Web Sever Root - And Passwd Entry

General support questions
Post Reply
finelock
Posts: 4
Joined: 2022/09/30 11:29:52

Web Sever Root - And Passwd Entry

Post by finelock » 2022/09/30 12:44:27

I am trying to move from Debain 8 to Centos 7.9, the problem is

On Debain, httpd.conf has Document root at /var/www/html
group = www.data
owner = www-data

in the passwd file it has user = www-data /var/www/html , and group file set to www-data

But on Centos httpd.com Document root /var/www/html
group = apache
user = apache

passwd file has user apache but it folder is /usr/share/httpd , and group file set to apache

the software calls a log file to read from /var/log/radio/radio.log

the software uses grep on the log file but it cannot open it to read it.

Any ideas please..Alan

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Web Sever Root - And Passwd Entry

Post by TrevorH » 2022/09/30 14:18:58

The username is just a simple change. The home directory doesn't really matter since it doesn't use it, it uses Docroot from the config file to work out its docroot. More likely it is selinux stopping your software from doing things that look like a hacker trying to break in to your system. Check the output from aureport -a and see if there are entries timed around the time of your last attempt. If there are, take the number off the right hand end of each line and plug that into ausearch -a nnnn where nnnn is the number.

To test if it is selinux, the easy thing is to run setenforce 0 as root and selinux will now just log problems but not actually stop anything. If this works then the problem is selinux but now you have a nice /var/log/audit/audit.log full of all the things it tried to do and was not allowed to.

You can then generate your own policy by running grep -i avc /var/log/audit/audit.log | audit2allow -M myradiosite. You might want to run service auditd rotate first to make sure that only the things done by your web server are in the log to start with. That will create myradiosite.te which is plain text and can be read and a myradiosite.pp file which can be added to the system using semodule -i myradio.pp and if all is well, you cna now setenforce 1 and retry and the problem should be fixed. If it's selinux...

It's also possible that you haven't given your user permission to read all the way down the filesystem to the file you want it to get to. Runnamei -l /var/log/radio/radio.log and you will see a nice tree of all the paths leading down to radio.log and their permissions. Your apache user will need to be able to read inside each directory all the way down to the log file.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

finelock
Posts: 4
Joined: 2022/09/30 11:29:52

Re: Web Sever Root - And Passwd Entry

Post by finelock » 2022/09/30 14:29:14

Good Afternoon TrevorH

Thank for your in-depth reply, it was very interesting, are all those commands in a package
or must they be installed one at a time... as i tried running them, and they cant be found

Thank you for your help, Alan

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Web Sever Root - And Passwd Entry

Post by TrevorH » 2022/09/30 15:34:16

To find things like that run e.g yum provides '*/*bin/aureport and that will list the package(s) that supply the things that match that pattern. Pick the most likely looking package and install it with yum.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

finelock
Posts: 4
Joined: 2022/09/30 11:29:52

Re: Web Sever Root - And Passwd Entry

Post by finelock » 2022/10/01 06:47:36

This will give you an idea of the problem using one of your commands

time->Fri Sep 30 08:12:59 2022
type=PROCTITLE msg=audit(1664521979.428:212): proctitle=67726570002D45002D680052656365697665647C7761746368646F67002F7661722F6C6F672F5953465265666C6563746F722F5953465265666C6563746F722D323032322D30392D33302E6C6F67
type=SYSCALL msg=audit(1664521979.428:212): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=7ffe2d8c3f35 a2=0 a3=0 items=0 ppid=1521 pid=1522
auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="grep" exe="/usr/bin/grep" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1664521979.428:212): avc: denied { read } for pid=1522 comm="grep" name="Radio_log-2022-09-30.log" dev="dm-0" ino=73200
scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Web Sever Root - And Passwd Entry

Post by TrevorH » 2022/10/01 10:46:56

That is not the output from the commands I pointed you to. That looks more like the raw data from the audit log. But it shows that you tried to read Radio_log-2022-09-30.log using grep and grep was running with the source context system_u:system_r:httpd_t and that it tried to access something labelled system_u:object_r:var_log_t.

Your log file needs to be set to use system_u:object_r:httpd_log_t not system_u:object_r:var_log_t. You need to use the semanage command to add a rule that tells it to assign system_u:object_r:httpd_log_t to files under /var/log/radio. That would be done by running something like /usr/sbin/semanage fcontext -a -ff -t httpd_log_t '/var/log/radio(/.*)?'

Or you could just log to /var/log/httpd instead and it'll probably just work though that might need permission changes at the filesystem level.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

finelock
Posts: 4
Joined: 2022/09/30 11:29:52

Re: Web Sever Root - And Passwd Entry

Post by finelock » 2022/10/01 10:57:35

Hi Trevor

I hope I am not boring you, tell me to go away if you get feed up...

I used this as it was the first in the list

Check the output from aureport -a and see if there are entries timed around the time of your last attempt. If there are, take the number off the right hand end of each line and plug that into ausearch -a nnnn where nnnn is the number.

and I selected the first it in the list and ran ausearch -a 231

And thats where the output come from, Sorry if that was not the way to go...

All the best from Alan & Thank you.

Post Reply