName
解决办法:----截图另做
1)修改/etc/httpd/conf/httpd.conf
#vi /etc/httpd/conf/httpd.conf
....
#ServerName www.example.com:80
ServerName localhost:80
....
2)重启httpd服务
#service httpd restart
4.Samba服务共享目录成功,但是目录中没有文件,只能看见目录名称,共享配置如下
[share]
path=/home/share
browseable=yes
public=yes
解决办法:
由于SELinux上下文设置出错,不允许共享文件
1)关闭selinux
2)修改上下文
5.FTP下载失败文件失败
1)从windows上的cmd中使用ftp连接到linux服务器中,然后可以正常下载所需文件;
2)从linux上使用ftp命令连接到linux服务器中,可以正常切换目录,但是使用ls命令时不能正常显示该目录下所有文件,提示错误信息是“ftp: connect: No route to host”;
3)检查ftp服务状态,两部linux服务器的ftp服务都已开启,且端口21都是出于listen状态;
4)检查防火墙状态,ftp客户端一方的服务器防火墙关闭,目标服务器防火墙打开;
5)把防火墙关闭后,linux ftp客户端可以正常从目标服务器中下载所需文件
6.修改时区,当前时区为PDT,需要修改为CST
解决办法:
1)修改/etc/sysconfig/clock文件
[root@ticom ~]# vi /etc/sysconfig/clock
[root@ticom ~]# more /etc/sysconfig/clock
ZONE="Asia/Shanghai"
2)删除/etc/localtime文件
[root@ticom etc]# rm -f localtime
3)连接时区设置文件到/etc/localtime
[root@ticom etc]# ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
4)重启主机即可
[root@ticom etc]# init 6
7.与主机网络正常,但是无法使用ssh远程连接Linux主机
原因:ssh服务所使用的部分文件权限错误,导致服务无法正常使用
解决办法:
1)重启sshd服务,查找是哪些文件权限更改导致无法正常使用ssh服务
[root@localhost network-scripts]# service sshd restart
Stopping sshd: [ OK ]
Starting sshd: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0777 for '/etc/ssh/ssh_host_rsa_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_rsa_key
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0777 for '/etc/ssh/ssh_host_dsa_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /etc/ssh/ssh_host_dsa_key
Could not load host key: /etc/ssh/ssh_host_dsa_key
/var/empty/sshd must be owned by root and not group or world-writable.
[FAILED]
2)根据提示权限错误修改部分文件权限
[root@localhost network-scripts]# cd /etc/ssh/
[root@localhost ssh]# ls
moduli ssh_host_dsa_key ssh_host_key.pub
ssh_config ssh_host_dsa_key.pub ssh_host_rsa_key
sshd_config ssh_host_key ssh_host_rsa_key.pub
[root@localhost ssh]# ll
total 156
-rwxrwxrwx. 1 root root 125811 Nov 13 2014 moduli
-rwxrwxrwx. 1 root root 2047 Nov 13 2014 ssh_config
-rwxrwxrwx. 1 root root 3879 Nov 13 2014 sshd_config
-rwxrwxrwx. 1 root root 668 Nov 17 2014 ssh_host_dsa_key
-rwxrwxrwx. 1 root root 590 Nov 17 2014 ssh_host_dsa_key.pub
-rwxrwxrwx. 1 root root 963 Nov 17 2014 ssh_host_key
-rwxrwxrwx. 1 root root 627 Nov 17 2014 ssh_host_key.pub
-rwxrwxrwx. 1 root root 1675 Nov 17 2014 ssh_host_rsa_key
-rwxrwxrwx. 1 root root 382 Nov 17 2014 ssh_host_rsa_key.pub
[root@localhost ssh]# chmod -R 700 ./*
[root@localhost ssh]# ll
total 156
-rwx------. 1 root root 125811 Nov 13 2014 moduli
-rwx------. 1 root root 2047 Nov 13 2014 ssh_config
-rwx------. 1 root root 3879 Nov 13 2014 sshd_config
-rwx------. 1 root root 668 Nov 17 2014 ssh_host_dsa_key
-rwx------. 1 root root 590 Nov 17 2014 ssh_host_dsa_key.pub
-rwx------. 1 root root 963 Nov 17 2014 ssh_host_key
-rwx------. 1 root root 627 Nov 17 2014 ssh_host_key.pub
-rwx------. 1 root root 1675 Nov 17 2014 ssh_host_rsa_key
-rwx------. 1 root root 382 Nov 17 2014 ssh_host_rsa_key.pub
3)然后再重启ssh服务看是否还有文件权限错误,如果有继续修改,没有则可以正常使用ssh远程连接主机
[root@localhost ssh]# service sshd start
Starting sshd: /var/empty/sshd must be owned by root and not group or world-writable.
