[SOLVED] SELinux Troubleshooter - not receiving alerts

Support for security such as Firewalls and securing linux
Post Reply
am2605
Posts: 2
Joined: 2012/04/01 00:21:15

[SOLVED] SELinux Troubleshooter - not receiving alerts

Post by am2605 » 2012/04/01 03:33:13

Hi,

I have installed Centos 6 (via Desktop option from graphical installer) and since patched it with all available updates using the commend:

yum -y update

I am not trying to set it up as a web development workstation, with Apache, JBoss and mod_jk.

I'm having some errors with mod_jk which must be related to SELinux because if I disable SELinux they go away and everything works as expected. The errors from the mod_jk log are:

[quote]
[Sun Apr 01 12:31:48 2012] [3220:140708033255392] [error] ajp_send_request::jk_ajp_common.c (1630): (risedev) connecting to backend failed. Tomcat is probably not started or is listening on the wrong port (errno=13)
[Sun Apr 01 12:31:48 2012] [3220:140708033255392] [info] ajp_service::jk_ajp_common.c (2607): (risedev) sending request to tomcat failed (recoverable), because of error during request sending (attempt=2)
[Sun Apr 01 12:31:48 2012] [3220:140708033255392] [error] ajp_service::jk_ajp_common.c (2626): (risedev) connecting to tomcat failed.
[Sun Apr 01 12:31:48 2012] [3220:140708033255392] [info] jk_handler::mod_jk.c (2678): Service error=-3 for worker=risedev
[/quote][Moderator edit: Changed [i]code[/i] to [i]quote[/i] tags to wrap long lines.]

Previously in Fedora SELinux has popped up a notification in Gnome when it has blocked anything and offered a solution. Unfortunately these notifications are not being shown to me in this install.

To try and get this same behaviour, I have installed:

setroubleshoot and policycoreutils-gui

however it hasn't started showing the SELinux alerts.

Additionally, I read this can show you the SELinux alerts from the command line:

[code]
sealert -a /var/log/audit/audit.log > /path/to/mylogfile.txt
[/code]

However, the file /var/log/audit/audit.log does not exist. The directory /var/log/audit is present, but has no contents.

I tried adding audit=1 to my grub to the boot line in grub, but that has not changed anything either.

Can anyone please suggest what may be wrong here,and how I can enable the SELinux alerts?

Many thanks,
Andrew.

am2605
Posts: 2
Joined: 2012/04/01 00:21:15

Re: SELinux Troubleshooter - not receiving alerts

Post by am2605 » 2012/04/01 11:37:02

I've since found the problem. auditd was not running. Now I've enabled this I'm receiving the alerts I expected to see.

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

[SOLVED] SELinux Troubleshooter - not receiving alerts

Post by pschaff » 2012/04/01 13:44:36

Welcome to the CentOS fora. Please see the recommended reading for new users linked in my signature.

Thanks for reporting back with your own solution. Marking this thread [SOLVED] for posterity.

Post Reply

Return to “CentOS 6 - Security Support”