Displaying 20 results from an estimated 900 matches similar to: "selinux allow apache log access"
2015 Jun 17
2
selinux allow apache log access
>
> Try something like:
> grep zabbix /var/log/audit/audit.log | audit2allow -M zabbix
> semodule -i zabbix.pp
Thanks for your response! However this is what happens when I try to
install the module:
[root at monitor2:~] #semodule -i zabbix.pp
libsepol.print_missing_requirements: zabbix's global requirements were not
met: type/attribute zabbix_t (No such file or directory).
2015 Jun 17
2
selinux allow apache log access
>
> That's because there's already a zabbix module loaded (the message isn't
> very informative!). I forgot that the received wisdom is to insert "my" in
> front of ones own modules i.e.:
> grep zabbix /var/log/audit/audit.log | audit2allow -M myzabbix
> semodule -i myzabbix.pp
Hmm no luck there either:
[root at monitor2:~] #semodule -i myzabbix.pp
2015 Jun 17
0
selinux allow apache log access
Try something like:
grep zabbix /var/log/audit/audit.log | audit2allow -M zabbix
semodule -i zabbix.pp
On 16/06/15 15:58, Tim Dunphy wrote:
> Hey guys,.
>
> I have a centos 7 machine I'm using as a zabbix server. And I noticed that
> apache won't start, with this complaint in the error log:
>
> (13)Permission denied: AH00091: httpd: could not open error log file
>
2015 Jun 17
2
selinux allow apache log access
>
> What turns up in myzabbix.te?
Same deal. :(
#semodule -i myzabbix.te
semodule: Failed on myzabbix.te!
sigh... but thanks any other clues?
On Wed, Jun 17, 2015 at 11:42 AM, Harold Toms <h.toms at qmul.ac.uk> wrote:
> On 17/06/15 16:29, Tim Dunphy wrote:
>
>> That's because there's already a zabbix module loaded (the message isn't
>>> very
2015 Jun 17
1
selinux allow apache log access
On 06/17/2015 04:03 PM, Jonathan Billings wrote:
> On Wed, Jun 17, 2015 at 03:30:51PM -0400, Tim Dunphy wrote:
>> No prob! Thanks for all the help! But in searching my system I don't find
>> anything of the sort.
>>
>> [root at monitor2:~] #updatedb
>> [root at monitor2:~] #locate myzabbix.te
>> [root at monitor2:~] #find / -name "myzabbix.*"
2015 Jun 17
2
selinux allow apache log access
>
> Sorry, I didn't put that very clearly. Could you show us the contents of
> myzabbix.te.
No prob! Thanks for all the help! But in searching my system I don't find
anything of the sort.
[root at monitor2:~] #updatedb
[root at monitor2:~] #locate myzabbix.te
[root at monitor2:~] #find / -name "myzabbix.*"
I also did search using 'yum provides' to find
2015 Jun 10
2
CentOS 7 Repeating Update Messages
I've install yum-cron on a new CentOS 7 host and after a recent update I
am now getting daily repeating emails about that update instead of the
single notification I was expecting. Does anyone know what's going on?
Kirk
2015 Jun 21
2
puppet files denied by SELinux
Hi all,
Thanks for all your suggestions. Here's where I'm at with this.
Can you give details about your puppetmasterd setup ? it seems that
> you're using Foreman as puppet ENC.
>
Yes, I'm on foreman 1.7.4 and puppet 3.75. You are correct that I'm using
foreman, sorry I hadn't thought to mention it!
> Foreman works fine with selinux enabled : that's what
2017 Oct 13
2
Centos 4.4 32-bit
I've just noticed the i386 Centos 7.4 updates have appeared, including
bringing it to kernel 3.10.0-693.2.2. I suspect that a great deal of
work had to go in to achieving this. May I say a big "Thank-You" to
everyone who has made this possible!
--
regards
Harold Toms
2015 Jun 29
1
puppet files denied by SELinux
I have no idea of the current dependency problem. I think your original
problem was caused by mv'ing files from an nfs share to /etc which
maintained the context. And SELinux prevented puppet from accessing
nfs_t type. If you had just run restorecon on the object it would have
set it back to the correct/default context.
You might want to setup an alias mv "mv -Z"
This changes
2015 Jun 17
0
selinux allow apache log access
On 17/06/15 16:29, Tim Dunphy wrote:
>> That's because there's already a zabbix module loaded (the message isn't
>> very informative!). I forgot that the received wisdom is to insert "my" in
>> front of ones own modules i.e.:
>> grep zabbix /var/log/audit/audit.log | audit2allow -M myzabbix
>> semodule -i myzabbix.pp
>
>
> Hmm no luck
2009 Oct 04
2
deliver stopped working
Hi:
I have been using Dovecot for well over a year now and it has always worked with few
problems. The mail setup is not simple...
Postfix+MailScanner+ClamAV+Docvecot+MySql+postfix.admin... just to mention the major
things. The system is CentOS 5.3 on VMware. The maildir is on an NFS share, index and
control is local.
About a month ago I thought I upgraded from 1.1.x to 1.2.x. by doing an
2018 Sep 09
1
Type enforcement / mechanism not clear
On 09/09/2018 07:19 AM, Daniel Walsh wrote:
> sesearch -A -s httpd_t -t system_conf_t -p read
>
> If you feel that these files should not be part of the base_ro_files
> then we should open that for discussion.
I think the question was how users would know that the policy allowed
access, as he was printing rules affecting httpd_t's file read access,
and looking for
2013 Jan 21
4
Unable to replace a symlink with regular file
I am running Puppet 2.7.x (x varies from 14 to 20 on different machines).
I am trying to use Puppet to deploy a new Zabbix agent configuration file.
On all machines where the file wasn''t a symlink, the deployment worked.
However, every machine where it is a link, Puppet refuses to replace teh
link with a regular file or do anything with it.
I''ve read the type reference, and
2019 Jan 30
2
SELinux policy vs. static web content
Hi,
Some time ago I wrote an introductory article about SELinux on my blog.
I'm currently updating it for my new blog, and I found a curious change
in SELinux policy. Here goes.
For demonstration purposes, I'm using some static webpages, more exactly
the default pages found in /usr/share/httpd/noindex, which I simply
copied over to /var/www/html.
As a first practical example, I'm
2010 Sep 13
2
Puppet trying to start service before package is installed
Hi,
This one is driving me crazy. Problem is Puppet try to start some
services (in this case zabbix-agent) before it is installed.
My puppet-master is Debian 5.05 with Puppet 2.6.0 (from squeeze).
Target system is FreeBSD 8.1 with Puppet 2.6.1 (from packages-8-
stable).
When I run puppet manually in debug-mode I get:
MASTER:
debug: Adding relationship from Package[zabbix-agent] to File[zabbix-
2018 Sep 09
3
Type enforcement / mechanism not clear
Am 09.09.2018 um 14:49 schrieb Daniel Walsh <dwalsh at redhat.com>:
>
> On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote:
>> Any SElinux expert here - briefly:
>>
>> # getenforce
>> Enforcing
>>
>> # sesearch -ACR -s httpd_t -c file -p read |grep system_conf_t
>> <no output>
>>
>> # sesearch -ACR -s httpd_t -c file
2012 Feb 16
3
Baffled by selinux
Apache DocumentRoot on an NFS directory:
[root at localhost ~]# service httpd start
Starting httpd: Warning: DocumentRoot [/home/www/html] does not exist
Syntax error on line 292 of /etc/httpd/conf/httpd.conf:
DocumentRoot must be a directory
[FAILED]
[root at localhost ~]#
After some research, I found this (dated) link
2012 Jan 22
5
Augeas lens for zabbix agent config files?
Hi all,
I''m trying to come up with a lens for the zabbix agent config files. I
find the lens language untransparent at best, so I''m struggeling to
figure out what''s up. The debugging possibilities are extremely
limited. Here''s what I have now:
zabbix.aug:
====
(**
An adjusted copy of the postfix_main module
**)
module Zabbix_agent =
autoload xfm
2011 Jul 25
3
Sudo #includedir function ignored CentOS 6
I am unable to get the #includedir function to work with sudo. This works
just fine on all my CentOS 5.6 servers, but on 6 it is being ignored. I
have this line in the file /etc/sudoers.d/zabbix-puppet
zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet
However sudo still requires a password. If I put that same line into
/etc/sudoers file , there is no password prompt. At the end of my