SELinux is preventing /usr/bin/perl "write" access on /tmp.
Detailed Description:
SELinux denied access requested by awstats.pl. It is not expected
that this
access is required by awstats.pl and this access may signal an
intrusion
attempt. It is also possible that the specific version or
configuration of the
application is causing it to require additional access.
Error: Couldn't open server
log file "/var/log/httpd/access_log" : Permission denied
Setup ('/etc/awstats/awstats.mydomain.conf' file, web server or
permissions) may be wrong.
Check config file, permissions and AWStats documentation (in 'docs'
directory).
SELinux is preventing /usr/bin/perl from using potentially
mislabeled files
/var/log/httpd/access_log.
Detailed Description:
SELinux has denied the awstats.pl access to potentially mislabeled
files
/var/log/httpd/access_log. This means that SELinux will not allow
httpd to use
these files. If httpd should be allowed this access to these files
you should
change the file context to one of the following types,
httpd_awstats_ra_content_t, httpd_awstats_rw_content_t, etc_t,
fonts_t,
fonts_cache_t, ld_so_t, httpd_awstats_content_t, ld_so_cache_t,
shell_exec_t,
configfile, httpd_awstats_script_t, abrt_var_run_t,
public_content_t,
sysctl_crypto_t, abrt_t, lib_t, application_exec_type, exec_type,
afs_cache_t,
awstats_var_lib_t, abrt_helper_exec_t, chroot_exec_t,
httpd_awstats_script_exec_t, public_content_rw_t, ld_so_t, bin_t,
lib_t,
textrel_shlib_t, rpm_script_tmp_t, locale_t, proc_t, etc_runtime_t,
lib_t,
usr_t. Many third party apps install html files in directories that
SELinux
policy cannot predict. These directories have to be labeled with a
file context
which httpd can access.
Allowing Access:
If you want to change the file context of /var/log/httpd/access_log
so that the
httpd daemon can access it, you need to execute it using semanage
fcontext -a -t
FILE_TYPE '/var/log/httpd/access_log'.
where FILE_TYPE is one of the following: httpd_awstats_ra_content_t,
httpd_awstats_rw_content_t, etc_t, fonts_t, fonts_cache_t, ld_so_t,
httpd_awstats_content_t, ld_so_cache_t, shell_exec_t, configfile,
httpd_awstats_script_t, abrt_var_run_t, public_content_t,
sysctl_crypto_t,
abrt_t, lib_t, application_exec_type, exec_type, afs_cache_t,
awstats_var_lib_t,
abrt_helper_exec_t, chroot_exec_t, httpd_awstats_script_exec_t,
public_content_rw_t, ld_so_t, bin_t, lib_t, textrel_shlib_t,
rpm_script_tmp_t,
locale_t, proc_t, etc_runtime_t, lib_t, usr_t. You can look at the
httpd_selinux
man page for additional information.
Additional Information:
Source Context
unconfined_u:system_r:httpd_awstats_script_t:s0
Target Context system_u:object_r:httpd_log_t:s0
Target Objects /var/log/httpd/access_log [ file ]
Source awstats.pl
Source Path /usr/bin/perl
Port <Unknown>
Host <MyDomain>
Source RPM Packages perl-5.10.1-123.fc13
Target RPM Packages
Policy RPM selinux-policy-3.7.19-101.fc13
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Plugin Name httpd_bad_labels
Host Name <MyDomain>
Platform Linux <MyDomain>
2.6.34.9-69.fc13.i686 #1 SMP
Tue May 3 09:20:30 UTC 2011 i686 i686
Alert Count 1
First Seen Tue 23 Oct 2012 12:59:57 PM PDT
Last Seen Tue 23 Oct 2012 12:59:57 PM PDT
Local ID fbfdf21d-9107-4c18-9045-1e99fc58d39c
Line Numbers