SELinux is preventing /usr/bin/webalizer from 'remove_name' accesses on the directory webalizer.hist.new. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that webalizer should be allowed remove_name access on the webalizer.hist.new directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep /usr/bin/webalizer /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:webalizer_t:s0-s0:c0.c1023 Target Context system_u:object_r:squid_log_t:s0 Target Objects webalizer.hist.new [ dir ] Source webalizer Source Path /usr/bin/webalizer Port <Unknown> Host (removed) Source RPM Packages webalizer-2.21_02-3 Target RPM Packages Policy RPM selinux-policy-3.9.7-18.fc14 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 2.6.35.10-72.fc14.x86_64 #1 SMP Mon Dec 20 21:14:22 UTC 2010 x86_64 x86_64 Alert Count 1 First Seen Sun 26 Dec 2010 05:26:08 AM NZDT Last Seen Sun 26 Dec 2010 05:26:08 AM NZDT Local ID 58fb29a4-f95e-4071-81cb-4d77719e7f56 Raw Audit Messages type=AVC msg=audit(1293294368.853:49059): avc: denied { remove_name } for pid=9108 comm="webalizer" name="webalizer.hist.new" dev=md2 ino=25952938 scontext=system_u:system_r:webalizer_t:s0-s0:c0.c1023 tcontext=system_u:object_r:squid_log_t:s0 tclass=dir webalizer,webalizer_t,squid_log_t,dir,remove_name type=AVC msg=audit(1293294368.853:49059): avc: denied { rename } for pid=9108 comm="webalizer" name="webalizer.hist.new" dev=md2 ino=25952938 scontext=system_u:system_r:webalizer_t:s0-s0:c0.c1023 tcontext=system_u:object_r:squid_log_t:s0 tclass=file webalizer,webalizer_t,squid_log_t,dir,remove_name type=AVC msg=audit(1293294368.853:49059): avc: denied { unlink } for pid=9108 comm="webalizer" name="webalizer.hist" dev=md2 ino=25952995 scontext=system_u:system_r:webalizer_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:squid_log_t:s0 tclass=file webalizer,webalizer_t,squid_log_t,dir,remove_name type=SYSCALL msg=audit(1293294368.853:49059): arch=x86_64 syscall=rename success=yes exit=0 a0=7fffd8d1adb0 a1=11caa20 a2=3a7ed9f218 a3=1 items=0 ppid=9105 pid=9108 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=58 comm=webalizer exe=/usr/bin/webalizer subj=system_u:system_r:webalizer_t:s0-s0:c0.c1023 key=(null) webalizer,webalizer_t,squid_log_t,dir,remove_name #============= webalizer_t ============== allow webalizer_t squid_log_t:dir remove_name; allow webalizer_t squid_log_t:file { rename unlink };
Where are these files located? webalizer.hist? Under one of these directories? var/log/squid? /var/log/squidGuard?
# pwd /var/log/squid # ll total 28400 -rw-r-----. 1 squid squid 13220595 Dec 29 09:04 access.log -rw-r-----. 1 squid squid 1529746 Dec 5 03:04 access.log-20101205.gz -rw-r-----. 1 squid squid 4670044 Dec 12 04:32 access.log-20101212.gz -rw-r-----. 1 squid squid 5181598 Dec 19 04:21 access.log-20101219.gz -rw-r-----. 1 squid squid 4371157 Dec 26 05:25 access.log-20101226.gz -rw-r-----. 1 squid squid 8468 Dec 29 08:50 cache.log -rw-r-----. 1 squid squid 2397 Dec 4 19:42 cache.log-20101205.gz -rw-r-----. 1 squid squid 2838 Dec 12 03:29 cache.log-20101212.gz -rw-r-----. 1 squid squid 2591 Dec 19 03:05 cache.log-20101219.gz -rw-r-----. 1 squid squid 4766 Dec 26 04:52 cache.log-20101226.gz -rw-r--r--. 1 root root 0 Dec 2 11:23 squid.out drwxr-xr-x. 2 root root 4096 Dec 2 13:40 usage/ -rw-r--r--. 1 root root 23726 Dec 2 13:37 webalizer.conf -rw-r--r--. 1 root root 23735 Dec 2 11:26 webalizer.conf~ -rw-r--r--. 1 root root 2882 Dec 28 03:14 webalizer.hist
Is this a standard location for these files? Should webalizer me able to manage squid log files?
The squid log files are in the standard place. A comparison of the actual and default configuration files confirms this. I installed squid using the yum install process. from 'man webalizer' [...] o A default configuration file is scanned for. A file named webalizer.conf is searched for in the current directory, and if found, and is owned by the invoking user, then its configura‐ tion data is parsed. Webalizer has no problems processing squid log files and squid is mentioned several times in the webalizer documentation.
Ok Miroslav add optional_policy(` squid_manage_logs(webalizer_t) ')
Fixed in selinux-policy-3.9.7-20.fc14
selinux-policy-3.9.7-20.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-20.fc14
selinux-policy-3.9.7-20.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-20.fc14
# yum --enablerepo=updates-testing update selinux-policy Loaded plugins: auto-update-debuginfo, langpacks, presto, refresh-packagekit Adding en_US to language list Found 154 installed debuginfo package(s) Enabling updates-testing-debuginfo: Fedora 14 - x86_64 - Test Updates Debug Enabling rpmfusion-free-updates-debuginfo: RPM Fusion for Fedora 14 - Free - Updates Debug Enabling rpmfusion-nonfree-updates-debuginfo: RPM Fusion for Fedora 14 - Nonfree - Updates Debug Enabling rpmfusion-free-debuginfo: RPM Fusion for Fedora 14 - Free - Debug updates-testing/metalink | 43 kB 00:01 updates-testing | 4.7 kB 00:00 updates-testing/primary_db | 632 kB 00:01 updates-testing-debuginfo/metalink | 36 kB 00:01 updates-testing-debuginfo | 3.1 kB 00:00 updates-testing-debuginfo/primary_db | 52 kB 00:00 Setting up Update Process No Packages marked for Update # date Thu Jan 6 12:45:11 NZDT 2011 #
selinux-policy-3.9.7-20.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.