-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This issue not linux-specific, Mike. As a minimum for me - I'm never use Linux. :) 24.01.2015 2:08, Mike пишет: > For a Red Hat/CentOS based OS, selinux causes that. > > The fix I found in this case: > > Before the below “audit2allow” command will work, you will need to install the needed tool for selinux: > > * yum -yinstall policycoreutils-python > (which will also install a few other dependencies). > > To temporarily set selinux to permissive: > > * echo 0 >/selinux/enforce > > To re-enable after it is fixed: > * echo 1 >/selinux/enforce > > Check the /var/log/audit/audit.log for the type=AVC relating to the ssl_crtd entries (easy way is "grep AVC audit.log | less" ). > > To find out WHY it is happening in selinux, use this: > grep ssl_crtd /var/log/audit/audit.log | audit2allow -w > > > Start in /tmp/ folder since we will not need these files for long. > > * grep ssl_crtd /var/log/audit/audit.log | audit2allow -m ssl_crtdlocal > ssl_crtdlocal.te > - outputs the suggested settings into the file ssl_crtdlocal.te, which we will review below in “cat” > * cat ssl_crtdlocal.te > - to review the created file and show what will be donein selinux > * grep ssl_crtd /var/log/audit/audit.log | audit2allow -M ssl_crtdlocal > - Note the capital M, this Makes the needed file, ready for selinux to import, and then the next command below actually enables it. > * semodule -i ssl_crtdlocal.pp > - Used to enable the new policy in selinux > > As long as it is now working properly, can delete the *.te and *.pp files created in the /tmp/ folder. > > Now all of this is mute if selinux is not used so there may likely be other explanations, but this at least covers RedHat based OS's with selinux. I documented all of this since our servers ran into the same issue due to selinux, and this was how we resolved it. > > > Mike > > > > On 1/22/2015 6:17 AM, HackXBack wrote: >> hello, >> every day i found this error and my cache stop >> >> then i remove the ssl database then restart squid >> >> next day the problem happen again , >> am using squid 3.4.11 >> >> what may cause this problem ? >> >> thanks. >> >> >> >> -- >> View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/FATAL-The-ssl-crtd-helpers-are-crashing-too-rapidly-need-help-tp4669257.html >> Sent from the Squid - Users mailing list archive at Nabble.com. >> _______________________________________________ >> squid-users mailing list >> squid-users@xxxxxxxxxxxxxxxxxxxxx >> http://lists.squid-cache.org/listinfo/squid-users >> > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJUwqq9AAoJENNXIZxhPexGQMsIAMvP4+N59KAmo3qhtMIfUllI hItHPDd2bhGXx5tR/71bJdt9wDJCMEUU4U/+ZJJBOkUd/TyO54RLTffvkW6DjV9z itmu+mcPTpX5U/9vY1GUobipGWiqqWLMzAV4+nGYTIlWN84DIRcwWobTpL8W970Y l+vazCDJfwKLaopIWcq+/DOVNuYfWIngsRtbZJWatxhNRFTO7BvGCxZ7Ee4gEK/t T7ICTeTrg62gktdZWDB4CBzNTctLXcWX9KkXV4gmVHI2IJcx8+x5ztmPj64uhL1m 9OwwxlaKMFMiTmGNijsUe/+nawamHodgtVjaBaYAOzuMvTAv5w0RZ65qZnpsXpQ= =wH+S -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
