HI,
Try disabling Don't Audit rules
semodule -DB
Then check /var/log/audit.log
To re-enable
semodule -B
On Tue, Sep 5, 2017 at 5:07 AM, Gregory P. Ennis <PoMec@xxxxxxxxx> wrote:
> Everyone,
>
> I am trying to use a cgi perl script for a CentOs 7 website that works
> fine with selinux in permissive mode but fails with selinux in enforcing
> mode.
>
> The problem I have is that I can not find where the selinux error
> message is being recorded.
>
> It does not appear to be in the /var/log/messages
> or /var/log/audit/audit.log. I do not get
> any /var/log/httpd/ssl_error_log entries. I do get a successful entry
> into /var/log/httpd/ssl_access_log and ssl_request_log when selinux is
> in permissive mode, but not when selinux is in enforcing mode.
>
> The only place I can see that I am getting an error message is in the
> /var/log/httpd/error_log which is as follows :
>
> Mon Sep 04 11:40:24.216569 2017] [cgi:error] [pid 2290] [client
> x.x.x.x:55748] AH01215: (13)Permission denied: exec of
> '/var/www/cgi-bin/name.of.script.cgi' failed, referer:
> https://name.domain.com/
>
> When selinux is in permissive mode the above error does not occur and
> the script works fine. When selinux is in enforcing mode the above
> error occurs, and the cgi script fails to execute.
>
> Is there a way to increase the sensitivity of selinux loging, or is
> there a different place to look for the error that prevents the
> execution of the script.
>
> Your help would be appreciated.
>
> Thanks,
>
> Greg Ennis
>
>
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos
>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
