Re: [CentOS] CentOS 5: rsyncd log problem
Peter Kjellstrom wrote: ... We have a custom selinux module which looks like this (header + rsync part): Thank you for the module, but I couldn't get anything to work. I've disabled selinux instead... Mogens -- Mogens Kjaer, Carlsberg A/S, Computer Department Gamle Carlsberg Vej 10, DK-2500 Valby, Denmark Phone: +45 33 27 53 25, Fax: +45 33 27 47 08 Email: [EMAIL PROTECTED] Homepage: http://www.crc.dk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5: rsyncd log problem
On Saturday 21 July 2007, Mogens Kjaer wrote:
> Mogens Kjaer wrote:
> ...
>
> > # ls -lZ /etc/rsyncd.conf
> > -rw-r--r-- root root root:object_r:etc_t /etc/rsyncd.conf
> > # ls -lZ /var/log/rsyncd.log
> > -rw-r--r-- root root root:object_r:var_log_t
> > /var/log/rsyncd.log
>
> If I reboot with selinux=disabled logging works to
> the /var/log/rsyncd.log file. If I enable selinux
> again, touch /.autorelabel and reboot, logging
> goes back to /var/log/messages.
I'm sorry for misleading you, my config wasn't as vanilla as I thought. A
colleague had done some selinux magic to enable rsync to work the way it
does.
We have a custom selinux module which looks like this (header + rsync part):
begin custom.te
policy_module(custom,1.0.4)
require {
class dir { add_name getattr lock read search write };
class file { append create getattr lock read write };
class lnk_file { getattr read };
type ftpd_t;
type httpd_sys_content_t;
type httpd_t;
type rsync_t;
type var_log_t;
role system_r;
};
allow rsync_t var_log_t:file { append getattr };
allow rsync_t httpd_sys_content_t:dir { getattr read search };
allow rsync_t httpd_sys_content_t:file { getattr read };
allow rsync_t httpd_sys_content_t:lnk_file { getattr read };
end custom.te
The key line is the "allow rsync_t var_log_t"-one. This allows rsync to write
to files /var (files there inherit var_log_t). The above is not a complete
instruction on how to get it to work but should be enough to get you started
in the right direction (unless you haven't already left selinux behind you,
hehe). You might also want to read the manpage for semodule.
/Peter
> I don't see any SELinux errors.
>
> Mogens
signature.asc
Description: This is a digitally signed message part.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5: rsyncd log problem
Mogens Kjaer wrote: ... # ls -lZ /etc/rsyncd.conf -rw-r--r-- root root root:object_r:etc_t /etc/rsyncd.conf # ls -lZ /var/log/rsyncd.log -rw-r--r-- root root root:object_r:var_log_t /var/log/rsyncd.log If I reboot with selinux=disabled logging works to the /var/log/rsyncd.log file. If I enable selinux again, touch /.autorelabel and reboot, logging goes back to /var/log/messages. I don't see any SELinux errors. Mogens -- Mogens Kjaer, Carlsberg A/S, Computer Department Gamle Carlsberg Vej 10, DK-2500 Valby, Denmark Phone: +45 33 27 53 25, Fax: +45 33 27 47 08 Email: [EMAIL PROTECTED] Homepage: http://www.crc.dk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5: rsyncd log problem
Peter Kjellstrom wrote: ... Mine runs from xinetd and I have selinux enabled. Here are some more bits of information: [EMAIL PROTECTED] ~]# ls -lZ /etc/rsyncd.conf -rw-r--r-- root root root:object_r:etc_t /etc/rsyncd.conf [EMAIL PROTECTED] ~]# ls -lZ /var/log/rsyncd.log -rw-r--r-- root root user_u:object_r:var_log_t/var/log/rsyncd.log [EMAIL PROTECTED] ~]# sestatus SELinux status: enabled SELinuxfs mount:/selinux Current mode: enforcing Mode from config file: enforcing Policy version: 21 Policy from config file:targeted [EMAIL PROTECTED] ~]# uname -a Linux host 2.6.18-8.1.8.el5 #1 SMP Tue Jul 10 06:50:22 EDT 2007 i686 i686 i386 GNU/Linux [EMAIL PROTECTED] ~]# rpm -qf $(type -p rsync) rsync-2.6.8-3.1 I have: # cat /etc/rsyncd.conf read only = yes pid file = /var/run/rsyncd.pid log file = /var/log/rsyncd.log transfer logging = yes dont compress = * [Fedora] path = /var/ftp/pub/mirrors/fedora comment = Fedora mirror [CentOS] path = /var/ftp/pub/mirrors/centos comment = CentOS mirror # ls -lZ /etc/rsyncd.conf -rw-r--r-- root root root:object_r:etc_t /etc/rsyncd.conf # ls -lZ /var/log/rsyncd.log -rw-r--r-- root root root:object_r:var_log_t /var/log/rsyncd.log # sestatus SELinux status: enabled SELinuxfs mount:/selinux Current mode: enforcing Mode from config file: enforcing Policy version: 21 Policy from config file:targeted # uname -a Linux ftp.crc.dk 2.6.18-8.1.8.el5 #1 SMP Tue Jul 10 06:50:22 EDT 2007 i686 i686 i386 GNU/Linux # rpm -qf /usr/bin/rsync rsync-2.6.9-1.el5.rf This is what gets logged in /var/log/messages when a transfer is started: Jul 21 08:48:40 ftp xinetd[2390]: START: rsync pid=5165 from=130.226.183.220 Jul 21 08:48:40 ftp rsyncd[5165]: connect from server1.crc.dk (130.226.183.220) Jul 21 08:48:40 ftp rsyncd[5165]: rsync on Fedora/linux/core/5/i386/os from server1.crc.dk (130.226.183.220) Jul 21 06:48:40 ftp rsyncd[5165]: building file list Jul 21 06:48:41 ftp rsyncd[5165]: send server1.crc.dk [130.226.183.220] Fedora () linux/core/5/i386/os/Fedora/RPMS/kdeedu-3.5.1-1.2.i386.rpm 30534317 No SELinux errors. Why is your rsync 2.6.8? Mogens -- Mogens Kjaer, Carlsberg A/S, Computer Department Gamle Carlsberg Vej 10, DK-2500 Valby, Denmark Phone: +45 33 27 53 25, Fax: +45 33 27 47 08 Email: [EMAIL PROTECTED] Homepage: http://www.crc.dk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5: rsyncd log problem
