[CentOS] cacti on centos

Wed Jul 5 22:09:10 UTC 2006
Jim Perrin <jperrin at gmail.com>

On 7/5/06, Aleksandar Milivojevic <alex at milivojevic.org> wrote:
> Hi all,
>
> I'm trying to get Cacti installed on my CentOS 4.3 x86_64 box.  I've
> got all of required packages installed, and created database file, and
> followed all the instructions in install manual.
>
> However, when I get login screen and use admin for username/password,
> it simply redirects me straight back to login screen.  Looking at
> user_log table, the authentication was successfull (and since it was
> updated, I know database stuff works OK).  If I type username or
> password wrong, I get messages saying so.  If I just use admin as
> username/password, I get normal login screen with no "wrong password"
> message.

Given the error you're talking about, I'd guess database, but you say
that's not the issue. Given that I don't see the compat libs for
mysql5 on your box, I'd guess database as well, unless you rebuilt
php, forgot to list them, or mysql changed how they're building stuff.
Again, you say it's not an issue, so lets work from there.

Dag's cacti rpm works flawlessly unless you have selinux enabled, but
it is restricted to localhost however. Are you doing any sort of
mod_rewrite in addition to his that would throw you back to the login
screen constantly? Do you have mod_rewrite rules or an alias that
conflict with the default alias?

For those of you running cacti who may want to run with selinux, this
is the ruleset that I added to
/etc/selinux/targeted/src/policy/domains/misc (if you don't have the
targeted policy src, install via yum. If you don't know why I put it
there, read the docs. If you don't know what to do after you lave
this, the next steps is also covered in the docs.)

[root at www misc]# cat local.te
# changes made to allow cacti
allow httpd_sys_script_t httpd_tmp_t:file { read write };
allow httpd_sys_script_t snmpd_var_lib_t:file { getattr read };
allow httpd_sys_script_t var_lib_t:file { getattr read };
allow snmpd_t selinux_config_t:file { getattr read };

I'm by no means an selinux master. If someone has more secure rules
for doing the same thing, I'm all ears.

-- 
This message has been double ROT13 encoded for security. Anyone other
than the intended recipient attempting to decode this message will be
in violation of the DMCA