Re: AWStats

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Daniel J Walsh wrote:

Steven Stromer wrote:


Hi,
A few weeks ago, I brought up a problem I was having with SELinux and AWStats. I am hoping that someone may be able to help. From my original post:
There exists an option in the web reporting pages called 'Update Now'. It allows you to update reports from the web server's logs without performing the log parsing from the command line. You must change the directive 'AllowToUpdateStatsFromBrowser' from 0 to 1 in your awstats .conf file to activate this practical feature. However, I have understand that the web-based update process needs access to the system's httpd access_log file (usually in /var/log/httpd). I have changed permissions on this file to httpd_sys_script_ra_t, but it was not sufficient to make the update feature work. 


Also, the awstats.pl file has permissions:
-rwxr-xr-x root root system_u:object_r:htpd_sys_script_exec_t awstats.pl
I can generate reports from the command line with no problem, but the web based tool returns an error saying that I do not have proper permissions.
I found one reference to another user having the same problem. The posting is minimal, but implies that 'touch /.autorelabel && shutdown -r now' fixed the problem. I basically understand what this command is intended to do, but I am concerned that executing it might do more damage to files that I've chcon'ed in the past, than it will fix. 

Any advise would be much appreciated. Please help!
What avc messages are you seeing? You should not need to relabel. But one file may be mislabeled or the policy may not allow it. Look in /var/log/messages or /var/log/audit/audit.log for avc message.
I've looked in both logs. Attempting to use the update feature in AWStats does not write any error messages to either of these log files. There are a few avc messages contained in each of the files, but none pertain to this problem. Is there anywhere else I can look, or does this indicated that the problem is not stemming from an SELinux permission problem? Thanks again for the help! 

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux