Re: [Bacula-users] SELinux Issues with Baculum

Sat, 02 Sep 2017 14:54:33 -0700 

I figured it out:

semanage fcontext -a -t httpd_sys_rw_content_t 
'/etc/baculum/Config-web-apache(/.*)?'
restorecon -R -v /etc/baculum/Config-web-apache/

semanage fcontext -a -t httpd_log_t 
'/usr/share/baculum/htdocs/protected/Web/Logs(/.*)?'
restorecon -R -v /usr/share/baculum/htdocs/protected/Web/Logs/

Thanks

Jim Richardson
CISSP CISA

SecurIT360

From: Jim Richardson
Sent: Saturday, September 2, 2017 4:37 PM
To: bacula-users@lists.sourceforge.net
Subject: SELinux Issues with Baculum

I am setting up a test environment to plan for my 9.0.3 upgrade.  I am having 
strange issues with SELinux enabled when I try to access the Baculum web 
console for the first time.  I am receiving no new entries in my audit.log.  
audit2allow shows nothing.  Can anyone help?  If I use setenforce to permissive 
everything works.

Here are my symptoms:

#######################
# Browser Message
#######################
TConfigurationException

Description
TFileLogRoute.LogPath 'Application.Web.Logs' must be a directory in namespace 
format and must be writable by the Web server process.

Source File
/usr/share/baculum/htdocs/framework/Util/TLogRouter.php (402)

#######################
# Apache Logs
#######################
[Sat Sep 02 16:24:52.017662 2017] [access_compat:error] [pid 14809] [client 
192.168.17.1:54332] AH01797: client denied by server configuration: 
/usr/share/baculum/htdocs/web
[Sat Sep 02 16:24:52.017911 2017] [access_compat:error] [pid 14809] [client 
192.168.17.1:54332] AH01797: client denied by server configuration: 
/usr/share/baculum/htdocs/index.php
[Sat Sep 02 16:24:52.018094 2017] [access_compat:error] [pid 14809] [client 
192.168.17.1:54332] AH01797: client denied by server configuration: 
/usr/share/baculum/htdocs/web
[Sat Sep 02 16:24:52.132974 2017] [access_compat:error] [pid 14809] [client 
192.168.17.1:54332] AH01797: client denied by server configuration: 
/usr/share/baculum/htdocs/favicon.ico, referer: 
http://192.168.17.168:9095/web/config/
[Sat Sep 02 16:24:52.133262 2017] [access_compat:error] [pid 14809] [client 
192.168.17.1:54332] AH01797: client denied by server configuration: 
/usr/share/baculum/htdocs/index.php, referer: 
http://192.168.17.168:9095/web/config/
[Sat Sep 02 16:24:52.133571 2017] [access_compat:error] [pid 14809] [client 
192.168.17.1:54332] AH01797: client denied by server configuration: 
/usr/share/baculum/htdocs/favicon.ico, referer: 
http://192.168.17.168:9095/web/config/

# yum list bacula*
Installed Packages
bacula-client.x86_64                                  9.0.3-1.el7.centos        
                     @slaanesh-Bacula
bacula-common.x86_64                                  9.0.3-1.el7.centos        
                     @slaanesh-Bacula
bacula-console.x86_64                                 9.0.3-1.el7.centos        
                     @slaanesh-Bacula
bacula-director.x86_64                                9.0.3-1.el7.centos        
                     @slaanesh-Bacula
bacula-libs.x86_64                                    9.0.3-1.el7.centos        
                     @slaanesh-Bacula
bacula-libs-sql.x86_64                                9.0.3-1.el7.centos        
                     @slaanesh-Bacula
bacula-storage.x86_64                                 9.0.3-1.el7.centos        
                     @slaanesh-Bacula

# yum list baculum*
baculum-common.noarch                                    9.0.3-1.el7.centos     
                         @baculumrepo
baculum-web.noarch                                       9.0.3-1.el7.centos     
                         @baculumrepo
baculum-web-httpd.noarch                                 9.0.3-1.el7.centos     
                         @baculumrepo

# yum list *release*
centos-release.x86_64                                       7-3.1611.el7.centos 
                            @anaconda
elrepo-release.noarch                                       7.0-3.el7.elrepo    
                            installed
epel-release.noarch                                         7-10                
                            @epel

# yum list http*
httpd.x86_64                                                  
2.4.6-45.el7.centos.4                          @updates

# yum list php-*
php.x86_64                                                            
5.4.16-42.el7                             @base

# yum list postgres*
postgresql.x86_64                                                  9.2.18-1.el7 
                                @base

Jim Richardson
Vice President of Security Operations
CISSP CISA

SecurIT360
530 Beacon Pkwy W, Suite 901 | Birmingham, AL 35209
O: 205.419.9066 x1010 | P: 205.249.6930 | F: 205.449.1425
www.securit360.com<http://www.securit360.com/> | 
j...@securit360.com<mailto:j...@securit360.com>

CONFIDENTIALITY: This email (including any attachments) may contain 
confidential, proprietary and privileged information, and unauthorized 
disclosure or use is prohibited. If you received this email in error, please 
notify the sender and delete this email from your system. Thank you.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Reply via email to