awstats munged httpd rights in SElinux, how to fix?
Gene Heskett
gene.heskett at verizon.net
Thu Jul 31 21:41:44 UTC 2008
On Thursday 31 July 2008, Tim wrote:
>Tim:
>>> Sounds more like Apache problems, not AWStats, this is Apache failing to
>>> start. AWStats just reads the logs, *separately*. As a regular cron
>>> job, as I recall. Though it can be fired up on demand.
>
>Gene Heskett:
[...]
>AWStats produces a set of webpages with statistics that you can login
>and view. See the screenshots on <http://awstats.sourceforge.net/>.
>
[...]
>NB: I've done this with a spinning headache, so you ought to be able to
>manage this as well, without my headache.
ouch, like my aching back, thats not good at all, mine is from 70+ years of
abuse & 25 extra pounds, does your's have a reason?
[...]
>I mention an alternative stats program, since webalizer seems to be
>installed by default, and it can be handy to have a look at more than
>one analyzer, to see which results you like reading better.
I see that is installed, but finding a viewer for it seems to be purely by
accident, it opened ELinks, whatever that is, when I clicked on its july
report from within midnight commander.
Grumble... Question for the webalizer folks then? Why is there not a link to
the viewer in the k-menu's?
Having it installed, but effectively unavailable doesn't make a lot of sense
to me. If there had been such a menu entry, its likely I would have used it
rather than doing a freshmeat search for the newest, highly rated such tool &
then went hunting in yumex for a suitable rpm. But, OTOH, this IS linux, go
find your own tools, but linking a name to a function doesn't seem to be a
strong point in linux either.
I've not looked at either enough to develop a love affair with either of them
just yet.
>> Also, what user does the cron entry belong to?
>
>[root at gonzales ~]# ll /etc/cron.hourly/awstats
>-rwxr-xr-x 1 root root 188 2008-07-22 06:50 /etc/cron.hourly/awstats
>
So thats good.
>[root at gonzales ~]# ll -Z /etc/cron.hourly/awstats
>-rwxr-xr-x root root system_u:object_r:bin_t:s0
> /etc/cron.hourly/awstats
>
>How did it originally set itself up as?
ls -l /etc/awstats/:
-rw-r--r-- 1 root root 62137 2008-07-30 17:28 awstats.coyote.coyote.den.conf
-rw-r--r-- 1 root root 62130 2008-07-21 17:17
awstats.localhost.localdomain.conf
-rw-r--r-- 1 root root 62130 2008-07-21 17:17 awstats.model.conf
And I haven't touched what the rpm installed.
And its output is at:
http://localhost/awstats/awstats.pl?config=coyote.coyote.den
Since I'm running an oddball port # to the outside world, I was rather
surprised to see the googlebot was there every day this last month.
>>> Are you still using your computer as root, and messing up file and
>>> directory ownerships as you go along?
>>
>> Here and there. If fedora would give me what I want to do, I'd use it as
>> is, but it doesn't.
>
>Generally, I find it does. I only "su -" to reconfigure things. But
>once you stay as root while doing things, you paint yourself into a
>corner.
It would appear to be the natural result. Some of this started when I tried
to build OpenMovieEditor, and F8 apparently doesn't have enough GLX stuff to
build it, 8 OpenGL functions seem to have been stripped from the library by
RedHat. Reason? Damned if I know. See some of my posts in that thread.
This is however, a perfect example of the major reason I do run as root, its
a hell of a lot easier to fix stuff they've silently broken in what I view as
just as flagrant a market lockin as M$ is famous for doing.
Why else would they strip 8 function calls out of the OpenGL stuff?
>I also leave SELinux as default (enabled and targeted). I might
>temporarily disable it to see if it made a difference to something I was
>trying to beat into submission, but it goes back on again once I work
>out where any problems were.
Its been enabled/targetted here non-stop for 4 or 5 months, and things were
humming right along, till 2.6.27-rc1. I've rebuilt it without the IPsec
options for selinux now, but haven't rebooted, I've been busy saying magic
incantations and making shingles appear, all nailed down, on a new 16x26
garage roof. All that magic sure makes me sweat though, and working through a
half hours light drizzle didn't help. Another 10 shingles or so and the
front half is done, but I need to do all the trim around the edges for the
back half before I can step over the peak with shingles in hand.
>I had no SELinux issues while using either of these stats analysers.
I think I, in my haste, pointed too many fingers. The one I pointed at
awstats was in error. This is a 2.6.27-rc1 (straight from kernel.org)
problem. The selinux guys are poking at it now I believe, but not sure, its
been quite a few hours since I got up from this keyboard around 10:30ish this
morning.
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
After your lover has gone you will still have PEANUT BUTTER!
More information about the fedora-list
mailing list