[CentOS] selinux allow apache log access
Tim Dunphy
bluethundr at gmail.com
Wed Jun 17 20:14:32 UTC 2015
Hey guys,
Thanks! That worked.
[root at monitor2:~] #grep zabbix /var/log/audit/audit.log | audit2allow -M
myzabbix
******************** IMPORTANT ***********************
To make this policy package active, execute:
semodule -i myzabbix.pp
[root at monitor2:~] #semodule -i myzabbix.pp
[root at monitor2:~] #lsof -i :80
[root at monitor2:~] #systemctl start httpd
[root at monitor2:~] #lsof -i :80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
httpd 18664 root 4u IPv6 12477027 0t0 TCP *:http (LISTEN)
httpd 18665 apache 4u IPv6 12477027 0t0 TCP *:http (LISTEN)
httpd 18666 apache 4u IPv6 12477027 0t0 TCP *:http (LISTEN)
httpd 18667 apache 4u IPv6 12477027 0t0 TCP *:http (LISTEN)
httpd 18668 apache 4u IPv6 12477027 0t0 TCP *:http (LISTEN)
httpd 18669 apache 4u IPv6 12477027 0t0 TCP *:http (LISTEN)
[root at monitor2:~] #getenforce
Enforcing
Definitely appreciate the help and sorry if there was any confusion on my
part. All set at this point!
Best,
Tim
On Wed, Jun 17, 2015 at 4:11 PM, Daniel J Walsh <dwalsh at redhat.com> wrote:
>
>
> On 06/17/2015 04:03 PM, Jonathan Billings wrote:
> > On Wed, Jun 17, 2015 at 03:30:51PM -0400, Tim Dunphy wrote:
> >> No prob! Thanks for all the help! But in searching my system I don't
> find
> >> anything of the sort.
> >>
> >> [root at monitor2:~] #updatedb
> >> [root at monitor2:~] #locate myzabbix.te
> >> [root at monitor2:~] #find / -name "myzabbix.*"
> >>
> >> I also did search using 'yum provides' to find something similar. But
> >> wasn't' able to find anything.
> > What we're asking for is the contents of the .te file that is created
> > when you run audit2allow.
> >
> Go back to the original email and do what you were told
>
> # grep zabbix /var/log/audit/audit.log | audit2allow -M myzabbix
> # semodule -i myzabbix.pp
>
> You did audit2allow -M zabbix
>
> Which created zabbix.te and zabbix.pp, which is bad. It will attempt to
> replace the system module.
>
> If you use myzappix, it will add the allow rules.
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
--
GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
More information about the CentOS
mailing list