vasco/FSI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix apache totp selinux block

Browse Source
This commit is contained in:
Vasco
2026-04-22 18:19:16 +01:00
parent 5cc9f603a8
commit 561bbbe171
2 changed files with 7 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
VM_OPENSSL_APACHE.sh
View File

@@ -43,11 +43,9 @@ systemctl daemon-reload
# serviço !!!
systemctl enable --now httpd
# acho ?????
sudo chgrp apache /etc/shadow
sudo chmod o+x /home/john
sudo chown apache /home/john/.google_authenticator
sudo chmod 400 /home/john/.google_authenticator
sudo chmod o+x /home/user
sudo chown apache /home/user/.google_authenticator
sudo chmod 400 /home/user/.google_authenticator
# mover totp para pasta do apache (SELinux bloqueia /home)
sudo mkdir -p /etc/httpd/totp
sudo cp /home/john/.google_authenticator /etc/httpd/totp/john 2>/dev/null || true
sudo cp /home/user/.google_authenticator /etc/httpd/totp/user 2>/dev/null || true
sudo chown -R apache:apache /etc/httpd/totp
sudo chmod 400 /etc/httpd/totp/*

2
conf/httpd-totp
View File

@@ -1,3 +1,3 @@
auth required pam_google_authenticator.so forward_pass secret=/home/${USER}/.google_authenticator user=apache
auth required pam_google_authenticator.so forward_pass secret=/etc/httpd/totp/${USER} user=apache
auth required pam_unix.so use_first_pass
account required pam_unix.so