On Friday 20 July 2007, Mogens Kjaer wrote: > Peter Kjellstrom wrote: > > Mine logs ok and looks like this: > > > > motd file = /etc/rsyncd.motd > > log file = /var/log/rsyncd.log > > transfer logging = yes > > > > This is on centos-5.0.i386 > > If rsync is started manually like > > rsync --daemon > > it works, if it is started from xinetd, it doesn't > work. Strange. > > Mogens Mine runs from xinetd and I have selinux enabled. Here are some more bits of information: [EMAIL PROTECTED] ~]# ls -lZ /etc/rsyncd.conf -rw-r--r-- root root root:object_r:etc_t /etc/rsyncd.conf [EMAIL PROTECTED] ~]# ls -lZ /var/log/rsyncd.log -rw-r--r-- root root user_u:object_r:var_log_t/var/log/rsyncd.log [EMAIL PROTECTED] ~]# sestatus SELinux status: enabled SELinuxfs mount:/selinux Current mode: enforcing Mode from config file: enforcing Policy version: 21 Policy from config file:targeted [EMAIL PROTECTED] ~]# uname -a Linux host 2.6.18-8.1.8.el5 #1 SMP Tue Jul 10 06:50:22 EDT 2007 i686 i686 i386 GNU/Linux [EMAIL PROTECTED] ~]# rpm -qf $(type -p rsync) rsync-2.6.8-3.1 /Peter signature.asc Description: This is a digitally signed message part. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5: rsyncd log problem
Peter Kjellstrom wrote: > On Thursday 19 July 2007, Mogens Kjaer wrote: >> I run a CentOS/Fedora mirror with rsync access. > > I do that too :-) > >> I have the following rsyncd.conf file: >> >> >> read only = true >> transfer logging = true >> pid file = /var/run/rsyncd.pid >> log file = /var/log/rsyncd.log >> dont compress = * > > Mine logs ok and looks like this: > > motd file = /etc/rsyncd.motd > log file = /var/log/rsyncd.log > transfer logging = yes > > This is on centos-5.0.i386 If rsync is started manually like rsync --daemon it works, if it is started from xinetd, it doesn't work. Strange. Mogens -- Mogens Kjaer, Carlsberg A/S, Computer Department Gamle Carlsberg Vej 10, DK-2500 Valby, Denmark Phone: +45 33 27 53 25, Fax: +45 33 27 47 08 Email: [EMAIL PROTECTED] Homepage: http://www.crc.dk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5: rsyncd log problem
Peter Kjellstrom wrote: On Thursday 19 July 2007, Mogens Kjaer wrote: I run a CentOS/Fedora mirror with rsync access. I do that too :-) I have the following rsyncd.conf file: read only = true transfer logging = true pid file = /var/run/rsyncd.pid log file = /var/log/rsyncd.log dont compress = * Mine logs ok and looks like this: motd file = /etc/rsyncd.motd log file = /var/log/rsyncd.log transfer logging = yes This is on centos-5.0.i386 Strange; is SELinux enabled on your system? Mogens -- Mogens Kjaer, Carlsberg A/S, Computer Department Gamle Carlsberg Vej 10, DK-2500 Valby, Denmark Phone: +45 33 27 53 25, Fax: +45 33 27 47 08 Email: [EMAIL PROTECTED] Homepage: http://www.crc.dk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5: rsyncd log problem
On Thursday 19 July 2007, Mogens Kjaer wrote: > I run a CentOS/Fedora mirror with rsync access. I do that too :-) > I have the following rsyncd.conf file: > > > read only = true > transfer logging = true > pid file = /var/run/rsyncd.pid > log file = /var/log/rsyncd.log > dont compress = * Mine logs ok and looks like this: motd file = /etc/rsyncd.motd log file = /var/log/rsyncd.log transfer logging = yes This is on centos-5.0.i386 /Peter signature.asc Description: This is a digitally signed message part. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 5: rsyncd log problem
I run a CentOS/Fedora mirror with rsync access. I have the following rsyncd.conf file: read only = true transfer logging = true pid file = /var/run/rsyncd.pid log file = /var/log/rsyncd.log dont compress = * [Fedora] path = /var/ftp/pub/mirrors/fedora comment = Fedora mirror [CentOS] path = /var/ftp/pub/mirrors/centos comment = CentOS mirror My problem is that nothing gets logged into /var/log/rsyncd.log, all logging occurs into /var/log/messages instead. There's no error message that /var/log/rsyncd.log (the file doesn't exist) can't be opened. What have I done wrong? Mogens -- Mogens Kjaer, Carlsberg A/S, Computer Department Gamle Carlsberg Vej 10, DK-2500 Valby, Denmark Phone: +45 33 27 53 25, Fax: +45 33 27 47 08 Email: [EMAIL PROTECTED] Homepage: http://www.crc.dk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