[FAILED]
[root@localhost ssh]# ll
total 156
-rwx------. 1 root root 125811 Nov 13 2014 moduli
-rwx------. 1 root root 2047 Nov 13 2014 ssh_config
-rwx------. 1 root root 3879 Nov 13 2014 sshd_config
-rwx------. 1 root root 668 Nov 17 2014 ssh_host_dsa_key
-rwx------. 1 root root 590 Nov 17 2014 ssh_host_dsa_key.pub
-rwx------. 1 root root 963 Nov 17 2014 ssh_host_key
-rwx------. 1 root root 627 Nov 17 2014 ssh_host_key.pub
-rwx------. 1 root root 1675 Nov 17 2014 ssh_host_rsa_key
-rwx------. 1 root root 382 Nov 17 2014 ssh_host_rsa_key.pub
[root@localhost ssh]# cd /var/empty/
[root@localhost empty]# ll
total 4
drwxrwxrwx. 2 root root 4096 Nov 13 2014 sshd
[root@localhost empty]# chmod -R 700 sshd/
8.无法使用图形化界面,登录虚拟机图形界面,发现出现的是单用户模式,使用init 5命令更改主机运行级别提示失败,检查发现没有安装图形界面(redhat图形界面,非centos界面)
解决办法:
1)将操作系统光盘或ISO镜像文件挂载到系统中,并给予文件中的读取权限,创建光盘镜像文件挂载点
[root@omcr-test ~]# mkdir -p /mnt/rhel
2)将光盘镜像文件挂载到系统中
[root@omcr-test ~]# mount -o loop /OMCdata/ISO/rhel-server-6.5-x86_64-dvd.iso /mnt/rhel/
3)安装createrepo
[root@omcr-test Packages]# rpm -ivh createrepo-0.9.9-18.el6.noarch.rpm
warning: createrepo-0.9.9-18.el6.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY
error: Failed dependencies:
python-deltarpm is needed by createrepo-0.9.9-18.el6.noarch
注:安装失败,缺少依赖包,先安装依赖包,再安装createrepo
[root@omcr-test Packages]# rpm -ivh deltarpm-3.5-0.5.20090913git.el6.x86_64.rpm
warning: deltarpm-3.5-0.5.20090913git.el6.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY
Preparing... ########################################### [100%]
1:deltarpm ########################################### [100%]
[root@omcr-test Packages]#
[root@omcr-test Packages]# rpm -ivh python-deltarpm-3.5-0.5.20090913git.el6.x86_64.rpm
warning: python-deltarpm-3.5-0.5.20090913git.el6.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY
Preparing... ########################################### [100%]
1:python-deltarpm ########################################### [100%]
[root@omcr-test Packages]# rpm -ivh createrepo-0.9.9-18.el6.noarch.rpm
warning: createrepo-0.9.9-18.el6.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY
Preparing... ########################################### [100%]
1:createrepo ########################################### [100%]
4)配置本地yum:local.repo
[root@omcr-test /]# cd /etc/yum.repos.d/
[root@omcr-test yum.repos.d]# ls
rhel-source.repo
[root@omcr-test yum.repos.d]# vi local.repo
[root@omcr-test yum.repos.d]# yum clean all
Loaded plugins: product-id, security, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Cleaning repos: Base
Cleaning up Everything
[root@omcr-test yum.repos.d]# ls
local.repo rhel-source.repo
[root@omcr-test yum.repos.d]# more local.repo
[Base]
name=luna.com
baseurl=file:///mnt/rhel
gpgcheck=0
enable=1
5)查看图形界面安装需要的rpm包在本地是否存在
[root@omcr-test yum.repos.d]# yum grouplist "Desktop"
Loaded plugins: product-id, security, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Setting up Group Process
Base | 3.9 kB 00:00 ...
