awstats munged httpd rights in SElinux, how to fix?

Thu Jul 31 05:28:58 UTC 2008

Tim:
>> Sounds more like Apache problems, not AWStats, this is Apache failing to
>> start.  AWStats just reads the logs, *separately*.  As a regular cron
>> job, as I recall.  Though it can be fired up on demand.

Gene Heskett:
> Actually, its something in the new 2.6.27-rc1 kernel that is stopping it.
> I just rebooted to 2.6.26 final, and its happy as a clam.  The 2.6.27-rc1 
> kernel has some newer options targeted at net security that I haven't quite 
> grokked yet.

You're using non-Fedora kernels?  I don't see that one offered to me.
If so, I'm not too surprised if things break, Fedora will have modified
kernels to suit how their distro works, they all have their quirks.

> Back to awstats, where does this output show up?  As a web page on localhost, 
> or something it takes mrtg to look at?

AWStats produces a set of webpages with statistics that you can login
and view.  See the screenshots on <http://awstats.sourceforge.net/>.

You'd have to look at the configuration details inserted into Apache's
configuration, to see where it comes from.

I hadn't installed it, but it's on my hosted website, so I'm familiar
with using it.  I'm installing it now, to have a look at how it actually
works.  I've got it running, and with no errors.  Though I had to tweak
two settings in a /etc/awstats/awstats.localhost.conf configuration file
to suit my website (localhost, for this test - setting the sitedomain
directive to localhost, and for it to *NOT* skip results from 127.0.0.1,
by putting some other bogus IP in the skiphosts directive).

NB:  I've done this with a spinning headache, so you ought to be able to
manage this as well, without my headache.

Looking at its configuration files, it serves static content out
of /usr/share/awstats/, dynamic content from /var/lib/awstats/, and
you'd view results <http://localhost/awstats/awstats.pl?config=sitename>
(changing "sitename" to the sitename set in the configuration file
inside /etc/awstats/).

As a comparison, I have previously installed webalizer, and that stores
its statistics in /var/lib/webalizer, and generates HTML for viewing the
stats in /var/www/usage, and its results at <http://localhost/usage/>.
This worked without my customising it, though I would go ahead and do
so, to stop it showing things like CSS and JPEG files as "page" results.

And if you use use virtual hosts to serve different websites from the
same webserver software, you'd want to customise your stats program to
separate the results.

I mention an alternative stats program, since webalizer seems to be
installed by default, and it can be handy to have a look at more than
one analyzer, to see which results you like reading better.

> Also, what user does the cron entry belong to?

[root at gonzales ~]# ll /etc/cron.hourly/awstats
-rwxr-xr-x 1 root root 188 2008-07-22 06:50 /etc/cron.hourly/awstats

[root at gonzales ~]# ll -Z /etc/cron.hourly/awstats
-rwxr-xr-x  root root system_u:object_r:bin_t:s0       /etc/cron.hourly/awstats

How did it originally set itself up as?

>> Are you still using your computer as root, and messing up file and
>> directory ownerships as you go along?

> Here and there.  If fedora would give me what I want to do, I'd use it as is, 
> but it doesn't.

Generally, I find it does.  I only "su -" to reconfigure things.  But
once you stay as root while doing things, you paint yourself into a
corner.

I also leave SELinux as default (enabled and targeted).  I might
temporarily disable it to see if it made a difference to something I was
trying to beat into submission, but it goes back on again once I work
out where any problems were.

I had no SELinux issues while using either of these stats analysers.

-- 
[tim at localhost ~]$ uname -r
2.6.25.11-97.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.