Hi all, I am running into the same issue. I tried various combinations including setting the type to var_log_t,httpd_log_t and others and changing the user to system (basically setting the enforcement as the httpd logs) but all to no avail.
Has anyone had any luck with it? For the time being I've turned off enforcement which fixes the WUI error, but I would like to get SELinux re-enabled. Best Regards, -Joel -----Original Message----- From: ossec-list@googlegroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Schroeder Sent: Monday, August 13, 2007 5:33 PM To: ossec-list Subject: [ossec-list] Re: OSSEC Web Interface--Unable to access ossec directory avc deny = SELinux problem. I'm not any SELinux guru, but you might be able to fix this. http://fedoraproject.org/wiki/SELinux/apache Gives a few pointers. I *think* something like this will work until a proper SELinux policy is written for ossec: chcon -R -h -t httpd_unconfined_script_exec_t /path/to/ossec-wui chcon -R -h -t httpd_sys_content_t /var/ossec/logs If you get tired of all of this and want to disable SELinux: setenforce 0 Try looking at what labels are on ossec and on apache: ps aux -Z | egrep 'httpd|ossec' ls -alZ /var/ossec/ /path/to/ossec-wui The -Z option shows SELinux labelling attributes. You can also use the avc deny messages you got to feed into the audit2allow tool to create a template that permits what was denied. Note that I have 0 fedora boxes to test this on so it is mostly from what I can read and remember. On Aug 13, 3:16 pm, Robert5156 <[EMAIL PROTECTED]> wrote: > I followed the instructi0ons in the link below > > http://www.ossec.net/wiki/index.php/OSSECWUI:Install > > for installing web interface. > > I did add the web user to the ossec group and i did restart the apache > service. > > When i access the site "http ://anyhost/ossec-wui/" i am getting the > error on the web page saying > > "Unable to access ossec directory" > > I also get a notification from OSSEC installed on this system saying > the following > > OSSEC HIDS Notification. > 2007 Aug 13 16:09:20 > > Received From: systemname->/var/log/messages > Rule: 1002 fired (level 7) -> "Unknown problem somewhere in the > system." > Portion of the log(s): > > Aug 13 16:09:19 systemname kernel: audit(1187046559.343:130): avc: > denied { read } for pid=29595 comm="httpd" name="ossec" dev=dm-0 > ino=16957254 scontext=root:system_r:httpd_t:s0 > tcontext=root:object_r:var_t:s0 tclass=dir > > --END OF NOTIFICATION > > Help please. > apache is my web user.Found by using ps -aux | grep http > > The tmp/ folder inside ossec-wui folder has the following permissions > > drwxrwxrwx 2 root apache 4096 Aug 13 15:05 tmp > > The etc/group file has > "ossec:x:3004:apache" added > > /var/ossec is the dir which has ossec installed.The permissions for > ossec folder are as follows. > > dr-xr-xr-- 11 root ossec 4096 Aug 8 11:07 ossec > > Help please. Running Fedora 6