Base/primary_db |3.1 MB 00:00 ...
Base/group_gz | 204 kB 00:00 ...
Available Groups:
桌面
Done
6)使用yum命令安装图形化界面
[root@omcr-test yum.repos.d]# yum groupinstall Desktop
7)验证安装是否成功:使用root用户登录操作系统,更改运行级别为5,如果出现界面表示安装成功,否则失败
[root@omcr-test yum.repos.d]# init 5
8)修改默认运行界别为5,即支持图形化界面:修改“id:3:initdefault:”为“id:5:initdefault:”
[root@omcr-test etc]# more /etc/inittab
# inittab is only used by upstart for the default runlevel.
#
# ADDING OTHER CONFIGURATION HERE WILL HAVE NO EFFECT ON YOUR SYSTEM.
#
# System initialization is started by /etc/init/rcS.conf
#
# Individual runlevels are started by /etc/init/rc.conf
#
# Ctrl-Alt-Delete is handled by /etc/init/control-alt-delete.conf
#
# Terminal gettys are handled by /etc/init/tty.conf and /etc/init/serial.conf,
# with configuration in /etc/sysconfig/init.
#
# For information on how to write upstart event handlers, or how
# upstart works, see init(5), init(8), and initctl(8).
#
# Default runlevel. The runlevels used are:
# 0 - halt (Do NOT set initdefault to this)
# 1 - Single user mode
# 2 - Multiuser, without NFS (The same as 3, if you do not have networking)
# 3 - Full multiuser mode
# 4 - unused
# 5 - X11
# 6 - reboot (Do NOT set initdefault to this)
#
id:3:initdefault:
9.SSH连接缓慢
答:由于/etc/resolv.conf中定义了DNS,在/etc/nsswitch.conf中定义了需要使用DNS解析IP地址和主机名,但是定义的DNS无法找到,导致连接变慢,可是在一段时间后可以连接上。
解决办法:
1)修改server中的/etc/hosts,将客户端的主机ip地址和主机名添加到该文件中;
2)修改server中的/etc/ssh/sshd_config,修改"UseDNS=yes"为"UseDNS=no";
3)修改server中的/etc/nsswitch.conf,修改"hosts:files dns"为"hosts:files";
4)修改server中的/etc/resolv.conf,将所有内容注释;
5)重启server即可
注:如果是由于DNS无法找到导致的,直接注释/etc/resolv.conf中的所有不可用DNS即可;
10.scp拷贝文件速度先快后慢,然后报stalled
定位问题步骤:
1)最开始时是以为文件拷贝出问题了,因为在拷贝文件时总有几个文件无法拷贝完成,只有部分文件以及文件夹可以成功拷贝到目的主机中,然后就将需要拷贝的文件打包压缩再进行拷贝,现象没有好转;
2)两台linux主机都安装并运行了samba服务,然后直接通过samba拷贝目录及文件,结果却是提示“网络连接异常,请检查连接是否正常”,拷贝压缩后的文件也是提示同样的错误;
3)这台源主机拷贝到其他主机上都是正常的,不管是scp或者是samba都可以,只有这台目的主机不管是从哪台主机拷贝到本地还是拷贝到别的主机都是先快后慢,之后就stalled。
解决办法:
网上查资料造成这种情况的原因是由于两台主机的网络接口设置不一致。出现这种情况的两台主机,其中一台主机的网口是1000M全双工,观察ip范围是协商决定的,另一台是100M全双工,观察ip是192.168.2.1-192.168.2.254,将该网口设置为100M全双工,观察ip范围协商决定以后,拷贝文件正常,不管是scp还是samba拷贝。
11./etc/resolv.conf被自动修改
答:是由于dhclient运行导致该文件被修改
解决办法;
1)修改 /sbin/dhclient-script,注释掉对 resolv.conf 进行操作的地方。
把 make_resolv_conf 这个函数的调用都给注释掉!
