awstats munged httpd rights in SElinux, how to fix?

Gene Heskett gene.heskett at verizon.net
Thu Jul 31 21:41:44 UTC 2008 

On Thursday 31 July 2008, Tim wrote:
>Tim:
>>> Sounds more like Apache problems, not AWStats, this is Apache failing to
>>> start.  AWStats just reads the logs, *separately*.  As a regular cron
>>> job, as I recall.  Though it can be fired up on demand.
>
>Gene Heskett:
[...]
>AWStats produces a set of webpages with statistics that you can login
>and view.  See the screenshots on <http://awstats.sourceforge.net/>.
>
[...]

>NB:  I've done this with a spinning headache, so you ought to be able to
>manage this as well, without my headache.

ouch, like my aching back, thats not good at all, mine is from 70+ years of 
abuse & 25 extra pounds, does your's have a reason?
[...]
>I mention an alternative stats program, since webalizer seems to be
>installed by default, and it can be handy to have a look at more than
>one analyzer, to see which results you like reading better.

I see that is installed, but finding a viewer for it seems to be purely by 
accident, it opened ELinks, whatever that is, when I clicked on its july 
report from within midnight commander.

Grumble...  Question for the webalizer folks then?  Why is there not a link to 
the viewer in the k-menu's?

Having it installed, but effectively unavailable doesn't make a lot of sense 
to me.  If there had been such a menu entry, its likely I would have used it 
rather than doing a freshmeat search for the newest, highly rated such tool & 
then went hunting in yumex for a suitable rpm.  But, OTOH, this IS linux, go 
find your own tools, but linking a name to a function doesn't seem to be a 
strong point in linux either.

I've not looked at either enough to develop a love affair with either of them 
just yet.

>> Also, what user does the cron entry belong to?
>
>[root at gonzales ~]# ll /etc/cron.hourly/awstats
>-rwxr-xr-x 1 root root 188 2008-07-22 06:50 /etc/cron.hourly/awstats
>
So thats good.

>[root at gonzales ~]# ll -Z /etc/cron.hourly/awstats
>-rwxr-xr-x  root root system_u:object_r:bin_t:s0      
> /etc/cron.hourly/awstats
>
>How did it originally set itself up as?

ls -l /etc/awstats/:
-rw-r--r-- 1 root root 62137 2008-07-30 17:28 awstats.coyote.coyote.den.conf
-rw-r--r-- 1 root root 62130 2008-07-21 17:17 
awstats.localhost.localdomain.conf
-rw-r--r-- 1 root root 62130 2008-07-21 17:17 awstats.model.conf

And I haven't touched what the rpm installed.

And its output is at:
http://localhost/awstats/awstats.pl?config=coyote.coyote.den

Since I'm running an oddball port # to the outside world, I was rather 
surprised to see the googlebot was there every day this last month.

>>> Are you still using your computer as root, and messing up file and
>>> directory ownerships as you go along?
>>
>> Here and there.  If fedora would give me what I want to do, I'd use it as
>> is, but it doesn't.
>
>Generally, I find it does.  I only "su -" to reconfigure things.  But
>once you stay as root while doing things, you paint yourself into a
>corner.

It would appear to be the natural result.  Some of this started when I tried 
to build OpenMovieEditor, and F8 apparently doesn't have enough GLX stuff to 
build it, 8 OpenGL functions seem to have been stripped from the library by 
RedHat.  Reason?  Damned if I know.  See some of my posts in that thread.
This is however, a perfect example of the major reason I do run as root,  its 
a hell of a lot easier to fix stuff they've silently broken in what I view as 
just as flagrant a market lockin as M$ is famous for doing.

Why else would they strip 8 function calls out of the OpenGL stuff?

>I also leave SELinux as default (enabled and targeted).  I might
>temporarily disable it to see if it made a difference to something I was
>trying to beat into submission, but it goes back on again once I work
>out where any problems were.

Its been enabled/targetted here non-stop for 4 or 5 months, and things were 
humming right along, till 2.6.27-rc1.  I've rebuilt it without the IPsec 
options for selinux now, but haven't rebooted, I've been busy saying magic 
incantations and making shingles appear, all nailed down, on a new 16x26 
garage roof. All that magic sure makes me sweat though, and working through a 
half hours light drizzle didn't help.  Another 10 shingles or so and the 
front half is done, but I need to do all the trim around the edges for the 
back half before I can step over the peak with shingles in hand.

>I had no SELinux issues while using either of these stats analysers.

I think I, in my haste, pointed too many fingers.  The one I pointed at 
awstats was in error.  This is a 2.6.27-rc1 (straight from kernel.org) 
problem.  The selinux guys are poking at it now I believe, but not sure, its 
been quite a few hours since I got up from this keyboard around 10:30ish this 
morning.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
After your lover has gone you will still have PEANUT BUTTER!

More information about the fedora-list mailing list