Atomicorp

I was wondering if ASL is a good solution for and/or has been tested on a server with Plesk Expand and the centralized dns controller. It doesn't host any websites and doesn't have psa on it. But I still wanted some extra security and a hardened kernel.

Specs:
CentOS5 64bit (2.6.18-8.1.15.el5)
bind-9.3.3-9.0.1.el5
expand-2.2.1-27
dnscontroller-2.0.2-1

I don't see why it wouldn't be but if ASL isn't really suited for it then I'm open to suggestions.

Sure, there are several folks I know running it on expand servers.

I installed the asl kernel but now I'm getting an error when trying to start the expand services. My guess is that PaX is the cause. Here's the error:

# service expandtm start
Starting expandtm: /usr/local/expand/sbin/expandtm: error while loading shared libraries: libexp.so: cannot enable executable stack as shared object requires: Permission denied

# service expandom start
Starting expandom: /usr/local/expand/sbin/expandom: error while loading shared libraries: libexp.so: cannot enable executable stack as shared object requires: Permission denied

What would be a good way to fix it? I'm not familiar with how to use 'chpax' but I'm guessing the answer lies there.

Yes indeed, for starters can you give me the output of:

rpm -qf /usr/local/expand/sbin/expandom and
rpm -qf /usr/local/expand/sbin/expandtm


after that you can disable pax (why they need an executable stack I have no idea) with:

chpax -emsrpx /usr/local/expand/sbin/expandom
chpax -emsrpx /usr/local/expand/sbin/expandtm

I'll have that added into ASL soon, so this is just a temp fix for your system.

# rpm -qf /usr/local/expand/sbin/expandom
expand-2.2.1-27

# rpm -qf /usr/local/expand/sbin/expandtm
expand-2.2.1-27


expandom and expandtm are running now however it looks like pax needs to be disabled for everything else in the '/usr/local/expand/sbin' directory.


Would it be a bad idea to do 'chpax -emsrpx /usr/local/expand/sbin/*' or should that be ok?


Here are a couple of errors from the action log in expand:

/usr/local/expand/sbin/exp_plesk_ev_wd: error while loading shared libraries: libexp.so: cannot enable executable stack as shared object requires: Permission denied

/usr/local/expand/sbin/exp_plesk_centralized_dns_zone: error while loading shared libraries: libexp.so: cannot enable executable stack as shared object requires: Permission denied


Here's a listing of the directory /usr/local/expand/sbin/:

expandctl
expandgreet
expandmysql
expandom
expandsignal
expandtm
expandupm
exp-backup
exp_expand_config
exp_expand_ev
exp_expand_evconf
exp_expand_evconf_notif
exp_expand_evconf_runprog
exp_expand_ev_notif
exp_expand_ev_runprog
exp_expand_license
exp_plesk_auth
exp_plesk_backup
exp_plesk_centralized_db
exp_plesk_centralized_dns
exp_plesk_centralized_dns_zone
exp_plesk_client
exp_plesk_dictionary
exp_plesk_dns
exp_plesk_domain
exp_plesk_domainalias
exp_plesk_ev
exp_plesk_ev_notif
exp_plesk_ev_runprog
exp_plesk_ev_wd
exp_plesk_group
exp_plesk_helpdesk
exp_plesk_ip
exp_plesk_mail_server
exp_plesk_migration
exp_plesk_multi_client
exp_plesk_server
exp_plesk_session
exp_plesk_siteapp
exp_plesk_tmpl_client
exp_plesk_tmpl_domain
exp_plesk_tmpl_srv_client
exp_plesk_tmpl_srv_domain
exp-restore
exp_vz_hn
locale_engine
operator
pamon
sysinfo
xmlchecker