2)强制修改 resolv.conf 的文件flag,设定为不可被更改.
chattr +i /etc/resolv.conf
3)变更DHCP Client的配置文件,在特定的环节追加我们的设定.
在 /etc/dhcp3/dhclient.conf 中增加如下设定:prepend domain-name-servers
12.userdel删除用户时提示”userdel:user zyj is curently used by process 1”,无法删除用户
答:该用户的uid和gid与root用户一样,当前使用的root用户登录,并且root用户无法删除自身,所以无法执行删除动作
解决办法:将该用户的uid与gid都改成没有使用过的uid和gid,并把相应的目录以及文件的所属用户、所属组改成该用户,其中主要包括/home目录下的家目录以及/var/spool/mail/下的邮件文件,然后执行userdel -r [userName]即可删除该用户以及家目录和文件。
13.修改/etc/fstab文件,输入格式错误,导致机器重启失败 等等
解决办法:
1)输入root用户密码,进入单用户模式;
2)查看fstab文件是否可读可写:文件是只读模式
3)重新挂载根目录,使文件可写(because root directory / is mounted in read only mode. type follwing command, then you should be able to edit rc.sysint script.)
#mount / -o remount
4)修改fstab文件中出错的行,使之正确,然后重启机器即可
14.使用ntpq命令查询当前NTP同步状态时提示“No association ID's returned”错误
原因:SELinux设置导致无法进行时间同步
解决方案:
关闭SELinux,之后再使用ntpdate或者从windows与该机器进行时间同步成功
#getenforce
Enforcing
#setenforce 0
Permissive
网络解释:
1.
Description of problem:
If I do '/ifup eth0', where eth0 is a DHCP interface, you get an AVC.
'Restorecon -R -v /etc' always produces the following after ifuping:
restorecon reset ./ntp.conf context
system_u:object_r:dhcpc_state_t:s0->system_u:object_r:net_conf_t:s0
It seems to me that ifup (more specifically /sbin/dhclient-script, I'd guess),
when its putting NTP servers learned through DHCP to ntp.conf, is resetting
selinux context information when it rewrites ntp.conf?
Version-Release number of selected component (if applicable):
selinux-policy-3.5.13-26.fc10
How reproducible:
ifup eth0 on dhcp interface where ntp option is advertised.
Actual results:
Two AVCs are printed (one for ./ntp.conf, one for /etc/ntp.conf) even though
contexts have been fixed.
Expected results:
No AVCs.
Additional info:
Summary:
SELinux is preventing ntpd (ntpd_t) "read" to ./ntp.conf (dhcpc_state_t).
Detailed Description:
[SELinux is in permissive mode, the operation would have been denied but was
permitted due to permissive mode.]
SELinux denied access requested by ntpd. It is not expected that this access is
required by ntpd and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.
