That's an selinux message. Are you running selinux in "ENFORCING" mode? If so, you will have to grant the web server proc read-access to the ossec directory/log files.
What do you have in your /etc/sysconfig/selinux config file? -Chuck (mdmonk) On 8/13/07, Robert5156 <[EMAIL PROTECTED]> wrote: > > I followed the instructi0ons in the link below > > http://www.ossec.net/wiki/index.php/OSSECWUI:Install > > for installing web interface. > > I did add the web user to the ossec group and i did restart the apache > service. > > When i access the site "http ://anyhost/ossec-wui/" i am getting the > error on the web page saying > > "Unable to access ossec directory" > > > I also get a notification from OSSEC installed on this system saying > the following > > OSSEC HIDS Notification. > 2007 Aug 13 16:09:20 > > Received From: systemname->/var/log/messages > Rule: 1002 fired (level 7) -> "Unknown problem somewhere in the > system." > Portion of the log(s): > > Aug 13 16:09:19 systemname kernel: audit(1187046559.343:130): avc: > denied { read } for pid=29595 comm="httpd" name="ossec" dev=dm-0 > ino=16957254 scontext=root:system_r:httpd_t:s0 > tcontext=root:object_r:var_t:s0 tclass=dir > > --END OF NOTIFICATION > > > Help please. > apache is my web user.Found by using ps -aux | grep http > > The tmp/ folder inside ossec-wui folder has the following permissions > > drwxrwxrwx 2 root apache 4096 Aug 13 15:05 tmp > > The etc/group file has > "ossec:x:3004:apache" added > > /var/ossec is the dir which has ossec installed.The permissions for > ossec folder are as follows. > > dr-xr-xr-- 11 root ossec 4096 Aug 8 11:07 ossec > > Help please. Running Fedora 6 > >