Allowing Access:
Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for ./ntp.conf,
restorecon -v './ntp.conf'
If this does not work, there is currently no automatic way to allow this
access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Additional Information:
Source Context unconfined_u:system_r:ntpd_t
Target Context system_u:object_r:dhcpc_state_t
Target Objects ./ntp.conf [ file ]
Source ntpd
Source Path /usr/sbin/ntpd
Port
Host gap.netcore.fi
Source RPM Packages ntp-4.2.4p5-2.fc10
Target RPM Packages
Policy RPM selinux-policy-3.5.13-26.fc10
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Permissive
Plugin Name catchall_file
Host Name gap.netcore.fi
Platform Linux gap.netcore.fi 2.6.27.5-117.fc10.i686 #1
SMP
Tue Nov 18 12:19:59 EST 2008 i686 athlon
Alert Count 1
First Seen Thu 04 Dec 2008 07:26:28 PM EET
Last Seen Thu 04 Dec 2008 07:26:28 PM EET
Local ID a5bee7f3-7692-46d1-a828-09941f9a1c1f
Line Numbers
Raw Audit Messages
node=gap.netcore.fi type=AVC msg=audit(1228411588.717:40079): avc: denied {
read } for pid=20245 comm="ntpd" name="ntp.conf" dev=md2 ino=1069749
scontext=unconfined_u:system_r:ntpd_t:s
0 tcontext=system_u:object_r:dhcpc_state_t:s0 tclass=file
node=gap.netcore.fi type=SYSCALL msg=audit(1228411588.717:40079): arch=40000003
syscall=5 success=yes exit=4 a0=b8042d5a a1=0 a2=1b6 a3=0 items=0 ppid=20244
pid=20245 auid=500 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="ntpd"
exe="/usr/sbin/ntpd" subj=unconfined_u:system_r:ntpd_t:s0 key=(null)
2.
The other AVC is like this:
Summary:
SELinux is preventing ntpd (ntpd_t) "getattr" to /etc/ntp.conf (dhcpc_state_t).
Detailed Description:
[SELinux is in permissive mode, the operation would have been denied but was
permitted due to permissive mode.]
SELinux denied access requested by ntpd. It is not expected that this access is
required by ntpd and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.
Allowing Access:
Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for /etc/ntp.conf,
restorecon -v '/etc/ntp.conf'
If this does not work, there is currently no automatic way to allow this
access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Additional Information:
Source Context unconfined_u:system_r:ntpd_t
Target Context system_u:object_r:dhcpc_state_t
Target Objects /etc/ntp.conf [ file ]
Source ntpd
Source Path /usr/sbin/ntpd
Port
Host gap.netcore.fi
Source RPM Packages ntp-4.2.4p5-2.fc10
Target RPM Packages ntp-4.2.4p5-2.fc10
Policy RPM selinux-policy-3.5.13-26.fc10
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Permissive
Plugin Name catchall_file
Host Name gap.netcore.fi
Platform Linux gap.netcore.fi 2.6.27.5-117.fc10.i686 #1
SMP
Tue Nov 18 12:19:59 EST 2008 i686 athlon
Alert Count 1
First Seen Thu 04 Dec 2008 07:26:28 PM EET
Last Seen Thu 04 Dec 2008 07:26:28 PM EET
Local ID 4f147d5b-44e4-4d53-b793-81060e608145
Line Numbers
Raw Audit Messages
node=gap.netcore.fi type=AVC msg=audit(1228411588.717:40080): avc: denied {
getattr } for pid=20245 comm="ntpd" path="/etc/ntp.conf" dev=md2 ino=1069749
scontext=unconfined_u:system_r:
ntpd_t:s0 tcontext=system_u:object_r:dhcpc_state_t:s0 tclass=file
node=gap.netcore.fi type=SYSCALL msg=audit(1228411588.717:40080): arch=40000003
syscall=197 success=yes exit=0 a0=4 a1=bfb5b728 a2=428ff4 a3=b8cd75b8 items=0
ppid=20244 pid=20245 auid=500
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1
comm="ntpd" exe="/usr/sbin/ntpd" subj=unconfined_u:system_r:ntpd_t:s0
key=(null)
15.
本文来源:https://www.2haoxitong.net/k/doc/3bdd11f3112de2bd960590c69ec3d5bbfc0ada56.html
文档为doc格式